![]() Based on configuration, freshclam checks hourly or daily.įreshclam should only terminate during a deployment. States that the virus database is up-to-date. These database files include the main.cld, daily.cld, and bytecode.cld files. States that freshclam could not download the latest uncompressed databases. States that the virus database is being updated. States that the freshclam app is checking the configured remote mirror for an update to the local virus signature database. The following tables lists common messages that you see when ClamAV apps write to log files: Message The log file for the clamonacc app is /var/vcap/sys/log/antivirus/. ![]() Any warnings of potential threats are logged in /var/vcap/sys/log/antivirus/. If On-Access scanning is enabled, the clamonacc app monitors the file system on the VM and alerts if a potentially malicious file is accessed.Ĭlamonacc output contains the initialization information only. The log file for the clamd app is /var/vcap/sys/log/antivirus/clamdscan.log. The messages output by the clamdscan app show when a clamdscan is initiated and writes a scan summary on completion. The clamdscan app scans files and directories for viruses using the clamd daemon. The log file for the clamd app is /var/vcap/sys/log/antivirus/. The messages output by the clamd app show files where viruses are found, the name of the virus signature, and any action taken (such as moving, copying, or deleting). The clamd job uses the database of virus signatures that the freshclam job updates. clamd works with clamdscan to scan files or directories. The Clam AntiVirus Daemon (clamd) listens for incoming connections on Unix or the TCP socket. The log file for the go-clam-tls app is /var/vcap/sys/log/antivirus/go-clam-tls.log. The messages output by the go-clam-tls app indicate when go-clam-tls checks for updates, what the download progress is, and the downloaded signature version. go-clam-tls uses mutual TLS (mTLS) and permits changing the port used for database updates. The go-clam-tls app performs the same role as the freshclam app for environments that use Anti-Virus Mirror for VMware Tanzu with Anti-Virus for VMware Tanzu. The log file for the freshclam app is /var/vcap/sys/log/antivirus/freshclam.log. The messages output by the freshclam app indicate when freshclam checks for updates, what the download progress is, and the downloaded signature version. The freshclam app updates the database that stores the known virus signatures. Then you can use your preferred monitoring and alerting tool to review the Anti-Virus log entries.įor an example of how Anti-Virus messages appear in the syslog file, see Syslog Format below.įor information about each app, see freshclam, go-clam-tls, clamd, and clamdscan below. VMware recommends that you enable syslog forwarding so that the messages from each of the log files is aggregated into the syslog file on the remote syslog server. You need to monitor each of these files to know if Anti-Virus is working correctly and if viruses have been found. ![]() ![]() If On-Access scanning is enabled for Linux, then an additional app is run: clamonacc.Įach app writes its own log file. The freshclam and go-clam-tls apps are mutually exclusive, but the other apps work together to detect viruses and protect the VM. There are four distinct Anti-Virus for VMware Tanzu apps that run on each VM: freshclam, go-clam-tls, clamd, and clamdscan. You can use these samples to configure a Security Information and Event Management (SIEM) system to verify regular activity and generate alerts for virus detections or outdated virus signatures. This topic contains sample logs emitted by Anti-Virus for VMware Tanzu.
0 Comments
Leave a Reply. |