[clamav-users] Conflicting structured data detections
Frank Sfalanga Jr.
Frank at csiglobalvcard.com
Fri Aug 29 15:38:44 UTC 2014
Hello,
I'm getting conflicting reports of SSN found within log files. If I use
the '--detect-structured=yes' switch I get this result
root at CSI-app1:/var/log# clamscan -v -i -r --detect-structured=yes
auth.log.3
Scanning auth.log.3
auth.log.3: Heuristics.Structured.SSN FOUND
----------- SCAN SUMMARY -----------
Known viruses: 3513235
Engine version: 0.98.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 1.03 MB (ratio 0.00:1)
Time: 8.369 sec (0 m 8 s)
If I scan using the '--structured-ssn-format=2' switch I get no
detection of the SSN. Like this:
root at CSI-app1:/var/log# clamscan -v -i -r --structured-ssn-format=2
auth.log.3
Scanning auth.log.3
----------- SCAN SUMMARY -----------
Known viruses: 3513235
Engine version: 0.98.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 2.04 MB
Data read: 1.03 MB (ratio 1.97:1)
Time: 8.581 sec (0 m 8 s)
I've scanned the file using a RegEx and it seems clean.
root at CSI-app1:/var/log# cat auth.log.3 | grep '[0-9]\{3\}-[0-9]\{2
\}-[0-9]\{4\}'| wc -l
0
I use the '--detect-structured=yes' switch primarily to find CC# as we
are a PCI-DSS environment.
Any help appreciated.
Kind Regards,
-Frank
--------------------------------------------
System Specifics
Ubuntu Server 12.04.5LTS
ClamAV (Ubuntu Packages)
clamav 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2
clamav-base 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2
clamav-freshclam 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2
libclamav6 0.98.1+dfsg-4ubuntu1~ubuntu12.04.2
More information about the clamav-users
mailing list