clam says boot.efi Broken.Executable
Brian Flaherty
bxf4 at u.washington.edu
Sun Jun 29 14:43:24 PDT 2008
On Sun, Jun 29, 2008 at 11:19:43PM +0200, Rainer Müller wrote:
> Brian Flaherty wrote:
>> I also just checked to see if clamscan --detect-broken said boot.efi
>> was a Broken.Executable and it did on both machines (laptop and
>> desktop).
>
> I get the same:
> /System/Library/CoreServices/boot.efi: Broken.Executable FOUND
Thanks for the reply. Sorry you found the same thing. After looking
into it more, I suspect it is a false alarm. I scanned boot.efi on a
Debian linux machine with clamav and it came up as a broken executable
there too. However, it also provided this message, which the MacPorts
version did not:
LibClamAV Warning: Incorrect magic number in optional header
It sounds as though that message is referring to something called a PE
(portable executable) file described here:
http://win32assembly.online.fr/pe-tut1.html
This is also what the --detect-broken option for clamscan is supposed
to detect. It doesn't seem odd (to me) that a boot file would be
structured differently than a standard executable.
But it is still a little troubling the clamdscan doesn't give me the
same answer on both my Macs.
> But I think this question would be better targeted to the mailing list
> of the clamav project at <http://www.clamav.org/support/ml>.
I'll post something there too. Thanks again.
More information about the macports-users
mailing list