# Copyright 2006 Tenable Network Security # This library may only be used with the LCE server and may not # be used with other products or open source projects # # NAME: # ClamAV Event log parser # # DESCRIPTION: # This library is used to process logs from ClamAV on UNIX hosts # # LAST UPDATE: $Date$ id=300 name=The Clam AV scanner detected a virus. match=FO match=clamd match=la match= FOUND match=! HTML.Phishing. match=! Trojan. match=! Exploit. match=! Worm. match=! Adware. log=event:ClamAV-Virus_Detected type:virus NEXT id=301 name=The Clam AV scanner detected clam a phishing attempt. match=clamd match=la match= FOUND match=FO match=ing match= HTML.Phishing log=event:ClamAV-Phishing_Attempt_Detected type:spam NEXT id=302 name=The Clam AV scanner detected clam a trojan. match=clamd match=la match= FOUND match= Trojan. match=FO log=event:ClamAV-Trojan_Detected type:virus NEXT id=303 name=The Clam AV scanner detected an exploit. match=clamd match=la match= FOUND match=FO match=lo match= Exploit. log=event:ClamAV-Exploit_Detected type:virus NEXT id=304 name=The Clam AV scanner detected a worm. match=clamd match=la match=FO match= FOUND match= Worm. log=event:ClamAV-Worm_Detected type:virus NEXT id=305 name=The Clam AV scanner detected adware. match=clamd match=la match=FO match= FOUND match=ar match= Adware. log=event:ClamAV-Adware_Detected type:spam NEXT id=307 name=The Clam AV scanner detected a Spam attempt. match=CL match=CLAMAV match=un match=ound match=fo match=ou match=oun match= Spam found ( log=event:ClamAV-Spam_Detected type:spam NEXT id=308 name=The Clam AV scanner detected a Spam attempt. match=CL match=CLAMAV match=ing match=un match=ound match=fo match=ou match=oun match= Phishing found ( log=event:ClamAV-Phishing_Attempt_Detected type:spam NEXT id=309 name=The ClamAV anti virus daemon detected new signatures and will reload them. match=la match=Se match=lo match=as match=if match=io match=detected match=at match=Forcing match=he match=mod match=on match=tion match=ing match=ed match=etected match=mo match=ic match=cat match=ti match=ck match=oad match=clamd match=ect match=Data match=ion log=event:ClamAV-New_Signatures type:application NEXT id=320 name=The Clam AV scanner version is outdated. match=ClamAV installation is OUTDATED match=AT match=la match=nstall match=io match=at match=all match=Cl match=install match=on match=tion match=sta match=al match=ll match=ou match=in match=is match=ti match=ur match=st match=ion log=event:ClamAV-Engine_Outdated type:error NEXT id=321 name=The Clam AV scanner version is outdated. match=la match=ded match=io match=cal match=es match=ver match=freshclam match=Local version log=event:ClamAV-Engine_Outdated type:error NEXT id=322 name=The ClamAV anti virus daemon detected new signatures and will reload them. match=la match=ded match=lo match=as match=se match=at match=ed match=oad match=clamd match=ect match=Data match=reloaded log=event:ClamAV-New_Signatures type:application