# Copyright 2006 Tenable Network Security
# This library may only be used with the LCE server and may not
# be used with other products or open source projects
#
# NAME:
# ClamAV Event log parser
#
# DESCRIPTION:
# This library is used to process logs from ClamAV on UNIX hosts
#
# LAST UPDATE: $Date$

id=300
name=The Clam AV scanner detected a virus. 
match=FO
match=clamd
match=la
match= FOUND
match=! HTML.Phishing.
match=! Trojan.
match=! Exploit.
match=! Worm.
match=! Adware.
log=event:ClamAV-Virus_Detected type:virus

NEXT

id=301
name=The Clam AV scanner detected clam a phishing attempt.
match=clamd
match=la
match= FOUND
match=FO
match=ing
match= HTML.Phishing
log=event:ClamAV-Phishing_Attempt_Detected type:spam

NEXT

id=302
name=The Clam AV scanner detected clam a trojan.
match=clamd
match=la
match= FOUND
match= Trojan.
match=FO
log=event:ClamAV-Trojan_Detected type:virus

NEXT

id=303
name=The Clam AV scanner detected an exploit.
match=clamd
match=la
match= FOUND
match=FO
match=lo
match= Exploit.
log=event:ClamAV-Exploit_Detected type:virus

NEXT

id=304
name=The Clam AV scanner detected a worm.
match=clamd
match=la
match=FO
match= FOUND
match= Worm.
log=event:ClamAV-Worm_Detected type:virus

NEXT

id=305
name=The Clam AV scanner detected adware.
match=clamd
match=la
match=FO
match= FOUND
match=ar
match= Adware.
log=event:ClamAV-Adware_Detected type:spam

NEXT

id=307
name=The Clam AV scanner detected a Spam attempt.
match=CL
match=CLAMAV
match=un
match=ound
match=fo
match=ou
match=oun
match= Spam found (
log=event:ClamAV-Spam_Detected type:spam

NEXT

id=308
name=The Clam AV scanner detected a Spam attempt.
match=CL
match=CLAMAV
match=ing
match=un
match=ound
match=fo
match=ou
match=oun
match= Phishing found (
log=event:ClamAV-Phishing_Attempt_Detected type:spam

NEXT

id=309
name=The ClamAV anti virus daemon detected new signatures and will reload them. 
match=la
match=Se
match=lo
match=as
match=if
match=io
match=detected
match=at
match=Forcing
match=he
match=mod
match=on
match=tion
match=ing
match=ed
match=etected
match=mo
match=ic
match=cat
match=ti
match=ck
match=oad
match=clamd
match=ect
match=Data
match=ion
log=event:ClamAV-New_Signatures type:application

NEXT

id=320
name=The Clam AV scanner version is outdated. 
match=ClamAV installation is OUTDATED
match=AT
match=la
match=nstall
match=io
match=at
match=all
match=Cl
match=install
match=on
match=tion
match=sta
match=al
match=ll
match=ou
match=in
match=is
match=ti
match=ur
match=st
match=ion
log=event:ClamAV-Engine_Outdated type:error

NEXT

id=321
name=The Clam AV scanner version is outdated. 
match=la
match=ded
match=io
match=cal
match=es
match=ver
match=freshclam
match=Local version
log=event:ClamAV-Engine_Outdated type:error

NEXT

id=322
name=The ClamAV anti virus daemon detected new signatures and will reload them. 
match=la
match=ded
match=lo
match=as
match=se
match=at
match=ed
match=oad
match=clamd
match=ect
match=Data
match=reloaded
log=event:ClamAV-New_Signatures type:application