feature request

[David While]

Sep  2 15:36:24 xxxxxx MailScanner[10247]: Virus and Content Scanning: Starting 
******** Sep  2 15:36:25 xxxxxxMailScanner[10247]: /var/spool/MailScanner/incoming/10247/./h82EZlKq015377/thank_you.pif: Worm.Sobig.F FOUND  
Sep  2 15:36:25 xxxxxx MailScanner[10247]: Virus Scanning: ClamAV found 1 infections 
Sep  2 15:36:25 xxxxxx MailScanner[10247]: Virus Scanning: Found 1 viruses 
Sep  2 15:36:25 xxxxxx MailScanner[10247]: Filename Checks: Possible MS-Dos program shortcut attack (thank_you.pif) 
Sep  2 15:36:25 xxxxxx MailScanner[10247]: Filetype Checks: No executables (thank_you.pif) 
Sep  2 15:36:25 xxxxxx MailScanner[10247]: Other Checks: Found 2 problems 

Ideally I would like  the IP address in the line marked with *s (apologies for the line wrap (if indeed it does!)
 
David While

	-----Original Message----- 
	From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK] 
	Sent: Tue 02/09/2003 15:27 
	To: MAILSCANNER at JISCMAIL.AC.UK 
	Cc: 
	Subject: Re: feature request
	
	

	At 13:36 02/09/2003, you wrote:
	>What is the possibility of including the sending IP address in the virus
	>lines in the log file entries?
	
	Please can you give me an example of what log entries you mean.
	
	
	>With the recent Sobig.F outbreak it would seem sensible to be able to do
	>some automatic processing on the log files to determine the IP addresses
	>that are sending them. My quick analysis of my log file shows that it is a
	>few addresses sending large numbers to me.
	>
	>If this is possible I would then be able to add it as a feature to
	>mailstats.pl to block persistent virus senders for a short period of time.
	>
	>-----------------------------------------------------------------
	>David While
	>Technical Development Manager
	>Faculty of Computing, Information & English
	>University of Central England
	>Tel: 0121 331 6211
	>-----------------------------------------------------------------
	
	--
	Julian Field
	www.MailScanner.info
	MailScanner thanks transtec Computers for their support