Log analyzer

Mark Nienberg mark at TIPPINGMAR.COM
Fri Jun 25 01:26:11 IST 2004 

On Thursday, June 24, 2004, at 01:08  PM, Mario Bittencourt wrote:
> Is there any list of log analyzers for Mailscanner (spam assassin /
> clamav) ?
>

If you just want simple stats then the latest logwatch
(www.logwatch.org) does a pretty good job.  This is nowhere near as
powerful as the sophisticated monitoring tools listed in the MAQ of
course.  Currently it supports ClamAV, ClamAVModule, Sophos, and
SophosSAVI.  Here is a sample output (my logs from yesterday):

  --------------------- MailScanner Begin ------------------------

MailScanner Status:
         547 messages Scanned by MailScanner
         32403174 Total Bytes
         162 Spam messages detected by MailScanner
         141 Spam messages deleted by Mailscanner
         8 Viruses found by MailScanner
         3 Banned attachments found by MailScanner
         2 Content Problems found by MailScanner
         392 Messages delivered by MailScanner

SophosSavi Virus Report: (Total Seen = 8)
     W32/Netsky-B W32/Netsky-B: 2 Times(s)
     W32/Netsky-D: 1 Times(s)
     W32/Netsky-P: 1 Times(s)
     W32/Netsky-P W32/Netsky-P: 3 Times(s)
     W32/Netsky-Q: 1 Times(s)

Virus Sender Report: (Total Seen = 8)
     12.111.187.2 : 1 Times(s)
     206.14.125.10 : 1 Times(s)
     207.182.249.182 : 1 Times(s)
     66.117.136.6 : 2 Times(s)
     68.126.172.150 : 2 Times(s)
     68.166.219.79 : 1 Times(s)

Spam Whitelisted Host Report: (Total Seen = 76)
     127.0.0.1 (postmaster at gingham.tippingmar.com): 7 Times(s)
     127.0.0.1 (root at gingham.tippingmar.com): 3 Times(s)
     130.246.192.55 (owner-mailscanner at jiscmail.ac.uk): 65 Times(s)
     207.182.249.182 (seaocboard-return at seausa.org): 1 Times(s)

Spam Blacklisted Host Report: (Total Seen = 6)
     216.39.87.28 (adv at sheck-buy.com): 1 Times(s)
     216.39.87.34 (adv at sheck-buy.com): 1 Times(s)
     69.6.79.114
(b.funemails.0-393b686-3484.tippingmar.com.-ayc at 14.moosq.com): 1
Times(s)
     69.6.79.138
(b.amber.0-393868c-6c1b.tippingmar.com.-barry at 38.moosq.com): 1 Times(s)
     69.6.79.143
(b.funemails.0-393b5d0-31f3.tippingmar.com.-ayc at 43.moosq.com): 1
Times(s)
     69.6.79.150
(b.funemails.0-393e2d1-2e90.tippingmar.com.-ayc at 50.moosq.com): 1
Times(s)

Content Report: (Total Seen = 2)
     HTML-specific exploits: 2 Times(s)

Filename Report: (Total Seen = 3)
     Possible MS-Dos program shortcut attack (data27456.pif) : 1 Times(s)
     Possible MS-Dos program shortcut attack (document_full.pif) : 1
Times(s)
     Possible MS-Dos program shortcut attack (news01.doc
                                                   .pif) : 1 Times(s)

  ---------------------- MailScanner End -------------------------

Mark Nienberg

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list