https://wiki.atomicorp.com/wiki/index.php?title=HIDS_11257&feed=atom&action=historyHIDS 11257 - Revision history2024-03-28T11:27:58ZRevision history for this page on the wikiMediaWiki 1.20.2https://wiki.atomicorp.com/wiki/index.php?title=HIDS_11257&diff=2024&oldid=prevMshinn at 02:33, 21 December 20112011-12-21T02:33:29Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 02:33, 21 December 2011</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 2:</td>
<td colspan="2" class="diff-lineno">Line 2:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>11257</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>11257</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Status'''</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Status'''</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
</table>Mshinnhttps://wiki.atomicorp.com/wiki/index.php?title=HIDS_11257&diff=2023&oldid=prevMshinn: Created page with "'''Rule ID''' 11257 '''Status''' Active rule currently published. '''Description''' This rule is detects when proftp tries to connect to the antimalware daemon, clamd, and..."2011-12-21T02:27:52Z<p>Created page with "'''Rule ID''' 11257 '''Status''' Active rule currently published. '''Description''' This rule is detects when proftp tries to connect to the antimalware daemon, clamd, and..."</p>
<p><b>New page</b></p><div>'''Rule ID''' <br />
<br />
11257<br />
'''Status'''<br />
<br />
Active rule currently published.<br />
<br />
'''Description''' <br />
<br />
This rule is detects when proftp tries to connect to the antimalware daemon, clamd, and can not do this. These means the antimalware daemon is not running, or something is preventing the FTP daemon from talking to it. <br />
<br />
Check to make sure clamd is running. Log into the ASL GUI and check that CLAMAV_ENABLED is set to yes.<br />
<br />
'''False Positives'''<br />
<br />
There is no known false positive for this rule. <br />
<br />
If you believe that this is a false positive, please report this to our security team can determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the [[Reporting False Positives]] wiki page.<br />
<br />
<br />
'''Tuning Recommendations'''<br />
<br />
None.<br />
<br />
'''Similar Rules'''<br />
<br />
None.<br />
<br />
'''Knowledge Base Articles'''<br />
<br />
None.<br />
<br />
'''Outside References'''</div>Mshinn