Loading...

ナレッジセンター


VirusScanEnterpriseforLinuxで生成されるイベント一覧
技術的な記事 ID:  KB78291
最終更新:  2014/02/13
評価:


環境

McAfee VirusScan Enterprise for Linux  1.9, 1.7.1
ePolicy Orchestrator 5.0, 4.x

概要

以下がVirusScan Enterprise for Linux で生成されるイベントの一覧です。

解決策

ePO に送信されるイベントID:
Scan operation errors/notifications

Event ID

Description

1024

Malware detected/Notified

1025

Malware cleaned

1027

Malware deleted

1031

Infected file access denied/Blocked

1032

Infected file was moved to quarantine area

1045

Specified scan item is invalid or corrupted

1046

File I/O errors

1048

Scan reports general system error

1049

Scan reported an internal application error

1051

Unable to scan password protected

1087

On-access Scan started/enabled

1088

On-access scan stopped/disabled

1118

The update was successful

1119

The update failed

1120

The update is running

1270

File infected. No cleaner available, quarantined successfully

1278

File infected. No cleaner available, file deleted successfully

1286

File infected. No cleaner available, continued scanning

1290

File infected. No cleaner available, OAS denied access

1294

File infected. Quarantine failed, delete failed

1295

File infected. Move failed, continued scanning

1296

File infected. Move failed, denied access and continued

1299

File infected. Delete failed, continued scanning (ODS)

1300

File infected. Delete failed, denied access and continued (OAS)

 VSEL 1.9で追加されたイベント (以前のバージョンでは利用されません):

1059

Scan timeout

1202

On-demand scan started

1203

On Demand scan ended

1066

Task started ok (Info)    -  (Password Task Started)  

1068

Scheduled task was stopped. (Info)  - (Password/ODS Task Stopped/Cancelled)

1070

Task was successful. (Info)  - (Password Task Completed Successfully)

3015

Task reported an internal application error – (Password Task Failed due to some error)



syslog にログされるシステムイベント:
Anti-Virus Engine error
3000 Unknown value
3001 Success
3002 Terminate immediately
3003 This platform does not support this function
3004 Parameter passed invalid.
3005 An allocation operation failed.
3006 Request made to scan an object that did not exist etc.
3007 Read error on boot/partition/file scan.
3008 Support shared library load failed.
3009 Virus Driver failed.
3010 User quit program.
3011 Mismatch of driver files.
3012 A corrupted archive file error.
3013 Engine has expired - needs updating.


