|Main Archive Page > Month Archives > clamav-users archives|
-----BEGIN PGP SIGNED MESSAGE-----
My own experience with Clamav has been that it clearly identifies the location of a virus during a scan. However if you want to know the details of file access (who or what did something unusual and when) you may be better off with having both Tripwire and Clamav working on your system.
Tripwire is a security system and would handle the details. Tripwire would have to become aware of Clamav and it's function but once that's been done your system would be pretty tight as Tripwire educated you what else needed to be shut down or ports locked so that your system is secure. The reporting capacity of OST surpasses that of Clamav and can provide details (such as you requested) which Clamav is not designed for, not that I noticed any way.
Everyone is familiar with the commercial version of Tripwire which is very useful however as this is also Open Source Tripwire (OST). OST and Clamav together could be very useful combination.
It is here: http://sourceforge.net/projects/tripwire/
Of course, like any open source project OST can be recompiled to run on PowerPC systems such as the Cell. Here's some more information for your consideration: http://www.tripwire.com/products/enterprise/ ost/http://www.tripwire.com/products/enterprise/ost/
On Oct 16, 2007, at 1:11 PM, Sean McGlynn wrote:
> I am looking for better information when notified by ClamAV that a
> virus has been detected. Thus far I have VirusEvent /bin/echo
> "VIRUS ALERT: ClamAV found %v." | /bin/mail -s "ClamAV Virus
> Detection" -r ClamAV email@example.com, which basically
> tells me that a particular virus was detected. It would be far
> more useful if the notification included where the file resided,
> and perhaps who was attempting to access the file.
> Is there a way establish and include this information in the virus
> detection notification?
> Thank you.
> Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s
> user panel and lay it on us. http://surveylink.yahoo.com/gmrs/
> Help us build a comprehensive ClamAV guide: visit http://
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: Secured via PGP Charset: US-ASCII
-----END PGP SIGNATURE-----