Rule 1
Status	Active
Alert Message	Anti-Virus

Contents 1 Description 1.1 What you should do 2 Troubleshooting 2.1 False Positives 2.2 Tuning Guidance 3 Additional Information 3.1 Support 3.2 Similar Rules 3.3 Knowledge Base Articles 3.4 Outside References 3.5 Notes

Description

This is a generic (level 3) event to collect real-time AV scanner events from Clam Anti-virus.

What you should do

No action recommended. This is a generic catch all "bucket" for Clam AV real-time events, that include initialization.

Troubleshooting

False Positives

There are no false positives with this rule.

Tuning Guidance

This rule can safely be set to logging type "no" to prevent it from being reported in the event viewer. Do not disable this rule, as it is a requirement for other IDS related rules.

Additional Information

Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes