Re: [svs-devel] Logging of virus pattern names
Brought to you by:
renereucher
Menu
▾
▴
Re: [svs-devel] Logging of virus pattern names
|
From: Sebastien C. <sc...@dc...> - 2010-12-14 15:27:12
|
Hi René!
Dec 14 10:22:20 svs_clamav[22110]:
{f56c817f-469b-4659-aae3-0ed01e06d907}: W: scanner thread 0: infected
object found: file = /home/catse1/eicar.com, virus =
Eicar-Test-Signature
Dec 14 10:22:20 svs_clamav[22110]:
{f56c817f-469b-4659-aae3-0ed01e06d907}: D: scanner thread 0: finished
virus scan: file = /home/catse1/eicar.com, result = 256 (infected)
Dec 14 10:22:20 svs_clamav[22110]:
{f56c817f-469b-4659-aae3-0ed01e06d907}: D: thread manager: synchronous
scan request: object contained in result cache: file =
/home/catse1/eicar.com, result = infected
Oh no! I have a virus :P
Deploying it (trunk rev 99).
Sébastien
> Hi!
>
> SVS now also determines the name of any virus pattern when an infection was
> found by clamdscan. The pattern name is logged together with the infect-
> warning:
>
> Dec 14 13:14:07 linux-l8hr svs_clamav[32056]: {c0bdee73-ea94-4000-
> ae57-5877ce601a9d}: W: scanner thread 0: infected object found: file
> = /samba-
> share/test_file.zip, virus = Trojan.Downloader.Istbar-183
>
> I'm not yet using this information internally (just "output to log and forget
> about it"), but it's a prerequisite for some planned functionality of the
> upcoming 'SVS service daemon' (i. e. for the digested virus notifications).
>
> The only drawback is that I have to use temporary files to store and retrieve
> the clamdscan output, which is something I wanted to avoid (but
> there's no way
> around it, because using pipes is no real option here).
>
> Would be nice if you could update your test-systems with the SVN
> head revision
> (rev. 99+) to make sue it's working for others as well :).
>
> Anyway, if no show stoppers arise, I'll release SVS 0.1.3 in a few days.
>
> Have fun, René
> --
> René Reucher
> ren...@ba...
> http://www.batcom-it.net/
>
> Once, adv.:
> Enough.
> -- Ambrose Bierce, "The Devil's Dictionary"
>
> ------------------------------------------------------------------------------
> Lotusphere 2011
> Register now for Lotusphere 2011 and learn how
> to connect the dots, take your collaborative environment
> to the next level, and enter the era of Social Business.
> http://p.sf.net/sfu/lotusphere-d2d
> _______________________________________________
> svs-devel mailing list
> svs...@li...
> https://lists.sourceforge.net/lists/listinfo/svs-devel
>
>
|