Event IDs generated by VirusScan Enterprise for Linux
Technical Articles ID:
KB78291
Last Modified: 7/5/2018
Environment
McAfee ePolicy Orchestrator 5.x
McAfee VirusScan Enterprise for Linux 2.0, 1.9
Summary
Event IDs sent to ePO:
| Scan operation errors/notifications |
| Event ID |
Description |
Severity |
| 1024 |
Malware detected/Notified |
High |
| 1025 |
Malware cleaned |
Medium |
| 1027 |
Malware deleted |
Medium |
| 1031 |
Infected file access denied/Blocked |
Medium |
| 1032 |
Infected file was moved to quarantine area |
Medium |
| 1045 |
Specified scan item is invalid or corrupted |
Info |
| 1046 |
File I/O errors |
Info |
| 1048 |
Scan reports general system error |
Info |
| 1049 |
Scan reported an internal application error |
Info |
| 1051 |
Unable to scan password protected |
Medium |
| 1087 |
On-access Scan started/enabled |
Info |
| 1088 |
On-access scan stopped/disabled |
Info |
| 1118 |
The update was successful |
Info |
| 1119 |
The update failed |
Info |
| 1120 |
The update is running |
Info |
| 1270 |
File infected. No cleaner available, quarantined successfully |
Medium |
| 1278 |
File infected. No cleaner available, file deleted successfully |
Medium |
| 1286 |
File infected. No cleaner available, continued scanning |
High |
| 1290 |
File infected. No cleaner available, OAS denied access |
High |
| 1294 |
File infected. Quarantine failed, delete failed |
High |
| 1295 |
File infected. Move failed, continued scanning |
High |
| 1296 |
File infected. Move failed, denied access and continued |
High |
| 1299 |
File infected. Delete failed, continued scanning (ODS) |
High |
| 1300 |
File infected. Delete failed, denied access and continued (OAS) |
High |
| |
| Events added in VSEL 1.9 (not available in previous versions): |
| 1059 |
Scan timeout |
Medium |
| 1202 |
On-demand scan started |
Info |
| 1203 |
On Demand scan ended |
Info |
| 1066 |
Task started ok (Info) - (Password Task Started) |
Info |
| 1068 |
Scheduled task was stopped. (Info) - (Password/ODS Task Stopped/Cancelled) |
Info |
| 1070 |
Task was successful. (Info) - (Password Task Completed Successfully) |
Info |
| 3015 |
Task reported an internal application error – (Password Task Failed due to some error) |
High |
System events logged in syslog:
| Anti-Virus Engine error |
| 3000 |
Unknown value |
| 3001 |
Success |
| 3002 |
Terminate immediately |
| 3003 |
This platform does not support this function |
| 3004 |
Parameter passed invalid. |
| 3005 |
An allocation operation failed. |
| 3006 |
Request made to scan an object that did not exist etc. |
| 3007 |
Read error on boot/partition/file scan. |
| 3008 |
Support shared library load failed. |
| 3009 |
Virus Driver failed. |
| 3010 |
User quit program. |
| 3011 |
Mismatch of driver files. |
| 3012 |
A corrupted archive file error. |
| 3013 |
Engine has expired - needs updating. |
| Scan Manager |
| 5000 |
No Error |
| 5001 |
Failed to create scanning factory reason. |
| 5002 |
Failed to load engine library |
| 5003 |
Failed to resolve engine library |
| 5004 |
Started factory |
| 5005 |
Started factory child id |
| 5006 |
Object is clean |
| 5007 |
Object is with detect, type, action, object, user, process, datVersion, datDate, engineVersion, extraDatCount, scanID |
| 5008 |
Failed to attach to the object source. |
| 5009 |
Failed to open the log file. |
| 5010 |
Missing/incorrect argument. |
| 5011 |
Failed to open on-demand file. |
| 5012 |
Scanned, excluded, infected, cleaned, cleanAttempts, cleanRequests, denied, repaired, deleted, renamed, quarantined, timeouts, errors, uptime, busy, wait. |
| 5013 |
Call to engine failed error code |
| 5014 |
Nailsd listening |
| 5015 |
Invalid port number |
| 5016 |
Failed to bind command |
| 5017 |
Failed to listen command |
| 5018 |
Opened kernel |
| 5019 |
Registered kernel |
| 5020 |
No engine path defined |
| 5021 |
No dat path defined |
| 5022 |
No scanner path defined |
| 5023 |
Missing configuration section |
| 5024 |
No source of objects to scan |
| 5025 |
