This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Corrupted files-ok to ignore?

Hello,

 

I ran sophos anti-virus on my macbook air (2015, running 10.14.2 mojave) and got the following log:

2019-04-04 15:19:51 -0700 Issue: 'encrypted file' detected in '/usr/local/lib/node_modules/expo-cli/node_modules/@expo/traveling-fastlane-darwin/traveling-fastlane-1.8.0-osx/lib/vendor/ruby/2.2.0/gems/rubyzip-1.2.2/test/data/zipWithEncryption.zip'
2019-04-04 15:22:49 -0700 Issue: 'corrupted file' detected in '/usr/local/lib/node_modules/npm/node_modules/node-gyp/node_modules/tar/test/cb-never-called-1.0.1.tgz'
2019-04-04 16:43:13 -0700 Issue: 'corrupted file' detected in '/Library/Logs/SophosDiagnostics.gz'
2019-04-04 17:28:10 -0700 Issue: 'corrupted file' detected in '/private/var/db/systemstats/334BA266-4A16-4406-B655-389DCECC3025.microstackshots.XXXXXX.gz'
2019-04-04 17:34:50 -0700 Issue: 'encrypted file' detected in '/Users/Julia/Music/iTunes/iTunes Media/Mobile Applications/Freeskiing 1.0.2.ipa'
2019-04-04 17:46:22 -0700 Issue: 'encrypted file' detected in '/Users/Julia/.nvm/versions/node/v10.15.2/lib/node_modules/expo-cli/node_modules/@expo/traveling-fastlane-darwin/traveling-fastlane-1.8.0-osx/lib/vendor/ruby/2.2.0/gems/rubyzip-1.2.2/test/data/zipWithEncryption.zip'
2019-04-04 18:06:11 -0700 Issue: 'corrupted file' detected in '/Users/Julia/Library/Developer/Xcode/iOS DeviceSupport/8.3 (12F70)/Symbols/usr/lib/dyld'
2019-04-04 20:18:38 -0700 Issue: 'corrupted file' detected in '/Users/Julia/Library/Caches/Zotero/Profiles/dojfzuuv.default/cache2/entries/09863C4BBE637AF94D08ECDB52F98D367FE20800'
2019-04-04 22:43:18 -0700 Issue: 'corrupted file' detected in '/Users/Julia/Library/Caches/com.spotify.client/Browser/Cache/f_001a10'
2019-04-04 22:50:11 -0700 Issue: 'encrypted file' detected in '/Users/Julia/Documents/Dont need/File transfers/UCDS homework/spelling list.docx'
2019-04-04 22:50:11 -0700 Issue: 'encrypted file' detected in '/Users/Julia/Documents/Dont need/File transfers/UCDS homework/dream journal.docx'
2019-04-05 01:27:44 -0700 Issue: 'encrypted file' detected in '/Applications/VitalSource Bookshelf.app/Contents/Resources/Package.zip'


2019-04-05 02:22:32 -0700 Virus data are out of date.

2019-04-05 02:22:32 -0700 Files Scanned: 2222489, Threats Found: 0, PUAs found: 0, Issues found: 12

 

Should I be worried? The encrypted files are all fine, but the 'corrupted file' error makes me nervous, especially since I've been having some trouble with various applications like Word and Preview lately. Grateful for any help, thanks!



This thread was automatically locked due to age.
Parents
  • Hello Julia L,

    most of the time corrupted is not a sign of malicious activity. For compressed live logs (like SophosDiagnostics.gz or the microstackshots) it's even more or less expected. Other cases are files with "structural anomalies" - a deviation from the standard, a rarely used variation, or (seen in caches) an "unfinalized" archive (i.e. not all fields, pointers, whatever are set as would be needed for a properly closed archive - as from the POV of the application it's just a workfile).

    More worrying is IMO Virus data are out of date -  click on the Sophos shield from the menu bar, depending on the product line there's either already an About on the menu or Open Sophos Endpoint and you should find About on this submenu. Does it indicate it's up-to-date?

    Christian

Reply
  • Hello Julia L,

    most of the time corrupted is not a sign of malicious activity. For compressed live logs (like SophosDiagnostics.gz or the microstackshots) it's even more or less expected. Other cases are files with "structural anomalies" - a deviation from the standard, a rarely used variation, or (seen in caches) an "unfinalized" archive (i.e. not all fields, pointers, whatever are set as would be needed for a properly closed archive - as from the POV of the application it's just a workfile).

    More worrying is IMO Virus data are out of date -  click on the Sophos shield from the menu bar, depending on the product line there's either already an About on the menu or Open Sophos Endpoint and you should find About on this submenu. Does it indicate it's up-to-date?

    Christian

Children
No Data