HIDS 52502

From Atomicorp Wiki
Revision as of 18:23, 7 July 2016 by Mshinn (Talk | contribs)

Jump to: navigation, search
Rule 52502
Status Active
Alert Message Virus detected



clamav has detected a virus on the system. There are two primary types of detection that may occur. Via the upload scanner, or via the real time scanner.

Real time scanner example:

server clamd[10987]: Clamuko: /protected_directory/eicar.com: Eicar-Test-Signature FOUND

Upload scanner example:

server clamd[10987]: /directory/eicar.com: Eicar-Test-Signature FOUND

Because of the way clamd works (it does not report the IP address of the source) this rule does not block any IPs. It alerts when clamd detects malware. If you are using the real time malware protection system, the real time malware protection system will prevent access to the malware.


False Positives

If you believe the file is not malware, please send the file to support. Please make sure you put a password on the file to prevent any antivirus software from preventing you from sending it to us.

Tuning Guidance


Additional Information

Similar Rules


Knowledge Base Articles


Outside References



Personal tools