Failed to send create child message active, free, init, max |
| 5026 |
Factory died pid, state |
| 5027 |
Failed to map kernel memory error no |
| 5028 |
More infections |
| 5029 |
Failed to get default extension list |
| 5030 |
Failed to attach to source |
| 5031 |
Failed to exec scanner factory command |
| 5032 |
Invalid custom section, no type given |
| 5033 |
Invalid custom entry |
| 5034 |
Failed to open source |
| 5035 |
Failed to parse exclude section |
| 5036 |
Failed to parse extension section |
| 5037 |
Failed to detach child process |
| 5038 |
Child exited unexpectedly exit code |
| 5039 |
Child exited unexpectedly status |
| 5040 |
Failed to get virus list |
| 5041 |
Configured with engine, dats, extensions, extra drivers. |
| 5042 |
Reloading profile |
| 5043 |
Failed to fcntl IPC pipe |
| 5044 |
Failed to fcntl SMC pipe |
| 5045 |
Failed to parse profile |
| 5046 |
Failed to fcntl status port |
| 5047 |
Unable to setuid. |
| 5048 |
Unable to setgid |
| 5049 |
Invalid uid |
| 5050 |
Failed to mmap DAT file |
| 5051 |
Open of failed |
| 5052 |
Start clean |
| 5053 |
No write access |
| 5054 |
Failed to stat |
| 5055 |
File changed |
| 5056 |
Not used |
| 5057 |
Has more cleaned objects |
| 5058 |
Object |
| 5059 |
Created child id, pid, engine, dats |
| 5060 |
Failed to move file |
| 5061 |
On-access scanning enabled |
| 5062 |
On-access scanning disabled |
| 5063 |
Failed to enable on-access scanning |
| 5064 |
Failed to disable on-access scanning |
| 5065 |
Not quarantining file, quarantine directory is not an absolute path |
| 5066 |
Not quarantining it is not an absolute path |
| 5067 |
Not quarantining, stat failed |
| 5068 |
Not quarantining, device has changed |
| 5069 |
Not quarantining, inode value has changed |
| 5070 |
Not quarantining, stat of file failed |
| 5071 |
Not quarantining, quarantine area is not a directory |
| 5072 |
Not quarantining, it is not on the same device as quarantine area |
| 5073 |
Not quarantining, it is already inside |
| 5074 |
Not quarantining, could not hardlink |
| 5075 |
Not quarantining, new hardlink is missing |
| 5076 |
Not quarantining, quarantine hardlink has inode, expected |
| 5077 |
Error unlinking while quitting quarantine |
| 5078 |
Not quarantining, failed to unlink original file while quarantining |
| 5079 |
Error unlinking while quitting quarantine |
| 5080 |
Quarantined, but failed to set permissions on quarantined file |
| 5081 |
Quarantined, but could not create metafile |
| 5082 |
Error generating quarantine name for { 0} |
| 5083 |
Object user, process |
| 5084 |
Failed to restart factory |
| 5085 |
Object user, process |
| 5086 |
Invalid value |
| 5087 |
Failed to create ODS socket |
| 5088 |
ODS IPC socket exists - unlinking |
| 5089 |
Failed to unlink existing ODS ipc socket. |
| 5090 |
Command process exited with status. |
| 5091 |
Failed to create new command process |
| 5092 |
End of file on command process pipe |
| 5093 |
Failed to perform listen on SSL |
| 5094 |
Command/Log IPC socket exists - unlinking |
| 5095 |
Command/Failed to unlink existing Log ipc socket { 0} { 2} ({ 1,number,integer}) |
| 5096 |
Timeout scanning for user using |
| 5097 |
License expired |
| 5098 |
Failed to open device |
| 5099 |
Failed to open |
| 5100 |
Failed to parse |
| 5101 |
Failed to bind to log socket |
| 5102 |
Not Scanned for user using |
| 5103 |
Unknown error for user using |
| 5104 |
Failed to create command handler local socket |
| 5105 |
Failed to bind command handler local socket |
| 5106 |
Failed to listen command handler local socket |
| 5107 |
No local command socket |
| 5108 |
No command sockets available |
| 5109 |
Boot device type has not been scanned |
| 5110 |
Failed to fcntl |
| 5111 |
Not quarantining, it is not a file mode |
| 5112 |
Quarantined |
| 5113 |
Engine initialisation problem, Engine, dats, extensions. |
| 5114 |
Failed to read from - while quaranting |
| 5115 |
Failed to write to while quaranting |
| 5116 |
Failed to delete after creating |
