Correcting mailscanner-mrtg output
Gerry Doris
gdoris at ROGERS.COM
Sat Nov 29 19:50:51 GMT 2003
On Sat, 29 Nov 2003, Kevin Spicer wrote:
> Gerry, MSMRTG pulls this information directly from the log lines which
> read 'Virus Scanning: Found 1 viruses' (using the number given). As
> far as I can tell (and a quick test with Clam, FProt and the eicar.com
> file supports this) MailScanner logs only one virus if two scanners
> detect it.
>
> However, if you are using v0.05 (or maybe even an older version - I
> haven't checked) of MSMRTG then the regular expression looks for viruses
> or problems. In other words the total includes any emails you may have
> blocked or modified because they contained suspect content (i.e. forms,
> iframes, object codebase).
>
> If this is what you are seeing then you should upgrade to the latest
> version. In 0.06 the total is plotted as the blue are on the graph and
> the number of actual detected viruses is plotted as a yellow line on top
> of that. (0.06 is also much quicker, as it only parses each logfile
> once - and only the bit written since last time it ran - rather than the
> entire log 4 times every 5 minutes)
I'm using version 0.06-3. Perhaps I've been reading this incorrectly. I
sent a virus through and the blue shows a total of four. I'm assuming
that is one for each of F-Prot, ClamAV, Trend and MailScanner (upset at
the executable). I do see a yellow line at one which from your
description is correctly showing a single virus.
--
Gerry
"The lyfe so short, the craft so long to learne" Chaucer
More information about the MailScanner
mailing list