Sobig-F: ouch

Peter Peters P.G.M.Peters at utwente.nl
Wed Aug 20 09:02:11 IST 2003


On Tue, 19 Aug 2003 17:25:37 +0200, you wrote:

>Same here:
>
>[root at vmx20 sysconfig]# grep Sobig.F /var/log/maillog | wc
>   4652   44194  524675
>
>[root at vmx10 sysconfig]# grep Sobig.F /var/log/maillog | wc
>   4770   45315  536491

I put together a little script that helps me generate some statistics
for management. Normally it gives me stats about the previous month, but
it can also be used to give stats about any amount of time if you feed
it the correct logfiles.

My stats for yesterday and today:

|Bepaal het echte aantal mailtjes:   73484
|Bepaal het aantal spam-achtige mailtjes:   25060
|Bepaal het aantal via ruleset's geblokkeerde mailtjes:    4822
|Bepaal het aantal keren dat F-Prot is geupdate:       1
|Bepaal de laatste keer dat F-Prot is geupdate:
|Aug 19 11:00:13 netlx014 F-Prot autoupdate[5091]: F-Prot successfully updated.
|Geef de top 5 (en meer) van gevonden virussen:
|  10849 W32/Sobig.F
|     79 W32/Klez.H at mm
|     59 W32/Mimail.A at mm
|     16 W32/Lentin.H at mm
|     14 W32/Bugbear.B at mm
|     11 W32/Lentin.F at mm
|      6 W32/Busm.1445
|      4 W32/Gibe.B at mm
|      3 W32/Magistr.28672 at mm
|      2 W32/Sobig.E at mm

So 15% of all messages is Sobig.F.

Not counting messages with the old Sobig defect: no attachment.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ



More information about the MailScanner mailing list