| 5117 |
Failed to delete while quarantining |
| 5118 |
Failed to create while quarantining |
| 5119 |
Failed to create while quarantining |
| 5120 |
Unknown error |
| 5121 |
Failed to seek while quarantining |
| 5122 |
Failed to parse configuration file |
| 5123 |
Failed to open |
| 5124 |
Failed to attach |
| 5125 |
Failed to register with kernel version |
| 5126 |
Timetook (mS) CPU to scan |
| 5127 |
Time took seconds to scan |
| Logging Errors |
| 6000 |
No error |
| 6001 |
Failed to open the log file |
| 6002 |
No log section |
| 6003 |
No binPath defined |
| 6004 |
No pathname defined in |
| 6005 |
Missing/incorrect argument |
| 6006 |
Missing configuration section |
| Configuration Errors |
| 7000 |
No Error |
| 7001 |
Failed to read configuration stream |
| 7002 |
Badly formatted configuration line: (missing colon) line |
| 7003 |
Badly formatted configuration line: (badly specified boolean value) line |
| 7004 |
Failed to open configuration file |
| 7005 |
Failed to write to configuration file |
| 7006 |
error parsing log settings, string component |
| 7007 |
Failed to stat file |
| 7008 |
Cannot start: already running since PID file exists |
| 7009 |
Cannot record startup: failed to create PID file |
| 7010 |
Failed to load library. |
| 7011 |
Missing symbol from library |
| 7012 |
Database error |
| Exclusions and filtering errors |
| 8000 |
No error |
| 8001 |
No type in match. |
| 8002 |
Unknown type in match |
| 8003 |
Missing path match. |
| 8004 |
Missing user match. |
| 8005 |
Unknown user match. |
| 8006 |
Unknown mode. |
| 8007 |
No list value for mode. |
| 8008 |
Failed to compile regex. |
| 8009 |
Exclusion does not exist. |
| 8010 |
Exclusion does not match the real path. |
| Monitoring error |
| 9000 |
No error |
| 9001 |
Failed to bind |
| 9002 |
Failed to listen |
| 9003 |
Failed to bind |
| 9004 |
Failed to listen |
| 9005 |
Child exited, code |
| 9006 |
Child failed to start |
| IPC errors |
| 11000 |
No error |
| 11001 |
Exec of failed |
| On-Demand scanner error |
| 12000 |
No error |
| 12001 |
Task missing configuration section |
| 12002 |
Task failed to open log file |
| 12003 |
Task no configuration entry |
| 12004 |
Task failed to connect to nailsd |
| 12005 |
Task failed to send request to nailsd |
| 12006 |
Task scanned error, clean. |
| 12007 |
Task Scanning |
| 12008 |
Task No task profile |
| 12009 |
Task Failed to open list of files |
| 12010 |
Task No input files |
| 12011 |
Task Failed to connect to command handler |
| 12012 |
Task Failed to scan all files |
| 12013 |
Task Failed to complete scan |
| 12014 |
Task Failed to open source file |
| 12015 |
Task starting |
| 12016 |
Task stopping |
| 12017 |
Task Completed, items detected in files, files timed out, files excluded, files cleaned, files had errors. |
| 12018 |
Task Command error. |
| Command Processor errors |
| 13000 |
No error |
| 13001 |
Missing or incorrect argument. |
| 13002 |
Failed to open log file. |
| 13003 |
Failed to update nails Info |
| Anti-virus engine scan errors |
| 14000 |
Unknown value, reason, uid, programPath, scanType |
| 14001 |
No scanning problems encountered. reason, uid, programPath, scanType |
| 14002 |
File does not have an extension recognized as executable object, reason, uid, programPath, scanType |
| 14003 |
File is locked by another process. Object, Reason, uid, ProgramPath, ScanType |
| 14004 |
File is encrypted and scanner is unable to decrypt. Object, reason, uid, programPath, scanType |
| 14005 |
File could be scanned if more memory was available. Object, reason, uid, programPath, scanType |
| 14006 |
The database failed (database possibly corrupt). Object, Reason, uid, ProgramPath, ScanType. |
| 14007 |
Critical engine failure. Object, reason, uid, programPath, scanType |
| 14008 |
Loading support DLL failed. Object, reason, uid, programPath, scanType |
| 14009 |
Permission denied to open the file. Object, reason, uid, programPath, scanType |
| 14010 |
The file is a link to itself. Object, reason, uid, programPath, scanType |
