This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What to look for in Log file?

Joseph Lundstrom over 2 years ago

.
Background:
Linux Ubuntu 20.04.3

sudo savscan / -all -archive -dn -pua -eec -suspicious -bs -mbr -vv * -sc -c -b -rec -f

After Sophos scan was done, summary says:
174 errors were encountered

Questions:
How to define all 174 errors?
What to look for in Log file?

Reviewing Log file:
167 of 174 (96 percent) are defined:

23 (corrupt) Could not check
12 (virus scan failed) Could not check
2 Could not open
87 Password protected files
43 appears to be a 'zip bomb' Aborted checking
---------------------------------------------------
167 defined, see above
174 errors were encountered
---------------------------------------------------
7 files unaccounted for

How to define 7 files unaccounted for?
What to look for in Log file?
Why?
To define all 174 errors.

More:
63 PUAs were discovered. (Potentially Unwanted Applications), Like:

>>> PUA 'NirCmd' (of type Other) found in file
/media/user/c_Program Files (x86)/nircmd/nircmd.exe

and

18 viruses were discovered. but all
18 viruses are fake, and
18 fake viruses were inserted on purpose to
prove in a Log file that directory was being scanned, example,

>>> Virus 'EICAR-AV-Test' found in file
/media/user/HDD1863GB/e_EicarCom/eicar.com.txt

Questions:
How to define all 174 errors?
What to look for in Log file?

This thread was automatically locked due to age.

Parents

0 QC over 2 years ago

Hello Joseph Lundstrom,

question is, are your counts correct? Might be that you've missed or interpreted some lines. Without the log it's impossible to say where the assumed discrepancy comes from.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Joseph Lundstrom over 2 years ago in reply to QC

Hello Christian,
Thank you for responding.

QC> question is, are your counts correct?

Yes counts are correct. Because :
counted Log file errors manually via Ctrl-F and
counted Log file errors via Bash Ubuntu 20.04.3 commands

snippets from Bash:

dir2=' /home/u3/Desktop/Sophos_scan.txt ' ;

cat $dir2 | grep -ioc '>>> Virus' | tr '\n' ' ' ; echo " >>> Virus"

cat $dir2 | grep --color=always 'scanned in' ;

cat $dir2 | grep -ioc '(corrupt)' | tr '\n' ' ' ; echo "(corrupt) Could not check" ;

cat $dir2 | grep -ioc '(virus scan failed)' | tr '\n' ' ' ; echo "(virus scan failed) Could not check"

etc ,,,

Said differently,
Is there a Sophos document of phrases the
program generates to make the Log file?

What are all the phrases that
Sophos might generate in a Log file?

Examples of phrases discovered thus far:
(corrupt) Could not check
(virus scan failed) Could not check
Could not open
Password protected files
appears to be a 'zip bomb' Aborted checking
>>> PUA
>>> Virus

--
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Joseph Lundstrom over 2 years ago in reply to QC

Hello Christian,
Thank you for responding.

QC> question is, are your counts correct?

Yes counts are correct. Because :
counted Log file errors manually via Ctrl-F and
counted Log file errors via Bash Ubuntu 20.04.3 commands

snippets from Bash:

dir2=' /home/u3/Desktop/Sophos_scan.txt ' ;

cat $dir2 | grep -ioc '>>> Virus' | tr '\n' ' ' ; echo " >>> Virus"

cat $dir2 | grep --color=always 'scanned in' ;

cat $dir2 | grep -ioc '(corrupt)' | tr '\n' ' ' ; echo "(corrupt) Could not check" ;

cat $dir2 | grep -ioc '(virus scan failed)' | tr '\n' ' ' ; echo "(virus scan failed) Could not check"

etc ,,,

Said differently,
Is there a Sophos document of phrases the
program generates to make the Log file?

What are all the phrases that
Sophos might generate in a Log file?

Examples of phrases discovered thus far:
(corrupt) Could not check
(virus scan failed) Could not check
Could not open
Password protected files
appears to be a 'zip bomb' Aborted checking
>>> PUA
>>> Virus

--
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 QC over 2 years ago in reply to Joseph Lundstrom

Hello Joseph Lundstrom ,

counts are correct
well, that you get the same counts manually and with grep doesn't prove that you didn't miss certain errors.

phrases the program generates
AFAIK there is no documentation of all possible messages. Have a look at swpmess.dat that's in the same directory as sweep (the actual scanner).

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Joseph Lundstrom over 2 years ago in reply to QC

QC said:
Have a look at swpmess.dat that's in the same directory as sweep (the actual scanner).
Cancel
Vote Up 0 Vote Down

Cancel
0 Joseph Lundstrom over 2 years ago in reply to QC

QC said:

Have a look at swpmess.dat that's in the same directory as sweep (the actual scanner).

Found sweep at

/usr/local/bin/sweep 84.3 kB (84,320 bytes)

only 2 files in

/usr/local/bin/

/usr/local/bin/sweep 84.3 kB (84,320 bytes)

/usr/local/bin/savscan 84.3 kB (84,320 bytes)

No swpmess.dat file

searched computer / for swp

no hits for swp

fyi, Installed scanner from

sav-linux-free-9.tgz

369.4 MB (369,423,602 bytes)

--
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 2 years ago in reply to Joseph Lundstrom

Hello Joseph Lundstrom,

sorry, after install it's in /opt/sophos-av/lib/sav/ (in /usr/local/bin/ are only links, BTW).

Christian
Cancel
Vote Up 0 Vote Down

Cancel