Event IDs generated by VirusScan Enterprise for Linux
Technical Articles ID:
KB78291
Last Modified: 7/5/2018
Environment
McAfee ePolicy Orchestrator 5.x
McAfee VirusScan Enterprise for Linux 2.0, 1.9
Summary
Event IDs sent to ePO:
Scan operation errors/notifications |
Event ID |
Description |
Severity |
1024 |
Malware detected/Notified |
High |
1025 |
Malware cleaned |
Medium |
1027 |
Malware deleted |
Medium |
1031 |
Infected file access denied/Blocked |
Medium |
1032 |
Infected file was moved to quarantine area |
Medium |
1045 |
Specified scan item is invalid or corrupted |
Info |
1046 |
File I/O errors |
Info |
1048 |
Scan reports general system error |
Info |
1049 |
Scan reported an internal application error |
Info |
1051 |
Unable to scan password protected |
Medium |
1087 |
On-access Scan started/enabled |
Info |
1088 |
On-access scan stopped/disabled |
Info |
1118 |
The update was successful |
Info |
1119 |
The update failed |
Info |
1120 |
The update is running |
Info |
1270 |
File infected. No cleaner available, quarantined successfully |
Medium |
1278 |
File infected. No cleaner available, file deleted successfully |
Medium |
1286 |
File infected. No cleaner available, continued scanning |
High |
1290 |
File infected. No cleaner available, OAS denied access |
High |
1294 |
File infected. Quarantine failed, delete failed |
High |
1295 |
File infected. Move failed, continued scanning |
High |
1296 |
File infected. Move failed, denied access and continued |
High |
1299 |
File infected. Delete failed, continued scanning (ODS) |
High |
1300 |
File infected. Delete failed, denied access and continued (OAS) |
High |
|
Events added in VSEL 1.9 (not available in previous versions): |
1059 |
Scan timeout |
Medium |
1202 |
On-demand scan started |
Info |
1203 |
On Demand scan ended |
Info |
1066 |
Task started ok (Info) - (Password Task Started) |
Info |
1068 |
Scheduled task was stopped. (Info) - (Password/ODS Task Stopped/Cancelled) |
Info |
1070 |
Task was successful. (Info) - (Password Task Completed Successfully) |
Info |
3015 |
Task reported an internal application error – (Password Task Failed due to some error) |
High |
System events logged in syslog:
Anti-Virus Engine error |
3000 |
Unknown value |
3001 |
Success |
3002 |
Terminate immediately |
3003 |
This platform does not support this function |
3004 |
Parameter passed invalid. |
3005 |
An allocation operation failed. |
3006 |
Request made to scan an object that did not exist etc. |
3007 |
Read error on boot/partition/file scan. |
3008 |
Support shared library load failed. |
3009 |
Virus Driver failed. |
3010 |
User quit program. |
3011 |
Mismatch of driver files. |
3012 |
A corrupted archive file error. |
3013 |
Engine has expired - needs updating. |
Scan Manager |
5000 |
No Error |
5001 |
Failed to create scanning factory reason. |
5002 |
Failed to load engine library |
5003 |
Failed to resolve engine library |
5004 |
Started factory |
5005 |
Started factory child id |
5006 |
Object is clean |
5007 |
Object is with detect, type, action, object, user, process, datVersion, datDate, engineVersion, extraDatCount, scanID |
5008 |
Failed to attach to the object source. |
5009 |
Failed to open the log file. |
5010 |
Missing/incorrect argument. |
5011 |
Failed to open on-demand file. |
5012 |
Scanned, excluded, infected, cleaned, cleanAttempts, cleanRequests, denied, repaired, deleted, renamed, quarantined, timeouts, errors, uptime, busy, wait. |
5013 |
Call to engine failed error code |
5014 |
Nailsd listening |
5015 |
Invalid port number |
5016 |
Failed to bind command |
5017 |
Failed to listen command |
5018 |
Opened kernel |
5019 |
Registered kernel |
5020 |
No engine path defined |
5021 |
No dat path defined |
5022 |
No scanner path defined |
5023 |
Missing configuration section |
5024 |
No source of objects to scan |
