Table of Contents
Advertisement
Appendix B
<ACTION> – action applied to the infected file. Depending on the action you
have preset for the infected files (see section B.2.2 on page 144), the
<ACTION> string can take the following values:
•
•
•
•
If you decide not to take any action on the infected file (the No Action option),
then the log record will contain only one line:
<DATE> <TIME> SYS:\TEST\MY_FILE.EXE : infected::
<NAME> (User : <USER_NAME>).
If for some reason the user-selected action cannot be applied to the infected file,
the log record will look as follows:
<DATE> <TIME> SYS:\TEST\MY_FILE.EXE : infected::
<NAME> (User : <USER_NAME>)
<DATE> <TIME> SYS:\TEST\MY_FILE.EXE : <FAILURE>,
where the <FAILURE> string can take the following values:
•
•
•
•
B.2.3.2. Messages Regarding Suspicious Files
In the event that a suspicious file is detected, the following record will be created
in the event log file:
<DATE> <TIME> SYS:\TEST\MY_FILE.EXE : suspicion
TYPE_<TYPE>,
where <TYPE> is one of the following strings:
Com – the file appears to be infected with an unidentified virus capable of
damaging com-files.
Exe – the file appears to be infected with an unidentified virus capable of
damaging exe-files.
ComExe – the file appears to be infected with an unidentified virus capable
of damaging COM and EXE file formats.
disinfected – the virus is removed
deleted – the file is deleted
removed – the file is quarantined
renamed – the file extension is changed to .vir (or .vi1, .vi2 etc.,
if a file with the same name existed).
Disinfection error
Deletion error
Quarantining error
Renaming error
149
Advertisement
Table of Contents
