>From this mailing list... -----Original Message----- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Steven Morgan Sent: Wednesday, September 3, 2014 8:43 AM To: ClamAV users ML Subject: Re: [clamav-users] Conflicting structured data detections
Hi Frank, I've looked at the code. --structured-ssn-format alone does nothing. What is your result using both --structured-ssn-format and --detect-structured=yes? Also, I hear you about your regex scan. If you want to open a ticket at bugzilla.clamav.net and post your file, we can take a look at it. Thanks, Steve On Fri, Aug 29, 2014 at 11:38 AM, Frank Sfalanga Jr. < fr...@csiglobalvcard.com> wrote: > Hello, > > I'm getting conflicting reports of SSN found within log files. If I > use the '--detect-structured=yes' switch I get this result > > > root@CSI-app1:/var/log# clamscan -v -i -r --detect-structured=yes > auth.log.3 > Scanning auth.log.3 > auth.log.3: Heuristics.Structured.SSN FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 3513235 > Engine version: 0.98.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.00 MB > Data read: 1.03 MB (ratio 0.00:1) > Time: 8.369 sec (0 m 8 s) > > > > If I scan using the '--structured-ssn-format=2' switch I get no > detection of the SSN. Like this: > > root@CSI-app1:/var/log# clamscan -v -i -r --structured-ssn-format=2 > auth.log.3 > Scanning auth.log.3 > > ----------- SCAN SUMMARY ----------- > Known viruses: 3513235 > Engine version: 0.98.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 2.04 MB > Data read: 1.03 MB (ratio 1.97:1) > Time: 8.581 sec (0 m 8 s) > > I've scanned the file using a RegEx and it seems clean. > > root@CSI-app1:/var/log# cat auth.log.3 | grep '[0-9]\{3\}-[0-9]\{2 > \}-[0-9]\{4\}'| wc -l > 0 > > I use the '--detect-structured=yes' switch primarily to find CC# as we > are a PCI-DSS environment. > > Any help appreciated. > > Kind Regards, > > -Frank > -------------------------------------------- > System Specifics > > Ubuntu Server 12.04.5LTS > > ClamAV (Ubuntu Packages) > > clamav 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 > clamav-base 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 > clamav-freshclam 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 > libclamav6 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2 > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml