Which log do I need to look into to find information on infected files?
Regular antivirus scanning (via an antivirus task):
The relevant log file is called scan_shares_ANTIVIRUS_[antivirus_task_name].log. You can find it in the main log directory. Example output:
[2008.07.08 14:33:28] Starting virus_scan
[2008.07.08 14:33:39] s:Share2008
[2008.07.08 14:33:39] action:2;lv0000/Share2007
[2008.07.08 14:33:39] stat:number_of_file=1;number_of_dir=1;capacity=0.01MB;number_of_infected_file=1;time_scan=10.992
[2008.07.08 14:33:39] infected:VBS.LoveLetter.Variant.vbs;VBS.LoveLetter.D
[2008.07.08 14:33:39] result:1
[2008.07.08 14:33:39] Ending virus_scan
SMB online scanning:
The relevant log file is called clamd.log. You can find it in the main log directory. Example output:
Tue Jul 8 14:52:38 2008 -> /RAMDISK/volumes/dssx7A-TSlT-rPEz-fLAk-pip2-vgUg-ZuZPsl/Share2008/I LOVE YOU.zip: VBS.LoveLetter.D FOUND
Tue Jul 8 14:52:40 2008 -> /RAMDISK/volumes/dssx7A-TSlT-rPEz-fLAk-pip2-vgUg-ZuZPsl/Share2008/netbus.zip: Trojan.Netbus.KeyHook170 FOUND
Tue Jul 8 14:52:42 2008 -> /RAMDISK/volumes/dssx7A-TSlT-rPEz-fLAk-pip2-vgUg-ZuZPsl/Share2008/tiny.zip: Silly.C FOUND