sort virus results

Jon Fraley jfraley at glenraven.com
Wed Mar 3 13:50:20 GMT 2004 

Yea, I have a report that I generate that looks like that, but I need to
be able to tie the scanner to the message and the virus.

Number of messages processed     : 8243
Number of virus messages          : 554 (6.72%)
Number of spam messages           : 1472 (17.85%)
Number of clean messages          : 6217 (75.42%)

Top Spam Score                       : 47.472
Average Spam Score                   : 14.43

Viruses detected:
  W32/Bagle.c!zip    8
  W32/Bagle.e!zip    15
  W32/Bagle.f!pwdzip    2
  W32/Bagle.j at MM    1
  W32/Dumaru.a at MM    6
  W32/Klez.h at MM    7
  W32/Mimail.a at MM    2
  W32/Mimail.j at MM    2
  W32/Mydoom.a at MM    4
  W32/Mydoom.f!zip    6
  W32/Mydoom.f.zip    13
  W32/Mydoom.f at MM    4
  W32/Netsky.b at MM    14
  W32/Netsky.b at MM!zip    7
  W32/Netsky.c at MM    301
  W32/Netsky.c at MM!zip    15
  W32/Netsky.d at MM    173
  W32/Swen at MM    2

On Wed, 2004-03-03 at 08:47, jester wrote:
> john,
>
> I use this, dont know if there is a better way, and im sure its not
> perfect, but, works for me :)
>
> cat maillog | grep "Virus '" | cut -f8 "-d " | sort | uniq -c | sort -k1 -n -r
>
> which out puts for me:
>
>      204 Virus
>       81 'W32/Netsky-C'
>        8 'W32/Gibe-F'
>        2 'W32/Mydoom-F'
>        1 'W32/MyDoom-A'
>        1 'W32/Mimail-A'
>        1 'W32/Bugbear-B'
>        1 'Troj/Sefex-A'
>
> hope that helps
> Michael
> Spyderinternet
>
> At 07:39 AM 3/3/2004, you wrote:
>
> >Is there away to have MailScanner write to a file the results of each of
> >the virus scanner's results.  We currently use McAfee and ClamAV and are
> >looking to add at least one more scanner.  I have been asked to be able
> >to compare the performance of each scanner that we use.  So, I need the
> >information such as:
> >
> >Message ID          Scanner          Virus
> >i23DR2KW026160      McAfee          W32/Netsky.d at MM
> >i23DR2KW026160      ClamAV Module  Worm.SomeFool.D
> >i23DR2KW026160      MailScanner    Shortcuts to MS-Dos programs are very
> >dangerous in email (your_details.pif)
> >
> >I can not easily get this from the logs.
> >
> >Jon
> >
> >--
> >Spydernet has scanned this message for viruses and
> >dangerous content.
>
>

More information about the MailScanner mailing list