Relevant ClamAV Message

Original Source: [Sigma source]
Title: Relevant ClamAV Message
Status: stable
Description:Detects relevant ClamAV messages
References:
  -https://github.com/ossec/ossec-hids/blob/1ecffb1b884607cb12e619f9ab3c04f530801083/etc/rules/clam_av_rules.xml
 Author: Florian Roth (Nextron Systems)
Date: 2017-03-01
modified:None
Tags:
  • -'attack.resource-development'
  • -'attack.t1588.001'
Logsource:
  • product: linux
  • service: clamav
Detection:
  keywords:
    - 'Trojan*FOUND'
    - 'VirTool*FOUND'
    - 'Webshell*FOUND'
    - 'Rootkit*FOUND'
    - 'Htran*FOUND'
  condition:keywords
Falsepositives:
  -Unknown
Level: high

© 2024 DetectionCode Website. All Rights Reserved.