AstaroOS: Antivirus Logging and Engine Details
It would be great if we could have a antivirus log as well the ability to view the current definitions loaded for both engines as well the ability to start/stop them
It would be nice if the "New Pattern Up2Dates installed" email had attached more information such as the antivirus signature patterns instead of the version. It would be good for admin to know the specific signatures such as trojan signature etc etc
Adrian Baxter commented
This seems like something that should already be available. Antivirus can and will have false positives and block legitimate files; a temporary exception could be made to allow anything important that's getting blocked and would allow the administrator to report the false positive to the antivirus provider.
Knowing which client was trying to download the file would also allow the administrator to spot high-risk users, see legitimate or necessary sites/files that require exceptions, and generally fine tune protection.
I would also say that there should be notifications. If a user starts downloading hack tools, for example, then it's likely that they will find something that doesn't get blocked and a notification would allow the administrator to take action.
These are just a few examples. The important thing is that it would give the administrator a vital tool to help spot patterns, misbehaving users, and issues with false positives.
Sounds like a great idea. It would give me just a little more information when trying to provide a secure environment.
pantelis Stuff commented
Matthias Nees commented
More Information about installed Patter are very useful. Size of the pattern and used signatures are good information.
I think its a good idea. It might also tell you if a machine is continually trying to download an unknown payload....
napuzk aka. sm0ke
Well for a start having a antivirus log under the logging tab can provide information such as:
-which site was infected by spyware/phising etc
Having the ability to check the current definitions for each engine allows the user to search within the antivirus's website for specific information (pattern x.x.x.x includes y.x signature). At the moment definition number 7545 is not useful at all.(no info are provided with regards to current signatures)
You are right maybe start/stop functionality is a lot of work but I don't think that the rest are difficult to implement
Bob Alfson commented
Wingman, that sounds like a full-time job! What problem would that solve?