Clamav Begin - virus detected

mist_firefly · Unread post by **mist_firefly** » Mon Sep 10, 2012 4:53 am

Hi,

Had these for a couple of days on the logwatch on plesk and need to find out how to fix it.

--------------------- Clamav Begin ------------------------

Viruses detected:
Atomicorp.honeypot.hex.php.cmdshell.unclassed.344.UNOFFICIAL: 24 Time(s)
......................................................................................................................

Any ideas? (what it means, what type of virus, where to find the information, what to do next)

Thanks

Unread post by **scott** » Mon Sep 10, 2012 1:20 pm

That log is incomplete so there isnt really any information in it, did it actually write to syslog like that?

Unread post by **mikeshinn** » Mon Sep 10, 2012 5:00 pm

I think thats the message from logwatch.

So ASL will display any clamav messages in the ASL gui, along with any details. Please log into asl, and search in the events window for any clamav events and let us know you see.

mist_firefly · Tue Sep 11, 2012 10:40 am

Not exactly sure what to look for in the ASL events as clamav has many entries.

Could you advice me please?
This mention in logwatch has been going on for more then a month.

Unread post by **mikeshinn** » Tue Sep 11, 2012 2:50 pm

Thanks for the question, so you can search for clamav events a couple of different ways:

1) search for the word "clam" in the ASL gui

2) You can search for the specific rule IDs that are used for malware, 52502 is the big one.\

: shot.png (191.34 KiB) Viewed 5662 times

Atomicorp

Clamav Begin - virus detected

Clamav Begin - virus detected

Re: Clamav Begin - virus detected

Re: Clamav Begin - virus detected

Re: Clamav Begin - virus detected

Re: Clamav Begin - virus detected