|
Title: ClamAV Post by: mcala on Tuesday 13 January 2009, 11:46:07 am Hello everyone!! I am new to Endian and i believe i have found the best UTM around. I have used PFsense, IPcop, and a brief spin around Untangle. Neither have tickled my fancy like Endian. I also for some strange reason get better pings when playing WoW while using Endian, go figure.
I was posting concerning my ClamAV logs which state: Viruses detected: Eicar-Test-Signature: 3 Time(s) **Unmatched Entries** TCP: Bound to address 127.0.0.1 on port 3310 TCP: Setting connection queue length to 30 Limits: Global size limit set to 52428800 bytes. Limits: File size limit set to 26214400 bytes. Limits: Recursion level limit set to 5. Limits: Files limit set to 1000. TCP: Bound to address 127.0.0.1 on port 3310 TCP: Setting connection queue length to 30 Limits: Global size limit set to 52428800 bytes. Limits: File size limit set to 26214400 bytes. Limits: Recursion level limit set to 5. Limits: Files limit set to 1000. an 12 12:49:00 clamd[3673]: /var/spool/havp/havp-x0bliw: Eicar-Test-Signature FOUND Jan 12 12:52:02 clamd[3673]: /var/spool/havp/havp-gw5rPW: PUA.Script.Packed-2 FOUND Jan 12 12:52:02 clamd[3673]: /var/spool/havp/havp-QDAk4Z: PUA.Script.Packed-2 FOUND Jan 12 12:52:02 clamd[3673]: /var/spool/havp/havp-ZTAJoW: PUA.Script.Packed-1 FOUND Jan 12 12:59:47 clamd[3673]: No stats for Database check - forcing reload Jan 12 12:59:47 clamd[3673]: Reading databases from /usr/share/clamav Jan 12 12:59:51 clamd[3673]: Database correctly reloaded (487283 signatures) Jan 12 13:02:54 clamd[3673]: /var/spool/havp/havp-sCvWSe: Eicar-Test-Signature FOUND Jan 12 13:03:04 clamd[3673]: /var/spool/havp/havp-g7KwuA: Eicar-Test-Signature FOUND Jan 12 13:03:53 clamd[3673]: /var/spool/havp/havp-65hwCA: Eicar-Test-Signature FOUND Jan 12 13:09:37 clamd[3673]: /var/spool/havp/havp-At42Uh: Eicar-Test-Signature FOUND Jan 12 13:19:25 clamd[3673]: SelfCheck: Database status OK. Jan 12 13:31:24 clamd[3673]: SelfCheck: Database status OK. Jan 12 18:30:08 clamd[3673]: SelfCheck: Database status OK. Jan 12 18:41:48 clamd[3673]: SelfCheck: Database status OK. Jan 12 18:51:52 clamd[3673]: SelfCheck: Database status OK. Jan 12 19:02:08 clamd[3673]: SelfCheck: Database status OK. Jan 12 19:12:23 clamd[3673]: SelfCheck: Database status OK. Jan 12 19:18:10 clamd[3673]: /var/spool/havp/havp-QcyFa9: Eicar-Test-Signature FOUND Is this a normal test of ClamAV or am i trying to be infected? Is this detection coming from my AV updates that are being downloaded to my PC? Title: Re: ClamAV Post by: woodrowbone on Tuesday 13 January 2009, 09:24:37 pm If I am not misinformed this is a detection of the Eicar test virus coming up when someone is using internet on your network, HAVP is the module that scans all web pages for virus u are visiting.
No worries m8! Woodrow Title: Re: ClamAV Post by: mcala on Wednesday 14 January 2009, 04:39:37 am Thanks for the reply, so i should be safe then.
I had another question about the IDS module. When i select to update the Snort rules does it download the unregistered ruleset which are from 07/22/2005 or does it grab the latest rules for registered users as of 12/12/2008? I did register at Snort.org and downloaded the latest ruleset and uploaded them to the IDS module but i wonder if it does a daily update to snort will it revert back to the older rules? I did read the Docs. on Endian but they show the older version of Endian where you could input your Oink-code in. The latest RC3 2.2 does not seem to have that ability anymore to add your Snort Oink-code. Title: Re: ClamAV Post by: wharfratjoe on Friday 16 January 2009, 07:34:59 am Is there a log that we can check to see what has been updated for IDS (snort)? I know in IPcop it lists what has been updated after it is completed.
I will like to also be able to use my oink code (if possible) to do updates. Title: Re: ClamAV Post by: Jacob on Friday 20 November 2009, 11:07:06 pm Where is catched viruses log?
|