HIDS 52502

From Atomicorp Wiki
Revision as of 17:24, 7 July 2016 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 52502
Status Active
Alert Message Virus detected

Contents

[edit] Description

clamav has detected a virus on the system. There are two primary types of detection that may occur. Via the upload scanner, or via the real time scanner.

Real time scanner example:

server clamd[10987]: Clamuko: /protected_directory/eicar.com: Eicar-Test-Signature FOUND

Upload scanner example:

server clamd[10987]: /directory/eicar.com: Eicar-Test-Signature FOUND

Because of the way clamd works (it does not report the IP address of the source) this rule does not block any IPs. It alerts when clamd detects malware. If you are using the real time malware protection system, the real time malware protection system will prevent access to the malware.

[edit] Troubleshooting

[edit] False Positives

If you believe the file is not malware, please send the file to support. Please make sure you put a password on the file to prevent any antivirus software from preventing you from sending it to us.

[edit] Tuning Guidance

None.

[edit] Additional Information

If you are using the real time malware protection, this alert means access to the file has been denied to the user, and the malware was not able to run. No action is necessary.

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

Personal tools