03-05-2009 02:30 PM
Hello,
How can I see the files that were infected and wich were recognized by the antivirus?
With the command “get av statistics” I see this:
No Scan: Max Msg: 0No Scan: Max Content Size: 6Fwd to Scan Engine: Total: 69234Fwd to Scan Engine (scan-all): 0Fwd to Scan Engine (scan-intelligent): 69226Fwd to Scan Engine (scan-ext): 0Scan Code: Clear 68961Scan Code: Infect 230
Is there any report of these 230 files?
Thanks.
03-06-2009 10:54 AM
Hi
Actually, I think you need to review the "get event" log output to determine if virus has been detected.
The event log is going to look something like this :
address〉:〈string〉%.64s〈string〉 file %.64s virus 〈string〉
Meaning The AV scanner has detected a virus in the traffic from the specified
source IP address and port number to the specified destination IP
address and port number. The text string at the end of the message
contains the name
The full Netscreen Event log can also be downloaded from the following go to the section on "CLI & Messages":
http://www.juniper.net/techpubs/software/screenos/screenos6.0.0/index.html#CLI
Ref to Chtp 6 : Antivirus
