Clamav Begin - virus detected

mist_firefly · **Posted:** Mon Sep 10, 2012 4:53 am

Hi,

Had these for a couple of days on the logwatch on plesk and need to find out how to fix it.

--------------------- Clamav Begin ------------------------

Viruses detected:
Atomicorp.honeypot.hex.php.cmdshell.unclassed.344.UNOFFICIAL: 24 Time(s)
......................................................................................................................

Any ideas? (what it means, what type of virus, where to find the information, what to do next)

Thanks

scott · **Posted:** Mon Sep 10, 2012 1:20 pm

That log is incomplete so there isnt really any information in it, did it actually write to syslog like that?

mikeshinn · **Posted:** Mon Sep 10, 2012 5:00 pm

I think thats the message from logwatch.

So ASL will display any clamav messages in the ASL gui, along with any details. Please log into asl, and search in the events window for any clamav events and let us know you see.

mist_firefly · **Posted:** Tue Sep 11, 2012 10:40 am

Not exactly sure what to look for in the ASL events as clamav has many entries.

Could you advice me please?
This mention in logwatch has been going on for more then a month.

mikeshinn · **Posted:** Tue Sep 11, 2012 2:50 pm

Thanks for the question, so you can search for clamav events a couple of different ways:

1) search for the word "clam" in the ASL gui

2) You can search for the specific rule IDs that are used for malware, 52502 is the big one.\

Attachment:

shot.png [ 191.34 KiB | Viewed 689 times ]

Clamav Begin - virus detected

Who is online