The Found Viruses Log rule set is a nested rule set in the Default log handler rule set.
|Nested default rule set – Found Viruses Log
|Criteria – Always
The rule set contains the following rule.
Write found viruses.log
Antimalware.Infected equals true –> Continue —
Set User-Defined.logLine = DateTime.ToWebReporterString + “ ”” ...
FileSystemLogging.WriteLogEntry (User-Defined.logLine)<Found Viruses Log>
The rule uses an event to fill a log file entry with parameter values relating to web objects that are infected by viruses or other malware, such as virus names or IP addresses.
It uses another event to write this entry into a log file.
The log file entry is specified as a parameter in both events. The log that stores the log file is specified by the settings of the write event.
Values for the following parameters are set and logged by the events of the rule (properties used by the set event are shown in italics):
- Date and time — DateTime.ToWebReporterString
- User name — Authentication.UserName
- Client IP address — String.ReplaceIfEquals (IP.ToString(Client.IP), “”, “-”)
- Virus and malware names — List.OfString.ToString (Antimalware.VirusNames)
- URL — URL
The logging rule applies whenever a requested web object has been found to be infected. The two rule events for filling and writing a log entry are then executed.
Processing continues with the next rule or rule set.
Tags recommended by the template: article:topic