Scan Manager
5000 No Error
5001 Failed to create scanning factory reason.
5002 Failed to load engine library
5003 Failed to resolve engine library
5004 Started factory
5005 Started factory child id
5006 Object is clean
5007 Object is with detect, type, action, object, user, process, datVersion, datDate, engineVersion, extraDatCount, scanID
5008 Failed to attach to the object source.
5009 Failed to open the log file.
5010 Missing/incorrect argument.
5011 Failed to open on-demand file.
5012 Scanned, excluded, infected, cleaned, cleanAttempts, cleanRequests, denied, repaired, deleted, renamed, quarantined, timeouts, errors, uptime, busy, wait.
5013 Call to engine failed error code
5014 Nailsd listening
5015 Invalid port number
5016 Failed to bind command
5017 Failed to listen command
5018 Opened kernel
5019 Registered kernel
5020 No engine path defined
5021 No dat path defined
5022 No scanner path defined
5023 Missing configuration section
5024 No source of objects to scan
5025 Failed to send create child message active, free, init, max
5026 Factory died pid, state
5027 Failed to map kernel memory error no
5028 More infections
5029 Failed to get default extension list
5030 Failed to attach to source
5031 Failed to exec scanner factory command
5032 Invalid custom section, no type given
5033 Invalid custom entry
5034 Failed to open source
5035 Failed to parse exclude section
5036 Failed to parse extension section
5037 Failed to detach child process
5038 Child exited unexpectedly exit code
5039 Child exited unexpectedly status
5040 Failed to get virus list
5041 Configured with engine, dats, extensions, extra drivers.
5042 Reloading profile
5043 Failed to fcntl IPC pipe
5044 Failed to fcntl SMC pipe
5045 Failed to parse profile
5046 Failed to fcntl status port
5047 Unable to setuid.
5048 Unable to setgid
5049 Invalid uid
5050 Failed to mmap DAT file
 5051 Open of failed 
 5052 Start clean 
 5053 No write access 
 5054 Failed to stat 
 5055 File changed 
 5056 Not used 
 5057 Has more cleaned objects 
 5058 Object 
 5059 Created child id, pid, engine, dats 
 5060 Failed to move file 
 5061 On-access scanning enabled 
 5062  On-access scanning disabled
 5063  Failed to enable on-access scanning
 5064  Failed to disable on-access scanning
 5065  Not quarantining file, quarantine directory is not an absolute path
 5066  Not quarantining it is not an absolute path
 5067  Not quarantining, stat failed
 5068  Not quarantining, device has changed
 5069  Not quarantining, inode value has changed
 5070  Not quarantining, stat of file failed
 5071  Not quarantining, quarantine area is not a directory
 5072  Not quarantining, it is not on the same device as quarantine area
 5073  Not quarantining, it is already inside
 5074  Not quarantining, could not hardlink
 5075 Not quarantining, new hardlink is missing 
 5076  Not quarantining, quarantine hardlink has inode, expected
 5077  Error unlinking while quitting quarantine
 5078  Not quarantining, failed to unlink original file while quarantining
 5079  Error unlinking while quitting quarantine
 5080  Quarantined, but failed to set permissions on quarantined file
 5081  Quarantined, but could not create metafile
 5082  Error generating quarantine name for { 0}
 5083  Object user, process
 5084  Failed to restart factory
 5085  Object user, process
 5086  Invalid value
 5087  Failed to create ODS socket
 5088  ODS IPC socket exists - unlinking
 5089 Failed to unlink existing ODS ipc socket. 
 5090  Command process exited with status.
 5091 Failed to create new command process 
 5092  End of file on command process pipe
 5093  Failed to perform listen on SSL
 5094  Command/Log IPC socket exists - unlinking
 5095  Command/Failed to unlink existing Log ipc socket { 0} { 2} ({ 1,number,integer})
 5096  Timeout scanning for user using
 5097  License expired
 5098  Failed to open device
 5099  Failed to open
 5100  Failed to parse
 5101 Failed to bind to log socket 
 5102  Not Scanned for user using
 5103  Unknown error for user using
 5104  Failed to create command handler local socket
 5105  Failed to bind command handler local socket
 5106  Failed to listen command handler local socket
 5107  No local command socket
 5108  No command sockets available
 5109  Boot device type has not been scanned
 5110  Failed to fcntl
 5111  Not quarantining, it is not a file mode
 5112  Quarantined
 5113  Engine initialisation problem, Engine, dats, extensions.
 5114 Failed to read from - while quaranting 
 5115  Failed to write to while quaranting
 5116  Failed to delete after creating
 5117  Failed to delete while quarantining
 5118  Failed to create while quarantining
 5119  Failed to create while quarantining
 5120  Unknown error
 5121  Failed to seek while quarantining
 5122  Failed to parse configuration file
 5123  Failed to open
 5124  Failed to attach
 5125  Failed to register with kernel version
 5126 Timetook (mS) CPU to scan
 5127 Time took seconds to scan 



Logging Errors
6000 No error
6001 Failed to open the log file
6002 No log section
6003 No binPath defined
6004 No pathname defined in
6005 Missing/incorrect argument
6006 Missing configuration section


Configuration Errors
7000 No Error
7001 Failed to read configuration stream
7002 Badly formatted configuration line: (missing colon) line
7003 Badly formatted configuration line: (badly specified boolean value) line
7004 Failed to open configuration file
7005 Failed to write to configuration file
7006 error parsing log settings, string component
7007 Failed to stat file
7008 Cannot start: already running since PID file exists
7009 Cannot record startup: failed to create PID file
7010 Failed to load library.
7011 Missing symbol from library
7012 Database error


Exclusions and filtering errors
8000 No error
8001 No type in match.
8002 Unknown type in match
8003 Missing path match.
8004 Missing user match.
8005 Unknown user match.
8006 Unknown mode.
8007 No list value for mode.
8008 Failed to compile regex.
8009 Exclusion does not exist.
8010 Exclusion does not match the real path.


Monitoring error
9000 No error
9001 Failed to bind
9002 Failed to listen
9003 Failed to bind
9004 Failed to listen
9005 Child exited, code
9006 Child failed to start


IPC errors
11000 No error
11001 Exec of failed


On-Demand scanner error
12000 No error
12001 Task missing configuration section
12002 Task failed to open log file
12003 Task no configuration entry
12004 Task failed to connect to nailsd
12005 Task failed to send request to nailsd
12006 Task scanned error, clean.
12007 Task Scanning
12008 Task No task profile
12009 Task Failed to open list of files
12010 Task No input files
12011 Task Failed to connect to command handler
12012 Task Failed to scan all files
12013 Task Failed to complete scan
12014 Task Failed to open source file
12015 Task starting
12016 Task stopping
12017 Task Completed, items detected in files, files timed out, files excluded, files cleaned, files had errors.
12018 Task Command error.


