Hi,
Had these for a couple of days on the logwatch on plesk and need to find out how to fix it.
--------------------- Clamav Begin ------------------------
Viruses detected:
Atomicorp.honeypot.hex.php.cmdshell.unclassed.344.UNOFFICIAL: 24 Time(s)
......................................................................................................................
Any ideas? (what it means, what type of virus, where to find the information, what to do next)
Thanks
Clamav Begin - virus detected
-
- Forum User
- Posts: 60
- Joined: Mon Jul 23, 2012 5:22 am
- Location: Salisbury
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Clamav Begin - virus detected
That log is incomplete so there isnt really any information in it, did it actually write to syslog like that?
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Clamav Begin - virus detected
I think thats the message from logwatch.
So ASL will display any clamav messages in the ASL gui, along with any details. Please log into asl, and search in the events window for any clamav events and let us know you see.
So ASL will display any clamav messages in the ASL gui, along with any details. Please log into asl, and search in the events window for any clamav events and let us know you see.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Forum User
- Posts: 60
- Joined: Mon Jul 23, 2012 5:22 am
- Location: Salisbury
Re: Clamav Begin - virus detected
Not exactly sure what to look for in the ASL events as clamav has many entries.
Could you advice me please?
This mention in logwatch has been going on for more then a month.
Could you advice me please?
This mention in logwatch has been going on for more then a month.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Clamav Begin - virus detected
Thanks for the question, so you can search for clamav events a couple of different ways:
1) search for the word "clam" in the ASL gui
2) You can search for the specific rule IDs that are used for malware, 52502 is the big one.\
1) search for the word "clam" in the ASL gui
2) You can search for the specific rule IDs that are used for malware, 52502 is the big one.\
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone