2 - Official Symantec AV rules for OSSEC.
4 - Copyright (C) 2009 Trend Micro Inc.
7 - This program is a free software; you can redistribute it
8 - and/or modify it under the terms of the GNU General Public
9 - License (version 2) as published by the FSF - Free Software
12 - License details: http://www.ossec.net/en/licensing.html
17 - http://www.ossec.net/wiki/index.php/Symantec_Antivirus
22 <group name="symantec,">
23 <rule id="7300" level="0">
24 <decoded_as>symantec-av</decoded_as>
25 <description>Grouping of Symantec AV rules.</description>
28 <rule id="7301" level="0">
29 <category>windows</category>
30 <extra_data>^Symantec AntiVirus</extra_data>
31 <description>Grouping of Symantec AV rules from eventlog.</description>
34 <rule id="7310" level="9">
35 <if_sid>7300, 7301</if_sid>
38 <description>Virus detected.</description>
41 <rule id="7320" level="3">
42 <if_sid>7300, 7301</if_sid>
43 <id>^2$|^3$|^4$|^13$</id>
44 <description>Virus scan updated,started or stopped.</description>
47 </group> <!-- symantec -->