logging

Matt Doherty Matthew_doherty at DATAWATCH.COM
Thu Sep 12 15:26:09 IST 2002 

>2. something that grep could sniff out easily ONLY for caught viruses. Or
do you have a better solution? The Email ID to go along with it as well
would be nice. for ones that were scanned and ones that were found to be
infected

> Such as?
 hmmm lets think hard on this one. DUH!

Matt Doherty
IT Dept
Datawatch Corp

>>In a world without walls or fences, who needs Windows and Gates?<<

  -----Original Message-----
  From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
  Sent: Thursday, September 12, 2002 11:05 AM
  To: MAILSCANNER at JISCMAIL.AC.UK
  Subject: Re: logging


  Ok, here are all the responses:

  1. From <$1> To <$2> virus <$3>

  Impossible to generically extract the name of the virus, so this would
have to include the whole virus report.

  2. something that grep could sniff out easily ONLY for caught viruses. Or
do you have a better solution? The Email ID to go along with it as well
would be nice. for ones that were scanned and ones that were found to be
infected

  Such as?

  3. I would definately like the virus name reported by the virus engine

  See (1)

  4. making the logging as machine freindly as possible

  I will do what I can.

  5. entries that could be used to create email usage reports.  For each
email to have To, From, Subject, Date, bytes, and names of any attachments
would allow for easier creation of user reports.

  Is there a limit on the length of a log entry? These would be *very* long.

  6. Identifiable tag
  When you get a chance would you consider altering the logging code for
  matches on filename rules to have an identifiable tag. E.g. instead of
  logging:
  "Executable file in filename.exe" and "Possible MS-Dos shortcut attack
  in filename.pif"
  Log:
  "Filename Rules: Executable file in filename.exe" and "Filename rules:
  Possible MS-Dos shortcut attack in filename.pif"

  Definite good idea.

  Any more thoughts from anyone?

  --
  Julian Field                Teaching Systems Manager
  jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
  Tel. 023 8059 2817          University of Southampton
                              Southampton SO17 1BJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020912/c90b201a/attachment.html

More information about the MailScanner mailing list