Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 6776 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Corrupt file:" Error Message in View Scan Log

V9gil1nt5p0Ss3

What does "Corrupt file:" mean, and what should I do about the files Sophos marks as "corrupt"?

When I do scans and look at the scan log I get this "Corrupt file:" error message (see below).  In this case it found 32 "Corrupt file(s)" but no threats.  

2012-05-18 23:40:28 -0600 Corrupt file: /Users/name/Library/Mail/Mailboxes/TopEnclosureOnMyMac/Family.mbox/Attachments/6648098/2/Thesis July 8.doc

2012-05-19 00:53:16 -0600 Corrupt file: /Users/.name/name.sparsebundle/bands/166f

2012-05-19 00:56:39 -0600 Corrupt file: /Users/.name/name.sparsebundle/bands/3625

Scan completed at 2012-05-19 03:58:10 -0600.

1919890 items scanned, 0 threats detected, 32 issues

:1007269


This thread was automatically locked due to age.
Parents
  • 0
    Rumboogy wrote:

    How exaclty does Sophos decide that a file is "corrupt"?  Disk Utility scans the file system and does not find any corrupt files.  So why does Sophos?

    Disk Utility does not scan for corrupt files -- it scans for corrupt filesystems.  If the actual volume data is corrupted, Disk Utility will find that and attempt to repair it. 

    Sophos has its own True Filetype engine that identifies many types of files by their internal structure -- and if the structure starts off with a header indicating it's one type of file, and then contains a structure that doesn't match, it complains that the file is corrupt.  The common place you'll see this is with truncated files, where the header of the file references a part of the file that is past the end of the file's actual size.

    Note that this is purely checking file structure... so a file can still have corrupted data and not be detected as corrupt by Sophos. 

    Conversely, if a file type has had an update and can now contain an alternate structure (this happens with Apple's XAR archives [used in installer packages] from time to time), a file may be detected as corrupt when it's just a variant of the file type that Sophos doesn't know how to parse yet.

    Another extremely useful tool to use to check for corruption is plutil, a command-line tool that can be used to scan .plist files for corruption, and often repair them.

    :1009182
Reply
  • 0
    Rumboogy wrote:

    How exaclty does Sophos decide that a file is "corrupt"?  Disk Utility scans the file system and does not find any corrupt files.  So why does Sophos?

    Disk Utility does not scan for corrupt files -- it scans for corrupt filesystems.  If the actual volume data is corrupted, Disk Utility will find that and attempt to repair it. 

    Sophos has its own True Filetype engine that identifies many types of files by their internal structure -- and if the structure starts off with a header indicating it's one type of file, and then contains a structure that doesn't match, it complains that the file is corrupt.  The common place you'll see this is with truncated files, where the header of the file references a part of the file that is past the end of the file's actual size.

    Note that this is purely checking file structure... so a file can still have corrupted data and not be detected as corrupt by Sophos. 

    Conversely, if a file type has had an update and can now contain an alternate structure (this happens with Apple's XAR archives [used in installer packages] from time to time), a file may be detected as corrupt when it's just a variant of the file type that Sophos doesn't know how to parse yet.

    Another extremely useful tool to use to check for corruption is plutil, a command-line tool that can be used to scan .plist files for corruption, and often repair them.

    :1009182
Children
No Data