Relevant ClamAV Message

calendar Aug 12, 2024 · attack.resource-development attack.t1588.001  ·
Share on: linkedin copy

Detects relevant ClamAV messages

Sigma rule (View on GitHub)

 1title: Relevant ClamAV Message
 2id: 36aa86ca-fd9d-4456-814e-d3b1b8e1e0bb
 3status: stable
 4description: Detects relevant ClamAV messages
 5references:
 6    - https://github.com/ossec/ossec-hids/blob/1ecffb1b884607cb12e619f9ab3c04f530801083/etc/rules/clam_av_rules.xml
 7author: Florian Roth (Nextron Systems)
 8date: 2017-03-01
 9tags:
10    - attack.resource-development
11    - attack.t1588.001
12logsource:
13    product: linux
14    service: clamav
15detection:
16    keywords:
17        - 'Trojan*FOUND'
18        - 'VirTool*FOUND'
19        - 'Webshell*FOUND'
20        - 'Rootkit*FOUND'
21        - 'Htran*FOUND'
22    condition: keywords
23falsepositives:
24    - Unknown
25level: high

References

Related rules

to-top