[clamav-users] recently noted that scanning firefox browser cache reports many errors

mum laris mum_laris at hotmail.com
Fri Oct 9 17:13:12 UTC 2020 

Hi!

On 08/10/20 19:31, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Thu, 8 Oct 2020, mum laris via clamav-users wrote:
> [...]

> Not at all what I meant.  In the distribution, these default to 'yes':
>
> 8<----------------------------------------------------------------------
> $ grep '#Alert' /usr/local/etc/clamd.conf.sample 
> #AlertBrokenExecutables yes
> #AlertEncrypted yes
> #AlertEncryptedArchive yes
> #AlertEncryptedDoc yes
> #AlertOLE2Macros yes
> #AlertPhishingSSLMismatch yes
> #AlertPhishingCloak yes
> #AlertPartitionIntersection yes
> #AlertExceedsMax yes
> 8<----------------------------------------------------------------------
>
> but in your clamconf output I see this:
>
> 8<----------------------------------------------------------------------
> $ grep Alert clamconf
> AlertExceedsMax disabled
> HeuristicAlerts = "yes"
> AlertBrokenExecutables disabled
> AlertEncrypted disabled
> AlertEncryptedArchive disabled
> AlertEncryptedDoc disabled
> AlertOLE2Macros disabled
> AlertPhishingSSLMismatch disabled
> AlertPhishingCloak disabled
> AlertPartitionIntersection disabled
> 8<----------------------------------------------------------------------
>
> You might want to know about some of those things rather than have
> clamd potentially ignore them, especially if you have Windoze boxes.

Trying new features enabled ... I'll let You know!

>
>> /dev/sdaX: clean, 545729/6553600 files, 21748990/26214400 blocks
>
> OK.  I hope the SSD is backed up regularly to some other medium.
twice in a year... no more! :)
>
>> file FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F
>> FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F: gzip compressed data, from 
>> Unix
>> ...
>> ... please let me know if You think further analysis' needed.
>
> Well it's a compressed file, you could try testing it using gzip.
> Check the gzip man page for how to do that.  If it tests out OK then
> you could extract the contents (gunzip) and see if it's anything you
> can make sense of.  If not a little more digging might be needed.
>
from size ... may be a youtube cached file as You supposed from starting?

If answer is yes I doubt to be able to rebuild it... :)

 > gzip -vtl FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F

method  crc     date  time           compressed        uncompressed 
ratio uncompressed_name
defla 00310064 Oct  6 18:52              435807          1383269888 
100.0% FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F

>> So you're no more relaxing my thoughts...
>
> That's good. :)
>
Thanks anyway!

:)

More information about the clamav-users mailing list