Copied from Quarantine Manager:
/Users/gjp22/Applications/…/gjp22/Desktop/suspects/eicarcom2.zip [eicar_com.zip/eicar.com]
With the ellipsis in Quarantine Manager I can't guess the path, so instead from a Console view of the log:
2010-11-03 08:11:45 +0000 Threat: 'EICAR-AV-Test' detected in /Users/gjp22/Applications/Microsoft Internet Explorer 8.app/Contents/Resources/dosdevices/c:/users/gjp22/Desktop/suspects/eicar.com2010-11-03 08:11:45 +0000 Threat: 'EICAR-AV-Test' detected in /Users/gjp22/Applications/Microsoft Internet Explorer 8.app/Contents/Resources/dosdevices/c:/users/gjp22/Desktop/suspects/eicar.com
A directory listing:
[macbookpro08:Contents/Resources/dosdevices] gjp22% pwd /Users/gjp22/Applications/Microsoft Internet Explorer 8.app/Contents/Resources/dosdevices [macbookpro08:Contents/Resources/dosdevices] gjp22% ls -l total 64 lrwxr-xr-x 1 gjp22 staff 10 1 Jun 15:53 c: -> ../drive_c lrwxr-xr-x 1 gjp22 staff 27 1 Jun 15:56 d: -> /Volumes/OpenOffice.org 3.2 lrwxr-xr-x 1 gjp22 staff 13 1 Jun 15:54 d:: -> /dev/rdisk5s2 lrwxr-xr-x 1 gjp22 staff 19 1 Jun 15:56 e: -> /Volumes/VirtualBox lrwxr-xr-x 1 gjp22 staff 13 1 Jun 15:54 e:: -> /dev/rdisk4s2 lrwxr-xr-x 1 gjp22 staff 12 1 Jun 15:56 f: -> /Users/gjp22 lrwxr-xr-x 1 gjp22 staff 13 1 Jun 15:54 f:: -> /dev/rdisk3s2 lrwxr-xr-x 1 gjp22 staff 1 1 Jun 15:57 z: -> /
Following of symlinks is unexpected.
AFAICT:
- following the c: may cause my home directory to be scanned twice
- following the z: may cause my computer to be scanned twice
- following the f: may cause my home directory to be scanned yet again (four times in total).
In the GUI I see no option to suppress the follow.
Does the GUI default to both of the following?
--follow-symlinks
and
--backtrack-protection
This thread was automatically locked due to age.
