Yeah...that's a disturbing thought to say the least. Here I was thinking that all was well if I scanned my zip files...with scanning all would be ok. How wrong I was...

This vulnerability was discovered by Mark Tesla and Chad Loder of Rapid7, a security software and consulting company that has created ZIP files that test how well different products deal with the long filenames the ZIP specification allows--and the news isn't encouraging. "Bzzt! Thank you for playing Security Bingo. Eliminated in this round are Microsoft, Apple, and IBM." All of these companies, and a host of others, make software that could be compromised by ZIP files. The application programmers have all made the same mistake of ignoring how the ZIP format works, using libraries and components that accommodate filenames only up to the OS maximum length (512 bytes for Windows, for example) instead of the 64K limit in the ZIP specification.

What's really alarming is the vulnerability to e-mail viruses. So far, every mail gateway virus scanner Rapid7 has tested lets a virus test file sneak right through if it's in a ZIP file with long filenames--the gateway scanners only catch the test files that are embedded in a "standard" ZIP file with short entry names.
The original article I read can be found

here.