[goldsteinq]

So the first scenario is also basically “automatic scanner bypass”? That answers my question, yes.

> making a tar file that when inspected looks fine

Am I correct in understanding that manual inspection would reveal a nested .tar archive (so recursive inspection of nested archives should be enough)?

[denhamparry]

It is possible to exploit this bug by crafting a file that has tar contents without a header, thus making it hard to detect even with recursive archives.