User Guide
OmniAccess SafeGuard OS Administration Guide
374
Chapter 10: Detecting and Isolating Malware Security Threats
The following example is representative of sample output from the command; it shows
the malware status of any hosts having a malware event:
(SafeGuardOS) # show malware status
Current Malware Status
----------------------
Number of Rows:2
Host IP Host MAC User ID Last Event Time Action Event Count
------- -------- ------- --------------- ------ -----------
192.168.101.1 00:0c:29:d0:e8:49 2 Fri Mar 17 13:02:51.002 2006 HOSTAPP 2
66.166.203.235 00:0c:29:d0:e8:49 1 Fri Mar 17 13:02:31.171 2006 HOSTAPP 2
Ta ble 2 8 explains the output fields of the show malware status command.
Displaying which Algorithm Detected the Malware
To display the algorithms associated with a malware event, use the show malware
algorithm-info command. The Privileged Exec command has the following syntax:
Table 28 Show Malware Status Output Fields
Field Description
Host IP The host at this address is generating the event.
Host MAC The MAC address for the host generating the event.
User ID A system-generated identifier for the event.
Last Event Time The date and timestamp for the last occurrence that this host
was hit.
Action The blocking action. The blocking action is either host or
hostapp. Host blocks the traffic by IP address; hostapp blocks
the host application by destination port. See Configuring
Malware Controls on page 364.
Event Count The number of events for this host.