store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Wed Sep 03, 2014 2:58 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 37 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: Virus Detected Alerts
Unread postPosted: Fri Sep 23, 2011 7:43 am 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 508
Location: Southampton, UK
Hey guys,

I've been getting lots of virus detected alerts emails:

Code:
Received From: s1->/var/log/messages
Rule: 52502 fired (level 8) -> "Virus detected"
Portion of the log(s):

Sep 23 08:08:24 s1 clamd[2546]: /var/spool/qscan/tmp/s1.youandtheweb.net131676170279818728/1316761702.18730-1.s1.youandtheweb.net: Sanesecurity.Phishing.Auction.2039.UNOFFICIAL FOUND


I'm assuming these are viruses attached to emails, and I'm also assuming that clamd and qscan will remove these prior to passing the email on to the recipient.

My question is, can I stop these alerts being sent to me on email. I never received them prior to the 3.0 update, but now it is an hourly event.

Some days I only get a few, others like today I've got 27 emails, all of which are these.

Thanks :)

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Fri Sep 23, 2011 10:37 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7893
Location: earth
It generally just quantines them, since clam doesnt have the ability to clean a message. You can turn off email for that event in the rule manager


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Fri Sep 23, 2011 1:26 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 508
Location: Southampton, UK
I remember I tried to do that a few times, but it didn't apply the changes.

I did post a support request about this, but never got a reply.

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Fri Sep 23, 2011 3:41 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3626
Location: Chantilly, VA
You may want to make sure you have the latest ASL, 3.0.13 is in testing and its got some updates to the rule manager.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Fri Sep 23, 2011 5:39 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 508
Location: Southampton, UK
Yeap. I run updates every night. Version is:-

Code:
ASL Version 3.0.12: CentOS 5 (SUPPORTED)


I tried to make the change again today, but no joy.
Here's a screen grab:

Image
(Sharing this image via dropbox. Will be deleted later)

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Fri Sep 23, 2011 5:55 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3626
Location: Chantilly, VA
Quote:
You may want to make sure you have the latest ASL, 3.0.13 is in testing and its got some updates to the rule manager.


3.0.13 has the updates. You have 3.0.12 installed.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Fri Sep 23, 2011 5:58 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 508
Location: Southampton, UK
I guess I'll have to wait till it is out of testing.

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Mon Oct 03, 2011 8:43 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
The rule manager isn't working for us either in 3.0.12. Changes don't get applied.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Mon Oct 03, 2011 8:47 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
And I can't find 3.0.13 in testing. :(

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Tue Oct 11, 2011 2:11 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
Ok, 3.0.13 has been released to testing for EL6 now and the rule manager seems to work in that version.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Tue Oct 11, 2011 5:49 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 508
Location: Southampton, UK
Excellant. I'm not sure if I've got access to testing, I'll take a look on my server.

Thanks

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Tue Oct 11, 2011 6:27 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3626
Location: Chantilly, VA
Testing is always open to all ASL users. You just need to enable the testing report in yum.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Thu Oct 13, 2011 7:11 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 508
Location: Southampton, UK
I yum updated last night and it appeared in the updates, so I must have it setup already.

Thanks guys :)

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Thu Oct 13, 2011 8:05 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
You probably just got it from the stable repo, since 3.0.13 is released now.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: Virus Detected Alerts
Unread postPosted: Thu Oct 13, 2011 8:10 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 508
Location: Southampton, UK
Well I just made the change to rule 52502 and turn email notification off, but it didn't appear to make any differnts. Certainly when I click on it a second time, it seem to have not applied the change.

I'll wait and see in the morning.

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 37 posts ]  Go to page 1, 2, 3  Next

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group