Hi again. Well, the source ... .. you known users most of the time have no idea what are doing. Seems a usual correspondent but, who knows. Since mail is responsible for 99% of malware and dirt and because users hate security, bad for day to day work the only solution is using clamav-milter whitelist addresses. Mail is a complete anarchy, no way blocking failed SPF, DKIM signatures, DMARC, etc Because no one does anything and so if you block a lot of important emails block.
Media all around talk about security but no one does nothing. Even most important banks don't even have DNSSEC and when they have is incorrect. Dkim? To much trouble Dnssec? To much trouble. And with all he monopoly on the clouds things get even worse G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> escreveu no dia sábado, 17/04/2021 à(s) 12:27: > > Hi there, > > On Sat, 17 Apr 2021, Pedro Guedes via clamav-users wrote: > > G.W. Haywood via clamav-users ... sábado, 17/04/2021 ... > >> On Sat, 17 Apr 2021, Pedro Guedes via clamav-users wrote: > >> > >>> What does > >>> Heuristics.Broken.Media.JPEG.JFIFdupAppMarker > >>> mean? > >> > >> It means that libclamav found something questionable in data which it > >> identified as of type JPEG. It's only reported by clamd if an option > >> in the configuration is on. The default is off. > >> ... > >> It's not unusual to find broken images in things like a browser cache > >> and it might not be a concern, but in mail or elsewhere it might mean > >> that something should be investigated. > >> > >> A little more context might help. > > > > Yes, I did already look at the C code as something to do with jpeg format. > > So JFIFdupAppMarker is an attention to something being wrong? > > Yes. The data violates the format specification. From just that bit > of information I have I have no idea how likely it is to be malicious. > Some images are generated on the fly, and the code doing that might be > less than perfect so you could be seeing a mistake rather than malice. > > > And yes I have > > AlertBrokenMedia yes > > in clamd.conf > > > > Well, I keep looking. > > I have ClamAV as a milter in sendmail.cf so this jpeg was in email scanning. > > Obviously if it's in email you can easily investigate the source, and > if it's malicious you can also easily prevent it from being passed to > any mailbox. I don't know how common malicious JPEG files are in mail > but I suspect it's "not very". Can you tell us more about the source? > > -- > > 73, > Ged. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
![Re: [clamav-users] Heuristics.Broken.Media.JPEG.JFIFdupAppMarker](/search?l=clamav-users@lists.clamav.net&q=subject:%22Re%5C%3A+%5C%5Bclamav%5C-users%5C%5D+Heuristics.Broken.Media.JPEG.JFIFdupAppMarker%22&o=newest){kind=link}
