[clamav-users] PLEASE REMOVE

YSPSC IT Tue, 02 Sep 2014 16:24:08 -0700

>From this mailing list...

-----Original Message-----
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf
Of Steven Morgan
Sent: Wednesday, September 3, 2014 8:43 AM
To: ClamAV users ML
Subject: Re: [clamav-users] Conflicting structured data detections


Hi Frank,

I've looked at the code. --structured-ssn-format alone does nothing. What is
your result using both --structured-ssn-format and --detect-structured=yes?

Also, I hear you about your regex scan. If you want to open a ticket at
bugzilla.clamav.net and post your file, we can take a look at it.

Thanks,
Steve


On Fri, Aug 29, 2014 at 11:38 AM, Frank Sfalanga Jr. <
fr...@csiglobalvcard.com> wrote:

> Hello,
>
> I'm getting conflicting reports of SSN found within log files.  If I 
> use the '--detect-structured=yes' switch I get this result
>
>
> root@CSI-app1:/var/log# clamscan -v -i -r --detect-structured=yes
> auth.log.3
> Scanning auth.log.3
> auth.log.3: Heuristics.Structured.SSN FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 3513235
> Engine version: 0.98.1
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 1.03 MB (ratio 0.00:1)
> Time: 8.369 sec (0 m 8 s)
>
>
>
> If I scan using the '--structured-ssn-format=2' switch I get no 
> detection of the SSN.  Like this:
>
> root@CSI-app1:/var/log# clamscan -v -i -r  --structured-ssn-format=2
> auth.log.3
> Scanning auth.log.3
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 3513235
> Engine version: 0.98.1
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 2.04 MB
> Data read: 1.03 MB (ratio 1.97:1)
> Time: 8.581 sec (0 m 8 s)
>
> I've scanned the file using a RegEx and it seems clean.
>
> root@CSI-app1:/var/log# cat auth.log.3 | grep '[0-9]\{3\}-[0-9]\{2 
> \}-[0-9]\{4\}'| wc -l
> 0
>
> I use the '--detect-structured=yes' switch primarily to find CC# as we 
> are a PCI-DSS environment.
>
> Any help appreciated.
>
> Kind Regards,
>
> -Frank
> --------------------------------------------
> System Specifics
>
> Ubuntu Server 12.04.5LTS
>
> ClamAV (Ubuntu Packages)
>
> clamav 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2
> clamav-base 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2
> clamav-freshclam 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2
> libclamav6 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2
>
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[clamav-users] PLEASE REMOVE

Reply via email to