I am new to Greenbone and it feels great to join this amazing community!!
I had a question, our antivirus is flagging and blocking SuspRemoteCmdCommand.D Malware (most probably run by OpenVAS). I wanted to find out the exact vulnerability test the runs this command.
Is there any way to find that out?
and welcome to this community forums.
Determining the cause of this message can be (currently) only done based on the time which VT is currently running at the time the AV even is occurring. Info how to enable the logging of the VT execution time in the software stack can be found here:
The scanner setting you are looking for is called log_whole_attack which can be added like this to your openvas.conf:
log_whole_attack = yes
The location of the file itself depends on your installation method and can be found via openvas -s | grep config_file. If the file doesn’t exist it can be created at the related location.
Afterwards all info will be logged to either your syslog or the openvas.log (again depending on your configuration in the openvas_log.conf which should be found side b…