Hi there, On Thu, 8 Oct 2020, mum laris via clamav-users wrote:
thanks for your quick answer.
Er, my answer is below. On a mailing list, check the subject lines. :)
Attached required report.
On a quick glance I wonder why clamconf didn't find freshclam.conf. Are you running freshclam? You might want to enable the 'encrypted' alerts for archives etc. as encrypted douments which contain malware seem to be much more common recently but it's mostly Windows malware. Earlier On Thu, 8 Oct 2020, mum laris via clamav-users wrote:
Just to better understand, I've recently noted that cache scanning of my firefox browser reports many errors like this: ... Can't parse data ERROR
This could be one of those cases where ClamAV leads you on a dance to no purpose. You might get more information if you try scanning the file with debugging and verbose logging enabled, but it's not certain to give you an answer. Some of the error reporting in ClamAV could be improved, it's an on-going development task but it will take time. Most utilities are designed to handle just a few file types. Think of a word processor for example, it might need to handle quite a few, but there are many it won't handle at all. Because of what it's asked to do, ClamAV needs to be able to handle more or less *anything*. And it has to be able to handle them whether they're on disc, in mail, or as a bare stream of data, *and* it's expecting whatever it scans also to be a malicious example of the type. That's a tall order. There's a long list of code modules which just process different file types for the scanning engine to scan. It's a fair job of work just to maintain them - to keep them in step with developments in the many and various specifications and fix occasional faults in them. Look at the list archives and you'll see a mention of that in the last couple of days. Having said that there might not be any fault in ClamAV. Random data can appear to a file classifier to be more or less any type of file. It might just be that ClamAV is being unavoidably confused by a chunk of random data which resembles something it isn't. The chances might be small, but they're not zero. Browsers in particular have a habit of storing huge numbers of files which most of us would have trouble identifying. Much of the time the files are written speculatively to local storage 'just in case' they might be used again, but never are. It might even be a filesystem or system error, although I'm not sure how likely that is without more information. I'd expect there to be other indications of that sort of thing. What's the storage device? Is it near its best-before date? Are you familiar with 'fsck'?
I've checked and it's a regular file. But it's content isn't a plain text file.
It could be almost anything. You can use the 'file' utility for more information. It might be a compressed file or something like that and it might be broken. Anything as bloated and complex as the graphical browsers of the 21st century is almost expected to leave broken files lying around the filesystem when it trips over its own great big feet.
I'm almost sure not happened before...
Maybe it's happening now because of an update to the browser version. Maybe it's because you updated ClamAV or changed its configuration, or changed something else. If it is just an odd log message now and then I'd ignore it unless I had time on my hands to investigate. If it's a lot more than that then it might tell you that something needs fixing, but it would need some investigation. You could put some files on a file sharing site and post a link here to see if anyone wants to take up the challenge but if you do that, please make sure that you won't be posting anything you want to keep private. Some browsers will store gigabytes of junk for years. You can tell them to delete the cache, or restrict the size of the cache, which will at least mean it takes a lot less time to scan. You could tell ClamAV not to scan it, but as it might be one of the more likely places on the system to find threats, if you're concerned about them I wouldn't want to go so far as that. As long as your system - and particularly your browser - is kept up to date with security patches, and you're sensible about where and what you browse, and if the storage devices etc. are generally healthy, you shouldn't need to worry too much. Most of the alerts from ClamAV will either be false alarms, warnings about exceeding some limit or other, or for Windows things to which a Linux box is immune. If ClamAV does find something in the browser cache which is a threat to your browser, it's probably already too late to stop it doing its nasty work. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
