Malicious files (UNIX)

Module: File Watch

This check reports files with signatures that match attack signatures that are defined in Malicious File Watch templates. Use the name list to enable or disable Malicious File Watch templates that are identified by .mfw file extensions.

The following table lists the error messages for the check.

Table: Error messages for Malicious files

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESMM_MALICIOUS_FILE Category: Policy Compliance	UNIX (45737)	Title: Possible malicious file found Description:The file signature matches the malicious file signature pattern that is reported in the Information field. Investigate the file to determine if it is malicious. Compare it with a known good copy if possible. If the file is found to be malicious, remove it from the system and follow the procedures specified by your company's security policy.	Severity: yellow-2 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Name: %s; probability: %s%%; description: %s]
String ID: ESMM_MFW_TEMPLATE_ERR Category: Policy Compliance	UNIX (45739)	Title: MFW template error Description:The Malicious File Watch template file contains the error that is reported in the Information field. Correct the error manually, then rerun the check.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMM_NO_TEMPLATE Category: Policy Compliance	UNIX (45744)	Title: No template specified Description:No template was enabled, so the listed check or option could not be executed. Enable a template with the appropriate file extension and rerun the module.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESMM_MALICIOUS_FILE

Category: Policy Compliance

UNIX (45737)

Title: Possible malicious file found

Description:The file signature matches the malicious file signature pattern that is reported in the Information field. Investigate the file to determine if it is malicious. Compare it with a known good copy if possible. If the file is found to be malicious, remove it from the system and follow the procedures specified by your company's security policy.

Severity: yellow-2

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Name: %s; probability: %s%%; description: %s]

String ID: ESMM_MFW_TEMPLATE_ERR

Category: Policy Compliance

UNIX (45739)

Title: MFW template error

Description:The Malicious File Watch template file contains the error that is reported in the Information field. Correct the error manually, then rerun the check.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMM_NO_TEMPLATE

Category: Policy Compliance

UNIX (45744)

Title: No template specified

Description:No template was enabled, so the listed check or option could not be executed. Enable a template with the appropriate file extension and rerun the module.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]