MRTG etc

[Andrew G Allen]

Some entries from my log file:

Nov  4 17:15:30 host-2 MailScanner[1163]: New Batch: Scanning 1 messages,
140270 bytes
Nov  4 17:15:30 host-2 MailScanner[1163]: Spam Checks: Starting
Nov  4 17:15:30 host-2 MailScanner[1163]: Virus and Content Scanning:
Starting
Nov  4 17:15:31 host-2 MailScanner[1163]: >>> Virus 'W32/Klez-H' found in
file ./gA4HFT803745/coords.scr
Nov  4 17:15:31 host-2 MailScanner[1163]: Virus Scanning: sophos found 1
infections
Nov  4 17:15:31 host-2 MailScanner[1163]:
/var/spool/MailScanner/incoming/1163/gA4HFT803745/coords.scr  Infection:
W32/Klez.H at mm
Nov  4 17:15:31 host-2 MailScanner[1163]: Virus Scanning: f-prot found 1
infections
Nov  4 17:15:31 host-2 MailScanner[1163]:
/var/spool/MailScanner/incoming/1163/./gA4HFT803745/coords.scr:
Worm/Klez.H FOUND
Nov  4 17:15:31 host-2 MailScanner[1163]: Virus Scanning: clamav found 1
infections
Nov  4 17:15:31 host-2 MailScanner[1163]: Virus Scanning: Found 1 viruses
Nov  4 17:15:31 host-2 MailScanner[1163]: Filename Checks: Possible virus
hidden in a screensaver (coords.scr)
Nov  4 17:15:31 host-2 MailScanner[1163]: Other Checks: Found 1 problems
Nov  4 17:15:31 host-2 MailScanner[1163]: Saved infected "coords.scr" to
/var/spool/MailScanner/quarantine/20021104/gA4HFT803745
Nov  4 17:15:31 host-2 MailScanner[1163]: Silent: Delivered 1 messages
containing silent viruses

I am currently using f-prot, sophos & clamav. Hope this helps... :)

Andrew G Allen
email: mail at projectandrew.com | voice: +44 (0) 7958 540596

--- Disclaimer ---
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error, please notify the
system manager.

> A number of people have been asking about getting statistic output for
> MailScanner (quite often for the higher ups!) well I have produced a
> script that analyses the mail log file and produces the necessary output
> including MRTG. The first time you run the script it will produce the
> necessary MRTG config file.
>
> It has a number of configurable variables (at the top of the script) and
> can also use the sendmail access file to automatically ban those IP
> addresses that consistently send you spam. There have been a number of
> discussions about SpamCop etc - well this is one solution - turn off
> your spamcop settings in MailScanner and sendmail and let this script
> decide to put them into your own access file. After a period of time
> they are automatically removed again.
>
> Currently the virus analysis will only work for ClamAV and inoculan
> since I don't have access to any other scanners, however it is easy for
> me to add them in - all I need are some sample mail log file entries
> from the relevant scanners when they have detected a virus.
>
> For a sample of what it produces see http://www.boys-brigade.org.uk/mrtg
> and to get the script go to
> http://staff.cie.uce.ac.uk/~dwhile/mailstats/
>
> It isn't a perfect script and if you have any problems please let me
> know - also if you find it useful let me know.
>
> -----------------------------------------------------------------
> David While
> Technical Development Manager
> Faculty of Computing, Information & English
> University of Central England
> Tel: 0121 331 6211
>
> --
> This message has been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.




--
This message has been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.