Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 30 November 2024, 10:09:47 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  ClamAV
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: ClamAV  (Read 25950 times)
mcala
Jr. Member
*
Offline Offline

Posts: 2


« on: Tuesday 13 January 2009, 11:46:07 am »

Hello everyone!! I am new to Endian and i believe i have found the best UTM around. I have used PFsense, IPcop, and a brief spin around Untangle. Neither have tickled my fancy like Endian. I also for some strange reason get better pings when playing WoW while using Endian, go figure.

I was posting concerning my ClamAV logs which state:

 Viruses detected:
    Eicar-Test-Signature: 3 Time(s)

 **Unmatched Entries**
 TCP: Bound to address 127.0.0.1 on port 3310
 TCP: Setting connection queue length to 30
 Limits: Global size limit set to 52428800 bytes.
 Limits: File size limit set to 26214400 bytes.
 Limits: Recursion level limit set to 5.
 Limits: Files limit set to 1000.
 TCP: Bound to address 127.0.0.1 on port 3310
 TCP: Setting connection queue length to 30
 Limits: Global size limit set to 52428800 bytes.
 Limits: File size limit set to 26214400 bytes.
 Limits: Recursion level limit set to 5.
 Limits: Files limit set to 1000.

an 12 12:49:00     clamd[3673]: /var/spool/havp/havp-x0bliw: Eicar-Test-Signature FOUND
Jan 12 12:52:02    clamd[3673]: /var/spool/havp/havp-gw5rPW: PUA.Script.Packed-2 FOUND
Jan 12 12:52:02    clamd[3673]: /var/spool/havp/havp-QDAk4Z: PUA.Script.Packed-2 FOUND
Jan 12 12:52:02    clamd[3673]: /var/spool/havp/havp-ZTAJoW: PUA.Script.Packed-1 FOUND
Jan 12 12:59:47    clamd[3673]: No stats for Database check - forcing reload
Jan 12 12:59:47    clamd[3673]: Reading databases from /usr/share/clamav
Jan 12 12:59:51    clamd[3673]: Database correctly reloaded (487283 signatures)
Jan 12 13:02:54    clamd[3673]: /var/spool/havp/havp-sCvWSe: Eicar-Test-Signature FOUND
Jan 12 13:03:04    clamd[3673]: /var/spool/havp/havp-g7KwuA: Eicar-Test-Signature FOUND
Jan 12 13:03:53    clamd[3673]: /var/spool/havp/havp-65hwCA: Eicar-Test-Signature FOUND
Jan 12 13:09:37    clamd[3673]: /var/spool/havp/havp-At42Uh: Eicar-Test-Signature FOUND
Jan 12 13:19:25    clamd[3673]: SelfCheck: Database status OK.
Jan 12 13:31:24    clamd[3673]: SelfCheck: Database status OK.
Jan 12 18:30:08    clamd[3673]: SelfCheck: Database status OK.
Jan 12 18:41:48    clamd[3673]: SelfCheck: Database status OK.
Jan 12 18:51:52    clamd[3673]: SelfCheck: Database status OK.
Jan 12 19:02:08    clamd[3673]: SelfCheck: Database status OK.
Jan 12 19:12:23    clamd[3673]: SelfCheck: Database status OK.
Jan 12 19:18:10    clamd[3673]: /var/spool/havp/havp-QcyFa9: Eicar-Test-Signature FOUND

Is this a normal test of ClamAV or am i trying to be infected? Is this detection coming from my AV updates that are being downloaded to my PC?
Logged
woodrowbone
Jr. Member
*
Offline Offline

Posts: 5


« Reply #1 on: Tuesday 13 January 2009, 09:24:37 pm »

If I am not misinformed this is a detection of the Eicar test virus coming up when someone is using internet on your network, HAVP is the module that scans all web pages for virus u are visiting.
No worries m8!

Woodrow
Logged
mcala
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Wednesday 14 January 2009, 04:39:37 am »

Thanks for the reply, so i should be safe then.

I had another question about the IDS module. When i select to update the Snort rules does it download the unregistered ruleset which are from 07/22/2005 or does it grab the latest rules for registered users as of 12/12/2008? I did register at Snort.org and downloaded the latest ruleset and uploaded them to the IDS module but i wonder if it does a daily update to snort will it revert back to the older rules? I did read the Docs. on Endian but they show the older version of Endian where you could input your Oink-code in. The latest RC3 2.2 does not seem to have that ability anymore to add your Snort Oink-code.
Logged
wharfratjoe
Full Member
***
Offline Offline

Posts: 17


« Reply #3 on: Friday 16 January 2009, 07:34:59 am »

Is there a log that we can check to see what has been updated for IDS (snort)? I know in IPcop it lists what has been updated after it is completed.

I will like to also be able to use my oink code (if possible) to do updates.
Logged
Jacob
Jr. Member
*
Offline Offline

Posts: 1


« Reply #4 on: Friday 20 November 2009, 11:07:06 pm »

Where is catched viruses log?
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.133 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com