cancel
Showing results for 
Search instead for 
Did you mean: 

Interpreting OnAccessScanLog.txt

Jump to solution

Our infrastructure support is out-sourced, we have VirusScan Enterprise 8.8.0.1247.  A user recently had an AV message pop up after opening a Word .docx email attachment, I was asked to have a look.  I grabbed the OnAccess log file and sure enough the last entry referred to Artemis.  Capture.JPG

I wasn't sure exactly what action had been taken?  I am assuming that the offending trojan and the word docx that contained it were both deleted and no harm done but want to be sure.

Also - and apologies if I seem real dumb - would like to know what all the Generic.Tra!  entries mean.  I notice in the whole log that these appear regularly and change from time to time and that each 'block' of entries appears to truncate after 1023 characters.  I think it's a list of all the virus signatures contained in the Extra.DAT file which (if I read right) changes over time and persists for about 30 days for the Artemis trojan, and the list gets truncated in the log. But it doesn't mean that there is an ongoing problem with these virus names on that user machine

If anyone can shed any light on this I'd be very grateful

Cheers

Peter

1 Solution

Accepted Solutions

Re: Re: Interpreting OnAccessScanLog.txt

Jump to solution


Hi Peter

you are correct in saying :

that 'this is a (truncated) list of the signatures in the current Extra.DAT file'.  And as the Extra.DAT file changes over time, so will these (truncated) listings.

8 Replies

Re: Interpreting OnAccessScanLog.txt

Jump to solution

Hi Peter :

Please see the below community post concerning the Generic.Tra . It provides a pretty good explanation:

Re: Interpreting OnAccessScanLog.txt

Jump to solution

Thanks koseelen, I guess I got too complicated above, my two basic questions were:

a. what action was taken on what file when the Artemis trojan was detected at 09:06:32 on 27th Oct

b. what does the listing of all the Generic.Tra! etc in the logfile mean - were these instances of malware detected by the scan which ran at (in this case) 06:20:35 on 27th Oct, or is it just a listing of the signatures contained in the current extra.dat file

Would appreciate if anyone could answer these.  Apologies if these seem real basic/dumb questions

Regards

Peter

Re: Interpreting OnAccessScanLog.txt

Jump to solution

Hi Peter

There is no such this as a dumb / basic question , we are all learning as we go along .

Could you provide me with the log file ?

Re: Re: Interpreting OnAccessScanLog.txt

Jump to solution

Yes here it is (I think - did that work?), I've changed the name slightly and also altered names and domains where mentioned in the logfile but otherwise is the original file

Thanks again

Re: Interpreting OnAccessScanLog.txt

Jump to solution

Hi Peter

The file was deleted :

10/27/2015    9:06:32 AM   Deleted     Domain\First.Last    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE    C:\Users\first.last\AppData\Roaming\FoHBNFh.exe    Artemis!0308EE643AAE (Trojan)

The Extra Dat signature contains the virus signatures for the respective Generic Tra.

Re: Re: Interpreting OnAccessScanLog.txt

Jump to solution

Thanks

So which file was Deleted  - was it FoHBNFh.exe?  I guess the alternatives to Deleted would have been Cleaned or Quarantined?

Re Generic.Tra!, yes I understand that Extra.DAT contains these signatures.  My question is what is the relevance of all those Generic.Tra entries in the logfile, what do they represent?  Do they represent that malware was detected, or do they simply mean that 'this is a (truncated) list of the signatures in the current Extra.DAT file'.  And as the Extra.DAT file changes over time, so will these (truncated) listings?

Sorry if I'm repeating myself

Regards

Peter

Re: Re: Interpreting OnAccessScanLog.txt

Jump to solution


Hi Peter

you are correct in saying :

that 'this is a (truncated) list of the signatures in the current Extra.DAT file'.  And as the Extra.DAT file changes over time, so will these (truncated) listings.

Re: Re: Interpreting OnAccessScanLog.txt

Jump to solution

Thank you!