Difference between revisions of "HIDS 52502"
(Created page with "{{Infobox |header1= Rule 52502 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Virus detected }} = Description = clamav has detected a virus on the system....") |
m (→Additional Information) |
||
| (One intermediate revision by one user not shown) | |||
| Line 18: | Line 18: | ||
server clamd[10987]: /directory/eicar.com: Eicar-Test-Signature FOUND | server clamd[10987]: /directory/eicar.com: Eicar-Test-Signature FOUND | ||
| + | |||
| + | Because of the way clamd works (it does not report the IP address of the source) this rule does not block any IPs. It alerts when clamd detects malware. If you are using the real time malware protection system, the real time malware protection system will prevent access to the malware. | ||
= Troubleshooting = | = Troubleshooting = | ||
| Line 30: | Line 32: | ||
= Additional Information = | = Additional Information = | ||
| + | |||
| + | If you are using the real time malware protection, this alert means access to the file has been denied to the user, and the malware was not able to run. No action is necessary. | ||
== Similar Rules == | == Similar Rules == | ||
Latest revision as of 17:24, 7 July 2016
| Rule 52502 | |
|---|---|
| Status | Active |
| Alert Message | Virus detected |
Contents |
[edit] Description
clamav has detected a virus on the system. There are two primary types of detection that may occur. Via the upload scanner, or via the real time scanner.
Real time scanner example:
server clamd[10987]: Clamuko: /protected_directory/eicar.com: Eicar-Test-Signature FOUND
Upload scanner example:
server clamd[10987]: /directory/eicar.com: Eicar-Test-Signature FOUND
Because of the way clamd works (it does not report the IP address of the source) this rule does not block any IPs. It alerts when clamd detects malware. If you are using the real time malware protection system, the real time malware protection system will prevent access to the malware.
[edit] Troubleshooting
[edit] False Positives
If you believe the file is not malware, please send the file to support. Please make sure you put a password on the file to prevent any antivirus software from preventing you from sending it to us.
[edit] Tuning Guidance
None.
[edit] Additional Information
If you are using the real time malware protection, this alert means access to the file has been denied to the user, and the malware was not able to run. No action is necessary.
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.
