Correcting mailscanner-mrtg output
Kevin Spicer
kevins at BMRB.CO.UK
Sat Nov 29 19:33:06 GMT 2003
On Sat, 2003-11-29 at 19:01, Gerry Doris wrote:
>mailscanner-mrtg is reporting too many virii found. I believe this is
>a
>direct result of running several virus scanners...each find the same
>virus
>and mailscanner-mrtg is reporting these as a separate virii.
>I can't find where mailscanner-mrtg is doing the calculation. Would
>someone please point me to the correct file so I can make the change.
>Thanks!
Gerry, MSMRTG pulls this information directly from the log lines which
read 'Virus Scanning: Found 1 viruses' (using the number given). As
far as I can tell (and a quick test with Clam, FProt and the eicar.com
file supports this) MailScanner logs only one virus if two scanners
detect it.
However, if you are using v0.05 (or maybe even an older version - I
haven't checked) of MSMRTG then the regular expression looks for viruses
or problems. In other words the total includes any emails you may have
blocked or modified because they contained suspect content (i.e. forms,
iframes, object codebase).
If this is what you are seeing then you should upgrade to the latest
version. In 0.06 the total is plotted as the blue are on the graph and
the number of actual detected viruses is plotted as a yellow line on top
of that. (0.06 is also much quicker, as it only parses each logfile
once - and only the bit written since last time it ran - rather than the
entire log 4 times every 5 minutes)
More information about the MailScanner
mailing list