Linuxセキュリティフルエディションの検出メッセージ - F-Secure Community
<main> <article class="userContent"> <div> <h2 id="toc-hId--1328485962">質問</h2> <p>Linuxセキュリティフルエディションの検出メッセージはどのようなものがありますか?</p> </div><br><div> <h2 id="toc-hId--440982281">回答</h2> <p>以下のようなメッセージとなります。</p> <p> </p> <p> </p> <p>■リアルタイムスキャン<br>マルウェア検出(駆除の失敗)<br>Mar 19 13:20:23 localhost fsma: F-Secure Linux Security: Malicious code found in file /root/xxxxx.txt.#012Infection: EICAR_Test_File#012Action: failed.#012Both primary and secondary actions have failed#012 userinfo:uid 0/pid 26057/dpy :0.0<br><br>マルウェア検出(リネーム)<br>Mar 19 13:18:17 localhost fsma: F-Secure Linux Security: Malicious code found in file /root/xxxxx.txt.#012Infection: EICAR_Test_File#012Action: The file was renamed.#012/root/xxxxx.txt.virus#012 userinfo:uid 0/pid 25519/dpy :0.0<br><br>マルウェア検出(駆除)<br>Mar 19 13:26:48 localhost fsma: F-Secure Linux Security: Malicious code found in file /root/Disinfect/xxxxx.bin.#012Infection: Win32.Virtob.Gen.12#012Action: The file was disinfected.#012#012 userinfo:uid 0/pid 28224/dpy :0.0<br><br>マルウェア検出(削除)<br>Mar 19 13:30:12 localhost fsma: F-Secure Linux Security: Malicious code found in file /root/xxxxx.txt.#012Infection: EICAR_Test_File#012Action: The file was deleted.#012#012 userinfo:uid 0/pid 29215/dpy :0.0<br><br>マルウェア検出(レポート/アクセスをブロック)<br>Mar 19 13:34:56 localhost fsma: F-Secure Linux Security: Malicious code found in file /root/xxxxx.txt.#012Infection: EICAR_Test_File#012Action: none.#012#012 userinfo:uid 0/pid 30443/dpy :0.0<br><br>マルウェア検出(アクセスをブロック)<br>ログの出力はなし<br><br>リスクウェア検出(レポート/アクセスをブロック)<br>Mar 19 13:40:33 localhost fsma: F-Secure Linux Security: Riskware found in file /root/xxxxx.bin: Riskware:W32/PWDump.F.#012Action: none.#012#012 userinfo:uid 0/pid 31886/dpy :0.0<br><br>リスクウェア検出(リネーム)<br>Mar 19 13:43:08 localhost fsma: F-Secure Linux Security: Riskware found in file /root/xxxxx.bin.#012Infection: Riskware:W32/PWDump.F#012Action: The file was renamed.#012/root/d38c72914fa46d4b13b35b047bd13e248c41b09c.bin.riskware#012 userinfo:uid 0/pid 32459/dpy :0.0<br><br>リスクウェア検出(削除)<br>Mar 19 13:45:25 localhost fsma: F-Secure Linux Security: Riskware found in file /root/xxxxx.bin.#012Infection: Riskware:W32/PWDump.F#012Action: The file was deleted.#012#012 userinfo:uid 0/pid 557/dpy :0.0<br><br>リスクウェア検出(アクセスをブロック)<br>ログの出力はなし</p> <p> </p> <p> </p> <p>■マニュアルスキャン<br>マルウェア検出(駆除の失敗)<br>Mar 19 12:54:05 localhost fsma: F-Secure Security Platform: Malicious code found in file /root/xxxxx.txt.#012Infection: EICAR_Test_File#012Action: The scanner was unable to disinfect it.#012#012 userinfo:root<br><br>マルウェア検出(リネーム)<br>Mar 19 12:54:07 localhost fsma: F-Secure Security Platform: Malicious code found in file /root/xxxxx.txt.#012Infection: EICAR_Test_File#012Action: The file was renamed.#012#012 userinfo:root<br><br>マルウェア検出(駆除)<br>Mar 19 12:56:27 localhost fsma: F-Secure Security Platform: Malicious code found in file /root/xxxxx.bin.#012Infection: Win32.Virtob.Gen.12#012Action: The file was disinfected.#012#012 userinfo:root<br><br>マルウェア検出(削除)<br>Mar 19 13:07:04 localhost fsma: F-Secure Security Platform: Malicious code found in file /root/xxxxx.txt.#012Infection: EICAR_Test_File#012Action: The file was deleted.#012#012 userinfo:root<br><br>マルウェア検出(スキャンを中止)<br>Mar 19 13:10:56 localhost fsma: F-Secure Security Platform: Malicious code found in file /root/xxxxx.txt.#012Infection: EICAR_Test_File#012Action: The scan was aborted.#012#012 userinfo:root<br><br>マルウェア検出(カスタム)<br>Mar 19 13:54:51 localhost fsma: F-Secure Security Platform: Malicious code found in file /root/xxxxx.txt.#012Infection: EICAR_Test_File#012Action: Custom action was executed.#012#012 userinfo:root<br><br>リスクウェア検出(レポートのみ)<br>Mar 19 13:00:15 localhost fsma: F-Secure Security Platform: Riskware found in file /root/xxxxx.bin: Riskware:W32/PWDump.F.#012Action: none.#012#012 userinfo:root<br><br>リスクウェア検出(リネーム)<br>Mar 19 13:03:29 localhost fsma: F-Secure Security Platform: Riskware found in file /root/xxxxx.bin.#012Infection: Riskware:W32/PWDump.F#012Action: The file was renamed.#012#012 userinfo:root<br><br>リスクウェア検出(削除)<br>Mar 19 13:12:26 localhost fsma: F-Secure Security Platform: Riskware found in file /root/xxxxx.bin.riskware.#012Infection: Riskware:W32/PWDump.F#012Action: The file was deleted.#012#012 userinfo:root</p> </div> </article> </main>