question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

*.cat and *.mum files on Windows

See original GitHub issue

Does the v2.8.1 (or earlier) scanner attempt to unpack and scan these types of files? They are found in C:\Windows\servicing\Packages. We are using the v2.8.1 version.

We have noticed on some of our Windows servers that the scanner gets “hung” at this location. One such server has 3.75GB of these files, totaling around 273k files in the directory.

Running the scan with these options, the scanner seems to “stop” on this directory. log4j2-scan.exe --trace --scan-zip --scan-log4j1 --all-drives --report-path "%RPTFILE%" --report-dir "C:\Temp" --exclude "P:" --exclude "Z:" --exclude-pattern "KTree" --exclude-pattern "KnowledgeTreeProject" --exclude-pattern "\KT" --exclude-pattern "$RECYCLE.BIN"

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:1
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

2reactions
greg-michaelcommented, Feb 5, 2022

I’ll see if I can find out where the OOM issue is happening.

Thanks.

From: Yang, BongYeol (xeraph) @.> Sent: Friday, February 4, 2022 19:29 To: logpresso/CVE-2021-44228-Scanner @.> Cc: Greg Michael @.>; Mention @.> Subject: Re: [logpresso/CVE-2021-44228-Scanner] *.cat and *.mum files on Windows (Issue #267)

This email did not originate from Canadian Pacific. Please exercise caution with any links or attachments.


@greg-michaelhttps://urldefense.com/v3/__https:/github.com/greg-michael__;!!Iww4!19m64Dyvx5Qjw0xmBk_6Q1ujlC5SMIfhiMfo-57BGI5SifZ3Mkey-26k6EfPgkBzeA$ Altough some user reports OOM issues, I couldn’t reproduce a single OOM issue in my environment. For example, scanner ran with 2GB RAM with 5million files in a single directory and buggy old file API. I suspect decompression bug of commons-compress. However there should be sample files for 100% reproduce condition. Could you find that files which causes OOM by narrowing the directory?

— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/logpresso/CVE-2021-44228-Scanner/issues/267*issuecomment-1030489390__;Iw!!Iww4!19m64Dyvx5Qjw0xmBk_6Q1ujlC5SMIfhiMfo-57BGI5SifZ3Mkey-26k6EfvUOtgXw$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AJ6SVAVYJ4GOZ6KLDBKH4QLUZR4PTANCNFSM5NJ5U4QA__;!!Iww4!19m64Dyvx5Qjw0xmBk_6Q1ujlC5SMIfhiMfo-57BGI5SifZ3Mkey-26k6EfSiRXx_Q$. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!Iww4!19m64Dyvx5Qjw0xmBk_6Q1ujlC5SMIfhiMfo-57BGI5SifZ3Mkey-26k6EfKepoiZw$ or Androidhttps://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!Iww4!19m64Dyvx5Qjw0xmBk_6Q1ujlC5SMIfhiMfo-57BGI5SifZ3Mkey-26k6EeacPOq-g$. You are receiving this because you were mentioned.Message ID: @.@.>>

------------------------------ IMPORTANT NOTICE - AVIS IMPORTANT ------------------------------ Computer viruses can be transmitted via email. Recipient should check this email and any attachments for the presence of viruses. Sender and sender company accept no liability for any damage caused by any virus transmitted by this email. This email transmission and any accompanying attachments contain confidential information intended only for the use of the individual or entity named above. Any dissemination, distribution, copying or action taken in reliance on the contents of this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error please immediately delete it and notify sender at the above email address. Le courrier electronique peut etre porteur de virus informatiques. Le destinataire doit donc passer le present courriel et les pieces qui y sont jointes au detecteur de virus. L’ expediteur et son employeur declinent toute responsabilite pour les dommages causes par un virus contenu dans le courriel. Le present message et les pieces qui y sont jointes contiennent des renseignements confidentiels destines uniquement a la personne ou a l’ organisme nomme ci-dessus. Toute diffusion, distribution, reproduction ou utilisation comme reference du contenu du message par une autre personne que le destinataire est formellement interdite. Si vous avez recu ce courriel par erreur, veuillez le detruire immediatement et en informer l’ expediteur a l’ adresse ci-dessus. ------------------------------ IMPORTANT NOTICE - AVIS IMPORTANT ------------------------------

2reactions
xeraphcommented, Feb 2, 2022

@greg-michael Scanner does not unpack *.cat or *.mum files. It just traverse directories to check if file extension is inspection target. Try v2.9.0 version for this issue.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How do I obtain .mum and .cat files - TechNet - Microsoft
I ran System Update Readiness tool: ================================= Checking System Update Readiness. Binary Version 6.1.7601.21645
Read more >
How can I clean these .MUM and .CAT files from failed updates?
You can use the DISM /remove-package command to target and remove specific updates in Windows 10, but you can use neither the KB...
Read more >
[SOLVED] - Missing Cat and Mum files - Sysnative Forums
Hi and welcome to Sysnative. Your machine appears to be missing (or have corrupt) updates from 122 different windows updates. What other issues ......
Read more >
What Is a MUM File? | It Still Works - ItStillWorks
MUM files contain Windows Update data that keeps your system secure. ... When you obtain a Windows security update through Windows Update or...
Read more >
Windows 10: How can I clean these .MUM and .CAT files from ...
I have re-hidden the optional Upgrade to Windows 10 update but as I have explained in previous communications, KB3035583 is not in the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found