2.3. ANTIVIRUS
2.3. ANTIVIRUS
These log messages refer to the ANTIVIRUS (Anti-virus related events) category.
2.3.1. virus_found (ID: 05800001)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
2.3.2. virus_found (ID: 05800002)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
Virus found in file <filename>. Virus Name: <virusname>. Signature:
<virussig>. Advisory ID: <advisoryid>.
A virus has been detected in a data stream. Since anti-virus is running
in protect mode, the data transfer will be aborted in order to protect the
receiver.
block_data
If the infected file is local, run anti-virus program to clean the file.
1
filename
virusname
virussig
advisoryid
[layer7_srcinfo]
[layer7_dstinfo]
ALG Module Name
ALG Session ID
Connection
WARNING
Virus found in file <filename>. Virus Name: <virusname>. Signature:
<virussig>. Advisory ID: <advisoryid>.
A virus has been detected in a data stream. Since anti-virus is running
in audit mode, the data transfer will be allowed to continue.
allow_data
If the infected file is local, run anti-virus program to clean the file.
1
filename
virusname
virussig
advisoryid
[layer7_srcinfo]
[layer7_dstinfo]
ALG Module Name
ALG Session ID
Connection
139
Chapter 2. Log Message Reference