Command Processor errors
13000 No error
13001 Missing or incorrect argument.
13002 Failed to open log file.
13003 Failed to update nails Info


Anti-virus engine scan errors
14000 Unknown value, reason, uid, programPath, scanType
14001 No scanning problems encountered. reason, uid, programPath, scanType
14002 File does not have an extension recognised as executable object, reason, uid, programPath, scanType
14003 File is locked by another process. Object, Reason, uid, ProgramPath, ScanType
14004 File is encrypted and scanner is unable to decrypt. Object, reason, uid, programPath, scanType
14005 File could be scanned if more memory was available. Object, reason, uid, programPath, scanType
14006 The database failed (database possibly corrupt). Object, Reason, uid, ProgramPath, ScanType.
14007 Critical engine failure. Object, reason, uid, programPath, scanType
14008 Loading support DLL failed. Object, reason, uid, programPath, scanType
14009 Permission denied to open the file. Object, reason, uid, programPath, scanType
14010 The file is a link to itself. Object, reason, uid, programPath, scanType
14011 The file is a Block/Char/FIFO special file. Object, reason, uid, programPath, scanType={4}
14012 Not the expected object (i.e. a directory when expected a file). Object, reason, uid, progr
14013 Caller denied engine access to either scan or repair. Object, reason, uid, programPath, scanType
14014 Object is zero length and is therefore unscannable (assumed clean). object, reason, uid, programPath, scanType
14015 File is probably corrupted. Object, reason, uid, programPath, scanType
14016 File deletion denied by the engine (compressed & office files). Object, reason, uid, programPath, scanType
14017 File rename denied by the engine (compressed & office files). Object, reason, uid, programPath, scanType
14018 No repair section in driver. Object, reason, uid, programPath, scanType
14019 Compressed file is corrupted. Object, reason, uid, programPath, scanType
14020 The file/directory is a symbolic link. Object, reason, uid, programPath, scanType
14021 The file will be deleted on reboot. Object, reason, uid, programPath, scanType
14022 The process does not exist. Object, reason, uid, programPath, scanType


Task Scheduler errors
15000 Unknown
15001 Failed to open log file
15002 Could not access configuration key
15003 Updated with scheduled tasks
15004 Could not safely identify VirusScan Enterprise For Linux entries in file, changes will be left in file
15005 Failed to exec command
15006 Running scheduled task id.
15007 Not installing new crontab file. Reason: failed to backup original.
15008 Failed to install new crontab file. Reason: rename failed.
15009 { 0}
15010 { 0}
15011 Could not determine the task id from the given text.
15012 { 0}


SMTP Alerting errors
16000 Failed to read section { 0} in configuration file { FILENAME}, using default settings
16001 Failed to create SMTP alert manager, SMTP alerts will not be generated
16002 Failed to allocate memory for alert
16003 Failed to write spool file for SMTP alert
16004 Failed to send SMTP alert to { 0}
16005 Failed to send SMTP alert to { 0}. The alert was not sent to any recipient
16006 Failed to connect to SMTP server
16007 Failed to delete spool file { 0} for SMTP alert
16008 Too many queued SMTP alerts, alert suppressed



Error Ranges
Range Error Categories Description
1000 - 1999 Scan operation Errors and notifications that occur while scanning files.
3000 - 3999 Anti-virus Engine errors Errors which occur during scanning or cleaning reported by the anti-virus scan engine.
5000 - 5999 Scan Manager Errors reported by the nailsd process which controls the scanners.
6000 - 6999 Logging errors Errors reported by the logging subsystem. If the error logging system fails, errors will be redirected to syslog.
7000 - 7999 Configuration errors Errors found when parsing values in the configuration files.
8000 - 8999 Exclusions and filtering errors Errors found when processing the information to do with excluding files form scanning, or defining which extensions to scan.
9000 - 9999 Monitoring errors Errors reported by the monitoring processes providing administration of the product.
11000 - 11999 IPC errors Errors reported during inter-process communication
12000 - 12999 On-Demand scanner errors Errors reported by the on-demand scanner.
13000 - 13999 Command processor errors Internal errors with respect the commands used during inter-process communication.
14000 - 14999 Anti-virus Engine scan errors Errors report by the anti-virus engine when processing a specific file.
15000 - 15999 Task Scheduler errors Errors reported by the task scheduler.
16000 - 16999 SMTP Alerting errors Errors reported by the SMTP alerting component.

以前のドキュメント ID

LS13062001

このドキュメントを評価する

この記事によって問題が解決されましたか?

ご意見がありましたら以下にご記入ください

言語:

この記事は以下の言語でご利用になれます。

English United States
Japanese
Japan - 日本 (Japanese)
© 2003-2013 McAfee, Inc.