Mailing List Archive

What is the actual danger of this?
A clamdscan flagged quite a few files on my system as Heueristics.Broken.Media.JPEG.JFIFmarkerBadPosition. What kind of exploit is that? And what kind of danger does it pose? (What does it do?) Is it for all systems? Or just for Windows?

A whole lot of web searching turned up nothing. Does anyone know?

TIA.
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: What is the actual danger of this? [ In reply to ]
for me look it like that the jpeg files cannot be read from heuristics scan as reason that something is wrong with it
i would not think frist, that is be an exploit


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Musc <mailto:muschelgev@newcultures.com>
Gesendet / Sent: Mittwoch, Februar 22, 2023 um 18:18 (at 06:18 PM) +0100
Betreff / Subject: [clamav-users] What is the actual danger of this?
> A clamdscan flagged quite a few files on my system as Heueristics.Broken.Media.JPEG.JFIFmarkerBadPosition. What kind of exploit is that? And what kind of danger does it pose? (What does it do?) Is it for all systems? Or just for Windows?
>
> A whole lot of web searching turned up nothing. Does anyone know?
>
> TIA.
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: What is the actual danger of this? [ In reply to ]
This alert means that the JPEG is slightly malformed. Many applications will probably be fine with it. ClamAV thinks it is a little odd. The risk is probably pretty low, but perhaps looking at a little to see if any other antivirus products think it is suspicious.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users@lists.clamav.net>
Sent: Wednesday, February 22, 2023 10:48 AM
To: clamav-users <clamav-users@lists.clamav.net>
Cc: newcomer01 <newcomer01@posteo.de>
Subject: Re: [clamav-users] What is the actual danger of this?

for me look it like that the jpeg files cannot be read from heuristics scan as reason that something is wrong with it
i would not think frist, that is be an exploit


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Musc <mailto:muschelgev@newcultures.com>
Gesendet / Sent: Mittwoch, Februar 22, 2023 um 18:18 (at 06:18 PM) +0100
Betreff / Subject: [clamav-users] What is the actual danger of this?
> A clamdscan flagged quite a few files on my system as Heueristics.Broken.Media.JPEG.JFIFmarkerBadPosition. What kind of exploit is that? And what kind of danger does it pose? (What does it do?) Is it for all systems? Or just for Windows?
>
> A whole lot of web searching turned up nothing. Does anyone know?
>
> TIA.
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: What is the actual danger of this? [ In reply to ]
On February 22, 2023 1:48:02 PM EST, newcomer01 via clamav-users <clamav-users@lists.clamav.net> wrote:
>for me look it like that the jpeg files cannot be read from heuristics scan as reason that something is wrong with it
>i would not think frist, that is be an exploit
>
>
>> A clamdscan flagged quite a few files on my system as Heueristics.Broken.Media.JPEG.JFIFmarkerBadPosition. What kind of exploit is that? And what kind of danger does it pose? (What does it do?) Is it for all systems? Or just for Windows?
>>
>> A whole lot of web searching turned up nothing. Does anyone know?

In a security podcast I listened to not too long ago it spoke of an exploit against iPhones which was quite hazardous, was concealed inside of an image file, which would immediately take control of the iPhone. There's not enough information for me to say that this is that exploit. Maybe it is, maybe it's something similar, or maybe it's simply a bit of corruption of the jpg file and actually relatively harmless. There are a lot of possibilities. You're right, we don't want to make any premature assumptions, neither overestimate nor underestimate the hazard. The purpose of my post was to find more information in order to make a proper evaluation. Thanks for helping me clarify that.
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat