Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 6776 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Corrupt file:" Error Message in View Scan Log

V9gil1nt5p0Ss3

What does "Corrupt file:" mean, and what should I do about the files Sophos marks as "corrupt"?

When I do scans and look at the scan log I get this "Corrupt file:" error message (see below).  In this case it found 32 "Corrupt file(s)" but no threats.  

2012-05-18 23:40:28 -0600 Corrupt file: /Users/name/Library/Mail/Mailboxes/TopEnclosureOnMyMac/Family.mbox/Attachments/6648098/2/Thesis July 8.doc

2012-05-19 00:53:16 -0600 Corrupt file: /Users/.name/name.sparsebundle/bands/166f

2012-05-19 00:56:39 -0600 Corrupt file: /Users/.name/name.sparsebundle/bands/3625

Scan completed at 2012-05-19 03:58:10 -0600.

1919890 items scanned, 0 threats detected, 32 issues

:1007269


This thread was automatically locked due to age.
  • 0

    In most cases, it means exactly what it says: the file is damaged in some way, and should be replaced with a known-good copy.

    However, it can also in rare cases just mean that the file is very similar to a known filetype, but is different in some way that makes it unparsable by the scanner.

    Do you know what these files are?  The first one's a word document email attachment that is likely damaged (best to save as if you want to keep the content) and the second two look slightly dodgy -- they're hidden in a sparsebundle inside a hidden folder in your /Users/ folder (which should only contain the Shared folder and a folder for each user registered on your machine).

    You can ignore files marked as corrupt, but I'd suggest running Disk Utility to verify your data integrity, and find good backups to restore of files that are flagged if you can.

    :1007271
  • 0

    How exaclty does Sophos decide that a file is "corrupt"?  Disk Utility scans the file system and does not find any corrupt files.  So why does Sophos?

    :1009180
  • 0
    Rumboogy wrote:

    How exaclty does Sophos decide that a file is "corrupt"?  Disk Utility scans the file system and does not find any corrupt files.  So why does Sophos?

    Disk Utility does not scan for corrupt files -- it scans for corrupt filesystems.  If the actual volume data is corrupted, Disk Utility will find that and attempt to repair it. 

    Sophos has its own True Filetype engine that identifies many types of files by their internal structure -- and if the structure starts off with a header indicating it's one type of file, and then contains a structure that doesn't match, it complains that the file is corrupt.  The common place you'll see this is with truncated files, where the header of the file references a part of the file that is past the end of the file's actual size.

    Note that this is purely checking file structure... so a file can still have corrupted data and not be detected as corrupt by Sophos. 

    Conversely, if a file type has had an update and can now contain an alternate structure (this happens with Apple's XAR archives [used in installer packages] from time to time), a file may be detected as corrupt when it's just a variant of the file type that Sophos doesn't know how to parse yet.

    Another extremely useful tool to use to check for corruption is plutil, a command-line tool that can be used to scan .plist files for corruption, and often repair them.

    :1009182