| 14011 |
The file is a Block/Char/FIFO special file. Object, reason, uid, programPath, scanType={4.EN_US} |
| 14012 |
Not the expected object (i.e. a directory when expected a file). Object, reason, uid, progr |
| 14013 |
Caller denied engine access to either scan or repair. Object, reason, uid, programPath, scanType |
| 14014 |
Object is zero length and is therefore unscannable (assumed clean). object, reason, uid, programPath, scanType |
| 14015 |
File is probably corrupted. Object, reason, uid, programPath, scanType |
| 14016 |
File deletion denied by the engine (compressed & office files). Object, reason, uid, programPath, scanType |
| 14017 |
File rename denied by the engine (compressed & office files). Object, reason, uid, programPath, scanType |
| 14018 |
No repair section in driver. Object, reason, uid, programPath, scanType |
| 14019 |
Compressed file is corrupted. Object, reason, uid, programPath, scanType |
| 14020 |
The file/directory is a symbolic link. Object, reason, uid, programPath, scanType |
| 14021 |
The file will be deleted on reboot. Object, reason, uid, programPath, scanType |
| 14022 |
The process does not exist. Object, reason, uid, programPath, scanType |
| Task Scheduler errors |
| 15000 |
Unknown |
| 15001 |
Failed to open log file |
| 15002 |
Could not access configuration key |
| 15003 |
Updated with scheduled tasks |
| 15004 |
Could not safely identify VirusScan Enterprise For Linux entries in file, changes will be left in file |
| 15005 |
Failed to exec command |
| 15006 |
Running scheduled task id. |
| 15007 |
Not installing new crontab file. Reason: failed to backup original. |
| 15008 |
Failed to install new crontab file. Reason: rename failed. |
| 15009 |
{ 0} |
| 15010 |
{ 0} |
| 15011 |
Could not determine the task id from the given text. |
| 15012 |
{ 0} |
| SMTP Alerting errors |
| 16000 |
Failed to read section { 0} in configuration file { FILENAME}, using default settings |
| 16001 |
Failed to create SMTP alert manager, SMTP alerts will not be generated |
| 16002 |
Failed to allocate memory for alert |
| 16003 |
Failed to write spool file for SMTP alert |
| 16004 |
Failed to send SMTP alert to { 0} |
| 16005 |
Failed to send SMTP alert to { 0}. The alert was not sent to any recipient |
| 16006 |
Failed to connect to SMTP server |
| 16007 |
Failed to delete spool file { 0} for SMTP alert |
| 16008 |
Too many queued SMTP alerts, alert suppressed |
| Error Ranges |
| Range |
Error Categories |
Description |
| 1000 - 1999 |
Scan operation |
Errors and notifications that occur while scanning files. |
| 3000 - 3999 |
Anti-virus Engine errors |
Errors which occur during scanning or cleaning reported by the anti-virus scan engine. |
| 5000 - 5999 |
Scan Manager |
Errors reported by the nailsd process which controls the scanners. |
| 6000 - 6999 |
Logging errors |
Errors reported by the logging subsystem. If the error logging system fails, errors will be redirected to syslog. |
| 7000 - 7999 |
Configuration errors |
Errors found when parsing values in the configuration files. |
| 8000 - 8999 |
Exclusions and filtering errors |
Errors found when processing the information to do with excluding files form scanning, or defining which extensions to scan. |
| 9000 - 9999 |
Monitoring errors |
Errors reported by the monitoring processes providing administration of the product. |
| 11000 - 11999 |
IPC errors |
Errors reported during inter-process communication |
| 12000 - 12999 |
On-Demand scanner errors |
Errors reported by the on-demand scanner. |
| 13000 - 13999 |
Command processor errors |
Internal errors with respect the commands used during inter-process communication. |
| 14000 - 14999 |
Anti-virus Engine scan errors |
Errors report by the anti-virus engine when processing a specific file. |
| 15000 - 15999 |
Task Scheduler errors |
Errors reported by the task scheduler. |
| 16000 - 16999 |
SMTP Alerting errors |
Errors reported by the SMTP alerting component. |
|