5025 |
Failed to send create child message active, free, init, max |
5026 |
Factory died pid, state |
5027 |
Failed to map kernel memory error no |
5028 |
More infections |
5029 |
Failed to get default extension list |
5030 |
Failed to attach to source |
5031 |
Failed to exec scanner factory command |
5032 |
Invalid custom section, no type given |
5033 |
Invalid custom entry |
5034 |
Failed to open source |
5035 |
Failed to parse exclude section |
5036 |
Failed to parse extension section |
5037 |
Failed to detach child process |
5038 |
Child exited unexpectedly exit code |
5039 |
Child exited unexpectedly status |
5040 |
Failed to get virus list |
5041 |
Configured with engine, dats, extensions, extra drivers. |
5042 |
Reloading profile |
5043 |
Failed to fcntl IPC pipe |
5044 |
Failed to fcntl SMC pipe |
5045 |
Failed to parse profile |
5046 |
Failed to fcntl status port |
5047 |
Unable to setuid. |
5048 |
Unable to setgid |
5049 |
Invalid uid |
5050 |
Failed to mmap DAT file |
5051 |
Open of failed |
5052 |
Start clean |
5053 |
No write access |
5054 |
Failed to stat |
5055 |
File changed |
5056 |
Not used |
5057 |
Has more cleaned objects |
5058 |
Object |
5059 |
Created child id, pid, engine, dats |
5060 |
Failed to move file |
5061 |
On-access scanning enabled |
5062 |
On-access scanning disabled |
5063 |
Failed to enable on-access scanning |
5064 |
Failed to disable on-access scanning |
5065 |
Not quarantining file, quarantine directory is not an absolute path |
5066 |
Not quarantining it is not an absolute path |
5067 |
Not quarantining, stat failed |
5068 |
Not quarantining, device has changed |
5069 |
Not quarantining, inode value has changed |
5070 |
Not quarantining, stat of file failed |
5071 |
Not quarantining, quarantine area is not a directory |
5072 |
Not quarantining, it is not on the same device as quarantine area |
5073 |
Not quarantining, it is already inside |
5074 |
Not quarantining, could not hardlink |
5075 |
Not quarantining, new hardlink is missing |
5076 |
Not quarantining, quarantine hardlink has inode, expected |
5077 |
Error unlinking while quitting quarantine |
5078 |
Not quarantining, failed to unlink original file while quarantining |
5079 |
Error unlinking while quitting quarantine |
5080 |
Quarantined, but failed to set permissions on quarantined file |
5081 |
Quarantined, but could not create metafile |
5082 |
Error generating quarantine name for { 0} |
5083 |
Object user, process |
5084 |
Failed to restart factory |
5085 |
Object user, process |
5086 |
Invalid value |
5087 |
Failed to create ODS socket |
5088 |
ODS IPC socket exists - unlinking |
5089 |
Failed to unlink existing ODS ipc socket. |
5090 |
Command process exited with status. |
5091 |
Failed to create new command process |
5092 |
End of file on command process pipe |
5093 |
Failed to perform listen on SSL |
5094 |
Command/Log IPC socket exists - unlinking |
5095 |
Command/Failed to unlink existing Log ipc socket { 0} { 2} ({ 1,number,integer}) |
5096 |
Timeout scanning for user using |
5097 |
License expired |
5098 |
Failed to open device |
5099 |
Failed to open |
5100 |
Failed to parse |
5101 |
Failed to bind to log socket |
5102 |
Not Scanned for user using |
5103 |
Unknown error for user using |
5104 |
Failed to create command handler local socket |
5105 |
Failed to bind command handler local socket |
5106 |
Failed to listen command handler local socket |
5107 |
No local command socket |
5108 |
No command sockets available |
5109 |
Boot device type has not been scanned |
5110 |
Failed to fcntl |
5111 |
Not quarantining, it is not a file mode |
5112 |
Quarantined |
5113 |
Engine initialisation problem, Engine, dats, extensions. |
5114 |
Failed to read from - while quaranting |
5115 |
Failed to write to while quaranting |
5116 |
Failed to delete after creating |
5117 |
