EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 23 November 2024, 07:10:49 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14258
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
EFW SMTP, HTTP, SIP, FTP Proxy Support
ClamAV
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: ClamAV (Read 25560 times)
mcala
Jr. Member
Offline
Posts: 2
ClamAV
«
on:
Tuesday 13 January 2009, 11:46:07 am »
Hello everyone!! I am new to Endian and i believe i have found the best UTM around. I have used PFsense, IPcop, and a brief spin around Untangle. Neither have tickled my fancy like Endian. I also for some strange reason get better pings when playing WoW while using Endian, go figure.
I was posting concerning my ClamAV logs which state:
Viruses detected:
Eicar-Test-Signature: 3 Time(s)
**Unmatched Entries**
TCP: Bound to address 127.0.0.1 on port 3310
TCP: Setting connection queue length to 30
Limits: Global size limit set to 52428800 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 5.
Limits: Files limit set to 1000.
TCP: Bound to address 127.0.0.1 on port 3310
TCP: Setting connection queue length to 30
Limits: Global size limit set to 52428800 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 5.
Limits: Files limit set to 1000.
an 12 12:49:00 clamd[3673]: /var/spool/havp/havp-x0bliw: Eicar-Test-Signature FOUND
Jan 12 12:52:02 clamd[3673]: /var/spool/havp/havp-gw5rPW: PUA.Script.Packed-2 FOUND
Jan 12 12:52:02 clamd[3673]: /var/spool/havp/havp-QDAk4Z: PUA.Script.Packed-2 FOUND
Jan 12 12:52:02 clamd[3673]: /var/spool/havp/havp-ZTAJoW: PUA.Script.Packed-1 FOUND
Jan 12 12:59:47 clamd[3673]: No stats for Database check - forcing reload
Jan 12 12:59:47 clamd[3673]: Reading databases from /usr/share/clamav
Jan 12 12:59:51 clamd[3673]: Database correctly reloaded (487283 signatures)
Jan 12 13:02:54 clamd[3673]: /var/spool/havp/havp-sCvWSe: Eicar-Test-Signature FOUND
Jan 12 13:03:04 clamd[3673]: /var/spool/havp/havp-g7KwuA: Eicar-Test-Signature FOUND
Jan 12 13:03:53 clamd[3673]: /var/spool/havp/havp-65hwCA: Eicar-Test-Signature FOUND
Jan 12 13:09:37 clamd[3673]: /var/spool/havp/havp-At42Uh: Eicar-Test-Signature FOUND
Jan 12 13:19:25 clamd[3673]: SelfCheck: Database status OK.
Jan 12 13:31:24 clamd[3673]: SelfCheck: Database status OK.
Jan 12 18:30:08 clamd[3673]: SelfCheck: Database status OK.
Jan 12 18:41:48 clamd[3673]: SelfCheck: Database status OK.
Jan 12 18:51:52 clamd[3673]: SelfCheck: Database status OK.
Jan 12 19:02:08 clamd[3673]: SelfCheck: Database status OK.
Jan 12 19:12:23 clamd[3673]: SelfCheck: Database status OK.
Jan 12 19:18:10 clamd[3673]: /var/spool/havp/havp-QcyFa9: Eicar-Test-Signature FOUND
Is this a normal test of ClamAV or am i trying to be infected? Is this detection coming from my AV updates that are being downloaded to my PC?
Logged
woodrowbone
Jr. Member
Offline
Posts: 5
Re: ClamAV
«
Reply #1 on:
Tuesday 13 January 2009, 09:24:37 pm »
If I am not misinformed this is a detection of the Eicar test virus coming up when someone is using internet on your network, HAVP is the module that scans all web pages for virus u are visiting.
No worries m8!
Woodrow
Logged
mcala
Jr. Member
Offline
Posts: 2
Re: ClamAV
«
Reply #2 on:
Wednesday 14 January 2009, 04:39:37 am »
Thanks for the reply, so i should be safe then.
I had another question about the IDS module. When i select to update the Snort rules does it download the unregistered ruleset which are from 07/22/2005 or does it grab the latest rules for registered users as of 12/12/2008? I did register at Snort.org and downloaded the latest ruleset and uploaded them to the IDS module but i wonder if it does a daily update to snort will it revert back to the older rules? I did read the Docs. on Endian but they show the older version of Endian where you could input your Oink-code in. The latest RC3 2.2 does not seem to have that ability anymore to add your Snort Oink-code.
Logged
wharfratjoe
Full Member
Offline
Posts: 17
Re: ClamAV
«
Reply #3 on:
Friday 16 January 2009, 07:34:59 am »
Is there a log that we can check to see what has been updated for IDS (snort)? I know in IPcop it lists what has been updated after it is completed.
I will like to also be able to use my oink code (if possible) to do updates.
Logged
Jacob
Jr. Member
Offline
Posts: 1
Re: ClamAV
«
Reply #4 on:
Friday 20 November 2009, 11:07:06 pm »
Where is catched viruses log?
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 17 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com