Virus Names Daily Report Script

Aaron Seelye aseelye-lists at ELTOPIA.COM
Sat Oct 18 17:47:40 IST 2003 

Attached is a patch to use this with SophosSAVI, if it sucks, it's because
i'm not much of a perl coder ;-).

Aaron Seelye
----- Original Message -----
From: "Corey S. McFadden" <c at CSMA.BIZ>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Saturday, October 18, 2003 2:03 AM
Subject: Re: Virus Names Daily Report Script


> Erik,
>
> I don't run postfix, so I'm not sure.  It basically looks for maillog
> entries like this:
>
> Oct 15 11:26:39 san-anton1 MailScanner[1669]:
> /h9FGQXC03384/azxhnnjw.exe        Found the W32/Swen at MM virus !!!
>
> So, if that's what you've got this will work...
>
> -Corey
>
>
> At 10:54 AM 10/18/2003 +0200, you wrote:
> >Will it work using postfix ?.
> >
> >Corey S. McFadden wrote:
> >>
> >>Someone had asked me to post this script a couple days ago but I didn't
> >>get an opportunity to do so until now and don't have the original
> >>message to reply to, so sorry for spamming the whole list.
> >>
> >>Anyhow, we run this script daily to generate a report on all the viruses
> >>filtered by MailScanner and McAfee.  I don't know what the maillog
> >>output looks like for other virus scanners, but if it's substantially
> >>different, modification will be necessary.
> >>
> >>http://web.csma.biz/apps/vnames.shtml
> >>
> >>The output is HTML-formatted with bullets and looks like this:
> >>
> >>Subject: E-Mail Viruses (Fri) - hostname
> >>
> >>Viruses found by MailScanner & McAfee today:
> >>
> >>     * W32/Klez.h at MM.....2 times.
> >>     * W32/Lovelorn.dr.....16 times.
> >>     * W32/Lovelorn at MM.....10 times.
> >>     * W32/Swen at MM.....12 times.
> >>
> >>A total of 40 viruses were found and filtered.
> >>
> >>
> >>
> >>
> >>If anyone finds this useful and wants to modify it to support another
> >>virus scanner, feel free.  Please e-mail me any changes though and I'll
> >>link them on that page.
> >>
> >>Best wishes,
> >>-Corey
> >>
> >>
> >>--
> >>Corey S. McFadden & Associates,
> >>Technology Consultants
> >>direct - +1.610.972.4347
> >>c at csma.biz - www.csma.biz
> >><http://www.csma.biz/>
> >>********************************************
> >>This message has been scanned for viruses and
> >>dangerous content.
> >
> >
> >--
> >
> >/Erik
> >
> >*********************************************
> >This message has been scanned for viruses and
> >dangerous content, and is believed to be clean.
>
> --
> Corey S. McFadden & Associates,
> Technology Consultants
> direct - +1.610.972.4347
> c at csma.biz - www.csma.biz
>
>
> *********************************************
> This message has been scanned for viruses and
> dangerous content, and is believed to be clean.

More information about the MailScanner mailing list