MAPS RBL+ worth it?
Joris Trooster / Interstroom
trooster at INTERSTROOM.NL
Tue Jul 16 12:38:56 IST 2002
Hello Peter,
Thanks for the script. There's a small error in analog4mailscanner.pl:
$TotalOsurisoft++ should be $TotalOsirusoft++
I am using exim and have my mailscanner logs seperated from the
exim/mailserver logs. I changed to script to calculate the number of
scanned e-mails from the mailscanner log only:
while(<LOG>) {
chomp;
if (/mailscanner/) {
$TotalMails += $1 if /Scanning (\d+)/;
$TotalViruses += $1 if /found (\d+) viruses in/i;
if (/is spam according to/) {
$TotalSpam++;
$TotalMonkeys++ if /Infinite-Monkeys/;
$TotalOsirusoft++ if /osirusoft\.com/;
$TotalORDB_RBL++ if /ORDB-RBL/;
$TotalSPEWS++ if /SPEWS/;
$TotalWIREHUB_DNSBL++ if /WIREHUB-DNSBL/;
$TotalRFC_IGNORANT_IPWHOIS++ if /RFC-IGNORANT-IPWHOIS/;
$TotalRFC_IGNORANT_DSN++ if /RFC-IGNORANT-DSN/;
$TotalRFC_IGNORANT_POSTMASTER++ if /RFC-IGNORANT-POSTMASTER/;
$TotalRFC_IGNORANT_ABUSE++ if /RFC-IGNORANT-ABUSE/;
$TotalRFC_IGNORANT_WHOIS++ if /RFC-IGNORANT-WHOIS/;
if (/SpamAssassin/) {
$TotalAssassinScore += $1+($2/10) if /score=(\d+)\.(\d+),/;
$TotalAssassin++;
}
}
}
}
Remember that one e-mail message will be scanned twice (if the
disinfected/scanned message is forwarded to the user).
---
I also changed to function CleanAndDirty in sweep.pl to log the
virusscan output in the mailscanner logfile. The output depends on the
virusscanner you are using. With a script one should be able to create
statistics about individual viruses.
Just check for:
Found application .....
Found the ..... virus (mcafee output)
in email in .....
sub CleanAndDirty {
my($Reports, $IdList, $Clean, $Dirty, $Silent) = @_;
my(%clean, %dirty, %silent, $key, $id, $value, $part, $text, $name);
map { $clean{$_} = 1 } @$IdList;
#foreach $id (keys %$Reports) {
while(($id,$value) = each %$Reports) {
delete $clean{$id}; # It isn't clean
$dirty{$id} = 1; # It is dirty unless it needs to be silent
while(($part, $text) = each %$value) {
Log::InfoLog("Virus - ".$text);
next unless @Config::SilentVirusNames; # for speed
foreach $name (@Config::SilentVirusNames) {
if ($text =~ /\Q$name\E/) {
# We got a virus name match, so this virus should be silent
$silent{$id} = 1;
delete $dirty{$id};
}
}
}
}
@$Clean = keys %clean;
@$Dirty = keys %dirty;
@$Silent = keys %silent;
}
Regards,
Joris Trooster
Interstroom
----- Original Message -----
From: "Peter Peters" <P.G.M.Peters at civ.utwente.nl>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Tuesday, July 16, 2002 8:43 AM
Subject: Re: MAPS RBL+ worth it?
> On Mon, 15 Jul 2002 15:44:14 -0400, you wrote:
>
> > Thanks for the info. How did you generate your report, using MTGR
or
> > whatever that tool is called?
>
> I have written one perl-scripts to generate output like:
> |Total recipients: 11018
> |Total virusses detected: 74
> |Total spams tagged: 1569
> |
> |Total SpamAssassin : 1192
> |Total SpamAssassin score: 17164.5
> |
> |Total Infinite-Monkeys: 302
> |Total Osurisoft 0
> |Total ORDB-RBL: 168
> |Total SPEWS: 204
> |Total WIREHUB-DNSBL: 162
> |Total RFC-IGNORANT-IPWHOIS: 0
> |Total RFC-IGNORANT-DSN: 65
> |Total RFC-IGNORANT-POSTMASTER: 339
> |Total RFC-IGNORANT-ABUSE: 563
> |Total RFC-IGNORANT-WHOIS: 122
>
> And one that generates about the same information but in csv-format.
> Every morning the csv-file is included in a excel spreadsheet,
converted
> to a graph and printed to show the latest stats.
>
> You can get them from:
> http://home.student.utwente.nl/p.g.m.peters/analog4mailscanner.pl
> http://home.student.utwente.nl/p.g.m.peters/mailscanner2csv.pl
>
> --
> Peter Peters
> senior netwerkbeheerder, Centrum voor Informatievoorziening,
> Universiteit Twente, Postbus 217, 7500 AE Enschede
> telefoon: +31 53 489 2301, fax:+31 53 489 2383,
http://www.utwente.nl/civ
>
More information about the MailScanner
mailing list