Hi!
On 08/10/20 19:31, G.W. Haywood via clamav-users wrote:
Hi there,
On Thu, 8 Oct 2020, mum laris via clamav-users wrote:
[...]
Not at all what I meant. In the distribution, these default to 'yes':
8<----------------------------------------------------------------------
$ grep '#Alert' /usr/local/etc/clamd.conf.sample
#AlertBrokenExecutables yes
#AlertEncrypted yes
#AlertEncryptedArchive yes
#AlertEncryptedDoc yes
#AlertOLE2Macros yes
#AlertPhishingSSLMismatch yes
#AlertPhishingCloak yes
#AlertPartitionIntersection yes
#AlertExceedsMax yes
8<----------------------------------------------------------------------
but in your clamconf output I see this:
8<----------------------------------------------------------------------
$ grep Alert clamconf
AlertExceedsMax disabled
HeuristicAlerts = "yes"
AlertBrokenExecutables disabled
AlertEncrypted disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
8<----------------------------------------------------------------------
You might want to know about some of those things rather than have
clamd potentially ignore them, especially if you have Windoze boxes.
Trying new features enabled ... I'll let You know!
/dev/sdaX: clean, 545729/6553600 files, 21748990/26214400 blocks
OK. I hope the SSD is backed up regularly to some other medium.
twice in a year... no more! :)
file FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F
FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F: gzip compressed data, from
Unix
...
... please let me know if You think further analysis' needed.
Well it's a compressed file, you could try testing it using gzip.
Check the gzip man page for how to do that. If it tests out OK then
you could extract the contents (gunzip) and see if it's anything you
can make sense of. If not a little more digging might be needed.
from size ... may be a youtube cached file as You supposed from starting?
If answer is yes I doubt to be able to rebuild it... :)
> gzip -vtl FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F
method crc date time compressed uncompressed
ratio uncompressed_name
defla 00310064 Oct 6 18:52 435807 1383269888
100.0% FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F
So you're no more relaxing my thoughts...
That's good. :)
Thanks anyway!
:)
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
