MyDoom.F

[Craig Daters]

Looking at this, it looks like this is not for ClamAV. I would like
to use these examples to produce similar reports for ClamAV and
F-Prot.

I can sort of follow what is happening here, but I am not familiar
with 'cut' so I am purusing the man page for cut, but can you kind of
walk me through what's happening here with each of these examples?

>===
>I find it helpful to run two daily virus reports - one at noon that just
>looks at that morning, the other at 6am and scans the whole week (so
>far). The reports show the last time the AV dat files were updated and a
>count of current viruses that have been stopped by MailScanner.
>
>The time the DAT files were last updated is given by:
>   ls -l --time-style="+%b %d %r" /usr/local/uvscan/datfiles/current \
>     cut -c44-62
>
>The virus count is given by:
>   grep virus\ \! /var/log/maillog |cut -f7- "-d " |cut -f2 -d/ | \
>     cut -f1 "-d " |sort |uniq -c |sort -nr
>
>For the noon day one I do something like:
>   TODAY=`date -d "today" "+%b %e" `
>   grep "$TODAY" /var/log/maillog |grep virus\ \! |cut -f7- "-d " | \
>     cut -f2 -d/ |cut -f1 "-d " |sort |uniq -c |sort -nr
>
>The report will look something like this:
>
>   Anti-Virus files last updated on: Feb 25 01:01:15 PM
>   ===
>   Morning Virus report:
>      53 Netsky.b at MM!zip
>      47 Netsky.b at MM
>      17 Mydoom.f.zip
>      15 Mydoom.f at MM
>       4 Mimail.a at MM
>       2 Bagle.b at MM
>       1 Sober.c at MM
>    ===
>
>As you can see from the report, it shows you clearly that the MyDoom.f
>virus is being correctly caught.
>
>BTW: It's also a POC (Piece Of Cake) to publish this as a web page for
>your organization, and is great PR for you and MailScanner.
>
>Hope this is helpful - Jon Carnes


--
--

Craig Daters (craig at westpress.com)
Systems Administrator
West Press Printing
1663 West Grant Road
Tucson, Arizona 85745-1433

Tel: 520-624-4939
Fax: 520-624-2715

www.westpress.com

--