Failed to delete while quarantining |
5118 |
Failed to create while quarantining |
5119 |
Failed to create while quarantining |
5120 |
Unknown error |
5121 |
Failed to seek while quarantining |
5122 |
Failed to parse configuration file |
5123 |
Failed to open |
5124 |
Failed to attach |
5125 |
Failed to register with kernel version |
5126 |
Timetook (mS) CPU to scan |
5127 |
Time took seconds to scan |
Logging Errors |
6000 |
No error |
6001 |
Failed to open the log file |
6002 |
No log section |
6003 |
No binPath defined |
6004 |
No pathname defined in |
6005 |
Missing/incorrect argument |
6006 |
Missing configuration section |
Configuration Errors |
7000 |
No Error |
7001 |
Failed to read configuration stream |
7002 |
Badly formatted configuration line: (missing colon) line |
7003 |
Badly formatted configuration line: (badly specified boolean value) line |
7004 |
Failed to open configuration file |
7005 |
Failed to write to configuration file |
7006 |
error parsing log settings, string component |
7007 |
Failed to stat file |
7008 |
Cannot start: already running since PID file exists |
7009 |
Cannot record startup: failed to create PID file |
7010 |
Failed to load library. |
7011 |
Missing symbol from library |
7012 |
Database error |
Exclusions and filtering errors |
8000 |
No error |
8001 |
No type in match. |
8002 |
Unknown type in match |
8003 |
Missing path match. |
8004 |
Missing user match. |
8005 |
Unknown user match. |
8006 |
Unknown mode. |
8007 |
No list value for mode. |
8008 |
Failed to compile regex. |
8009 |
Exclusion does not exist. |
8010 |
Exclusion does not match the real path. |
Monitoring error |
9000 |
No error |
9001 |
Failed to bind |
9002 |
Failed to listen |
9003 |
Failed to bind |
9004 |
Failed to listen |
9005 |
Child exited, code |
9006 |
Child failed to start |
IPC errors |
11000 |
No error |
11001 |
Exec of failed |
On-Demand scanner error |
12000 |
No error |
12001 |
Task missing configuration section |
12002 |
Task failed to open log file |
12003 |
Task no configuration entry |
12004 |
Task failed to connect to nailsd |
12005 |
Task failed to send request to nailsd |
12006 |
Task scanned error, clean. |
12007 |
Task Scanning |
12008 |
Task No task profile |
12009 |
Task Failed to open list of files |
12010 |
Task No input files |
12011 |
Task Failed to connect to command handler |
12012 |
Task Failed to scan all files |
12013 |
Task Failed to complete scan |
12014 |
Task Failed to open source file |
12015 |
Task starting |
12016 |
Task stopping |
12017 |
Task Completed, items detected in files, files timed out, files excluded, files cleaned, files had errors. |
12018 |
Task Command error. |
Command Processor errors |
13000 |
No error |
13001 |
Missing or incorrect argument. |
13002 |
Failed to open log file. |
13003 |
Failed to update nails Info |
Anti-virus engine scan errors |
14000 |
Unknown value, reason, uid, programPath, scanType |
14001 |
No scanning problems encountered. reason, uid, programPath, scanType |
14002 |
File does not have an extension recognized as executable object, reason, uid, programPath, scanType |
14003 |
File is locked by another process. Object, Reason, uid, ProgramPath, ScanType |
14004 |
File is encrypted and scanner is unable to decrypt. Object, reason, uid, programPath, scanType |
14005 |
File could be scanned if more memory was available. Object, reason, uid, programPath, scanType |
14006 |
The database failed (database possibly corrupt). Object, Reason, uid, ProgramPath, ScanType. |
14007 |
Critical engine failure. Object, reason, uid, programPath, scanType |
14008 |
Loading support DLL failed. Object, reason, uid, programPath, scanType |
14009 |
Permission denied to open the file. Object, reason, uid, programPath, scanType |
14010 |
The file is a link to itself. Object, reason, uid, programPath, scanType |
14011 |
