# Copyright 2006 Tenable Network Security
# This library may only be used with the LCE server and may not
# be used with other products or open source projects
#
# NAME:
# ClamAV Event log parser
#
# DESCRIPTION:
# This library is used to process logs from ClamAV on UNIX hosts
#
# LAST UPDATE: $Date: 2012/05/04 17:30:28 $

id=300
name=The Clam AV scanner detected a virus. 
match=FO
match=clamd
match= FOUND
match=! HTML.Phishing.
match=! Trojan.
match=! Exploit.
match=! Worm.
match=! Adware.
log=event:ClamAV-Virus_Detected type:virus

NEXT

id=301
name=The Clam AV scanner detected clam a phishing attempt.
match=clamd
match= FOUND
match=FO
match=ing
match= HTML.Phishing
log=event:ClamAV-Phishing_Attempt_Detected type:spam

NEXT

id=302
name=The Clam AV scanner detected clam a trojan.
match=clamd
match= FOUND
match= Trojan.
match=FO
log=event:ClamAV-Trojan_Detected type:virus

NEXT

id=303
name=The Clam AV scanner detected an exploit.
match=clamd
match= FOUND
match=FO
match=lo
match= Exploit.
log=event:ClamAV-Exploit_Detected type:virus

NEXT

id=304
name=The Clam AV scanner detected a worm.
match=clamd
match=FO
match= FOUND
match= Worm.
log=event:ClamAV-Worm_Detected type:virus

NEXT

id=305
name=The Clam AV scanner detected adware.
match=clamd
match=FO
match= FOUND
match=ar
match= Adware.
log=event:ClamAV-Adware_Detected type:spam

NEXT

id=307
name=The Clam AV scanner detected a Spam attempt.
match=CL
match=CLAMAV
match= Spam found (
log=event:ClamAV-Spam_Detected type:spam

NEXT

id=308
name=The Clam AV scanner detected a Spam attempt.
match=CL
match=CLAMAV
match=ing
match= Phishing found (
log=event:ClamAV-Phishing_Attempt_Detected type:spam