Symantec reports that most of their av products have a security issue in conjunction with prepared archive files. These could bypass the virus scanner because the file format is not correct but the operating system is still able to etract the files.
Also Frisk (F-Prot), Norman and Ikarus published updates to similar problems in their products.
Kaspersky silently deployed updates to a parsing bug that prevented to identify pdf files if the magic string %PDF
was missing. Adobe Reader still opens such files and worse, executes any JavaScript in it.
The security specialist Thiery Zoller found and reported several security bugs to the antivirus vendors.
Update: ClamAV has also released a new version of their scanner. ClamAV 0.95.2 fixes problems in file archive processing.
References:
- Symantec report: Specifically Crafted Archive Files can Bypass Initial Scans
- Thiery Zoller about Kaspersky PDF evasion
- ClamAV announces Version 0.95.2