The file is a Block/Char/FIFO special file. Object, reason, uid, programPath, scanType={4.EN_US} |
14012 |
Not the expected object (i.e. a directory when expected a file). Object, reason, uid, progr |
14013 |
Caller denied engine access to either scan or repair. Object, reason, uid, programPath, scanType |
14014 |
Object is zero length and is therefore unscannable (assumed clean). object, reason, uid, programPath, scanType |
14015 |
File is probably corrupted. Object, reason, uid, programPath, scanType |
14016 |
File deletion denied by the engine (compressed & office files). Object, reason, uid, programPath, scanType |
14017 |
File rename denied by the engine (compressed & office files). Object, reason, uid, programPath, scanType |
14018 |
No repair section in driver. Object, reason, uid, programPath, scanType |
14019 |
Compressed file is corrupted. Object, reason, uid, programPath, scanType |
14020 |
The file/directory is a symbolic link. Object, reason, uid, programPath, scanType |
14021 |
The file will be deleted on reboot. Object, reason, uid, programPath, scanType |
14022 |
The process does not exist. Object, reason, uid, programPath, scanType |
Task Scheduler errors |
15000 |
Unknown |
15001 |
Failed to open log file |
15002 |
Could not access configuration key |
15003 |
Updated with scheduled tasks |
15004 |
Could not safely identify VirusScan Enterprise For Linux entries in file, changes will be left in file |
15005 |
Failed to exec command |
15006 |
Running scheduled task id. |
15007 |
Not installing new crontab file. Reason: failed to backup original. |
15008 |
Failed to install new crontab file. Reason: rename failed. |
15009 |
{ 0} |
15010 |
{ 0} |
15011 |
Could not determine the task id from the given text. |
15012 |
{ 0} |
SMTP Alerting errors |
16000 |
Failed to read section { 0} in configuration file { FILENAME}, using default settings |
16001 |
Failed to create SMTP alert manager, SMTP alerts will not be generated |
16002 |
Failed to allocate memory for alert |
16003 |
Failed to write spool file for SMTP alert |
16004 |
Failed to send SMTP alert to { 0} |
16005 |
Failed to send SMTP alert to { 0}. The alert was not sent to any recipient |
16006 |
Failed to connect to SMTP server |
16007 |
Failed to delete spool file { 0} for SMTP alert |
16008 |
Too many queued SMTP alerts, alert suppressed |
Error Ranges |
Range |
Error Categories |
Description |
1000 - 1999 |
Scan operation |
Errors and notifications that occur while scanning files. |
3000 - 3999 |
Anti-virus Engine errors |
Errors which occur during scanning or cleaning reported by the anti-virus scan engine. |
5000 - 5999 |
Scan Manager |
Errors reported by the nailsd process which controls the scanners. |
6000 - 6999 |
Logging errors |
Errors reported by the logging subsystem. If the error logging system fails, errors will be redirected to syslog. |
7000 - 7999 |
Configuration errors |
Errors found when parsing values in the configuration files. |
8000 - 8999 |
Exclusions and filtering errors |
Errors found when processing the information to do with excluding files form scanning, or defining which extensions to scan. |
9000 - 9999 |
Monitoring errors |
Errors reported by the monitoring processes providing administration of the product. |
11000 - 11999 |
IPC errors |
Errors reported during inter-process communication |
12000 - 12999 |
On-Demand scanner errors |
Errors reported by the on-demand scanner. |
13000 - 13999 |
Command processor errors |
Internal errors with respect the commands used during inter-process communication. |
14000 - 14999 |
Anti-virus Engine scan errors |
Errors report by the anti-virus engine when processing a specific file. |
15000 - 15999 |
Task Scheduler errors |
Errors reported by the task scheduler. |
16000 - 16999 |
SMTP Alerting errors |
Errors reported by the SMTP alerting component. |
|