I received the notification below.
I looked at the clamd.virtualmin logs and don't see where it had detected anything.
I restarted clamd.virtualmin but the logs don't indicate a detection.

Do you know how I might figure out who/what/where this is coming from?


Hello from USinternetworking (USi). I am a Security Engineer here trying to track down a security incident that appears to have originated from your network on January 10, 2009. Please investigate a TCP sweep of port 22 from the IP and inform me of the results (account cancelled, user warned, etc). I will require this information in order to close the ticket on this activity. I have attached a portion of the log details as evidence. All times are EST (GMT -5).

(NOTE: This is an automated email response to the incoming scan/attack.)

10:39:55 [TCP-SWEEP]
10:39:54) (USI-amsxaid01)
10:40:14 [TCP-SWEEP]
10:40:09) (USI-amsxaid01)

USi Information Assurance Group

Closed (fixed)