Hi,
 
I downloaded, transferred and imported a MIDI (.mid) file into a temporary project on an always-offline DAW and began having some lockups and crashes in Sonar.  Granted, this could be entirely unrelated as I also begun a new project since then.  I did scan the file first with Norton and it said it was Ok.  I just wanted to get some feedback from the forum as to the likelihood of MIDI files having a virus that could be causing Sonar to lock or crash.  (The file was only 64K and has 6 MIDI tracks within it that comprise a 4+ minute song, so I'm not sure how much room would even be left for a virus to lurk with the file)
 
Thanks for any general insight on this subject....
 
      Sonic

There isn't any reason why a midi file couldn't be used as an attack vector. There was at least one virus that used image files to exploit flaws in the image processing engines of various web browsers. If fact, any program that reads in a data file can be exploited if the program is not coded to correctly handle unexpected information.
 
Fortunately most modern software is coded to handle such cases and I'm personally unaware of any malware that exploits undiscovered flaws in DAWs or MIDI players, but that doesn't mean they aren't out there! And ya gotta watch out for that really old software.
 
To address your issue, I would guess that complex or poorly composed MIDI sequences, perhaps with lots of PC's, CC's and such could stress the sequencer or a virtual instrument to the point where dropouts occur, but I don't know for sure. There are some preference settings that specifically address midi performance that you might want to read up on. Unfortunately I don't remember what they are called, but I believe they have to do with caching. Hopefully someone else can chime in on that one.
 
Keep virus-scanning those files!
 
 

I should probably mention it appeared the 6 tracks within the .mid file were all legit.  Am I at least right that a credible virus scanner like Norton should be able to detect a virus, or do viruses hide within MIDI files in a way that evade scanners?
 
Yeah, I previously had no lockups and rarely crashes to speak of, yet suddenly after importing the .mid file into a temporary project (just to see what the contents/tracks were about), I am now getting some locks and crashes in Sonar in a new, unrelated project I'm working in.   I'll have to keep on eye on things and see if maybe i can figure out what may be triggering the issues....
 
Sonic

MIDI files cannot contain computer viruses by themselves.  However, they can contain data that can crash certain versions of Sonar and Cakewalk. If a MIDI file contains very dense controller or SYSEX data, that will cause some versions of Sonar and Cakewalk to crash upon playback. 

I have experienced this with some MIDI files that had (required) SYSEX data at a particular place in the file.  I spaced out the SYSEX data in the file and that fixed it. 

If a MIDI file is crashing Sonar and Cakewalk upon playback, look for some SYSEX data (either banks or data itself)

Unexpected data can cause a program to crash.  This is not a virus infection.  It's not good, but is is not a virus.
 
Technically, only an executable program file can be "infected" with a computer virus.  MIDI files do not contain "executable" code.  So no point in scanning MIDI files for a virus, because they are just data containers.
 
The term "virus" is also commonly, but erroneously, used to refer to other types of malware.  https://en.wikipedia.org/wiki/Computer_virus

Given everything already mentioned combined with the fact that the issue is occurring in an unrelated project, I doubt the MIDI file has anything all to do with your issue. If you haven't re-booted recently, that would be a good place to start.
 
Instability in SONAR is most often associated with plugins or problems with interface drivers. If no changes have been made to the system or SONAR audio config, and you've rebooted,  the next place to look would be the plugins that were most recently added to the crashing project.

Thanks guys, this forum rocks.
 
The rare, random lockups usually happen when I go to stop playback.  Initially after a system rebuild it was due to multi-core issues and I resolved things by setting everything to run on one core and turned off the multi-processing engine in Sonar.  Never had another problem since (going on about a year now I think).  However, suddenly the same symptoms have surfaced again, and I've installed nothing new and changed absolutely nothing - even using the same project templates.  Very strange...  
 
I'm really ignorant about MIDI....can somebody give me a quick explanation of what Sysex data is about and how I might find and edit it per advice above from @promidi ?   I am only using MIDI for drums to trigger Superior Drummer 2.  Usually I tab in my own, but if there is some kind of data lurking in the background I should know about please clue me in....
 
Sonic

SonicExplorer
can somebody give me a quick explanation of what Sysex data is about

https://en.wikipedia.org/wiki/MIDI
 

Messages

A MIDI message is an instruction that controls some aspect of the receiving device. A MIDI message consists of a status byte, which indicates the type of the message, followed by up to two data bytes that contain the parameters. MIDI messages can be channel messages sent on only one of the 16 channels and monitored only by devices on that channel, or system messages that all devices receive. Each receiving device ignores data not relevant to its function. There are five types of message: Channel Voice, Channel Mode, System Common, System Real-Time, and System Exclusive.

Channel Voice messages transmit real-time performance data over a single channel. Examples include "note-on" messages which contain a MIDI note number that specifies the note's pitch, a velocity value that indicates how forcefully the note was played, and the channel number; "note-off" messages that end a note; program change messages that change a device's patch; and control changes that allow adjustment of an instrument's parameters. MIDI notes are numbered from 0 to 127 assigned to C-1 to G9. This corresponds to a range of 8.175798916Hz to 12543.85395Hz (assuming equal temperament and 440Hz A4) and extends beyond the 88 note piano range from A0 to C8.

Channel Mode messages include the Omni/mono/poly mode on and off messages, as well as messages to reset all controllers to their default state or to send "note-off" messages for all notes.

System messages do not include channel numbers, and are received by every device in the MIDI chain. MIDI time code is an example of a System Common message. System Real-Time messages provide for synchronization, and include MIDI clock and Active Sensing.

System Exclusive messages

System Exclusive (SysEx) messages are a major reason for the flexibility and longevity of the MIDI standard. Manufacturers use them to create proprietary messages that control their equipment more thoroughly than standard MIDI messages could. SysEx messages are addressed to a specific device in a system. Each manufacturer has a unique identifier that is included in its SysEx messages, which helps ensure that only the targeted device responds to the message, and that all others ignore it. Many instruments also include a SysEx ID setting, so a controller can address two devices of the same model independently. SysEx messages can include functionality beyond what the MIDI standard provides. They target a specific instrument, and are ignored by all other devices on the system.

Hmmm.... Interesting. So Sysex is kind of like a custom data packet.  I used to program SCSI hardware, device drivers and applications that would all communicate in a system using a similar concept. However, in the case of MIDI, what would be the circumstance where a drum MIDI file driving a soft synth in a Sonar project would have any use for Sysex data ?   In my mind, there isn't any specialized device driver involved, and the host application (Sonar) wouldn't be sending any proprietary/Sysex data to a drum synth either.  So how would Sysex data potentially be something to be concerned about in my case?   And how would I determine this....is it something visible within MIDI files or is the Sysex data generated real-time ?
 
Sonic

SonicExplorer
 
......can somebody give me a quick explanation of what Sysex data is about and how I might find and edit it per advice above from @promidi ?

In a nutshell, SYSEX is a string of characters embedded in a MIDI file that tells (mostly hardware) synths how to set up a sound, various parameters to use and whatnot. SYSEX events are usually specific to the synth that you're controlling.  For instances, a Roland GS device would usually ignore SYSEX data intended for a Yamaha XG device

If you are using soft synths and your MIDI file does indeed contain SYSEX data, then it is usually safe to simply back up the MIDI file, then delete the sysex data.

That being said, I have experienced repeatable crashes in some versions of Sonar and CbB that I confirmed to be caused by dense SYSEX data in a MIDI only project.  This project was purely MIDI only (driving hardware synths).  There were no audio tracks at all - and definitely no plugins.

The best way to find it in Sonar or CbB is to use the event list view - or use the Sysex view