Semi-OT: logwatch-pre6.0-4 Released

Phillip T. George phillip at EACSI.COM
Tue Feb 15 17:32:12 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Beautiful.  Could you perhaps add a "Spam Sender Report" (with the IPs)
or is that already there and just not shown?

Thanks,
Phillip

John Wilcock wrote:

> Phillip T. George wrote:
>
>> That sounds great.  Could I get a link to a site with more information
>> on this script?
>
>
> See www.logwatch.org.
> I don't think there's any information there about the mailscanner script
> in particular, but I've pasted a sample of the output below:
>
>
>>  --------------------- MailScanner Begin ------------------------
>>
>>  MailScanner Status:
>>       566 messages Scanned by MailScanner
>>       5.6 Total MB
>>       76 Spam messages detected by MailScanner
>>               71 Spam messages with action(s) store
>>               5 Spam messages with action(s) store,deliver
>>       9 Viruses found by MailScanner
>>       8 Banned attachments found by MailScanner
>>       1 Content Problems found by MailScanner
>>       493 Messages delivered by MailScanner
>>
>>  ClamAVModule Virus Report: (Total Seen = 9)
>>      Trojan.Downloader.Small-165: 1 Times(s)
>>      Worm.Bagle.AG.2: 4 Times(s)
>>      Worm.Bagle.Gen-zippwd: 1 Times(s)
>>      Worm.SomeFool.P: 3 Times(s)
>>
>>  F-Prot Virus Report: (Total Seen = 9)
>>      HTML/IFrame at expl : 1 Times(s)
>>      W32/Bagle.AI at mm : 4 Times(s)
>>      W32/Bagle.BC at mm : 1 Times(s)
>>      W32/Netsky.Q.corr : 3 Times(s)
>>
>>  Virus Sender Report: (Total Seen = 8)
>>      217.112.52.115 : 1 Times(s)
>>      62.4.16.80 : 2 Times(s)
>>      82.121.133.139 : 1 Times(s)
>>      82.121.133.165 : 1 Times(s)
>>      83.114.148.52 : 1 Times(s)
>>      83.114.150.59 : 1 Times(s)
>>      83.114.152.74 : 1 Times(s)
>>
>>  Content Report: (Total Seen = 1)
>>      HTML-specific exploits: 1 Times(s)
>>
>>  Banned Filename Report: (Total Seen = 8)
>>      Password-protected archive (Fish.zip): 1 Times(s)
>>      possible virus hidden in a screensaver (05280e100c.9e62a
>> data.rtf -space- .scr) : 1 Times(s)
>>      possible virus hidden in a screensaver (e0408e100c.30068
>> message.scr) : 1 Times(s)
>>      windows/dos executable (49734e100c.5f81c doll.exe) : 1 Times(s)
>>      windows/dos executable (9eef3e11e5.e3f87 garry.com) : 1 Times(s)
>>      windows/dos executable (abacfe100c.0997c mp3.exe) : 1 Times(s)
>>      windows/dos executable (c418ae100c.4db55 cool_mp3.exe) : 1 Times(s)
>>      windows/dos executable (e21f0e100c.c7235 siupd02.com) : 1 Times(s)
>>
>>  Phishing Report: (Total Seen = 1)
>>      www.emf2.com: 1 Times(s)
>>
>>    Detail:
>>      www.emf2.com claiming to be www.nicotime.fr: 1 Times(s)
>>
>>  HTML <FORM> tag report: (Total Seen = 4)
>>      alexandra.7105.150558.mailmenu.dbounce at votre.messagizer.fr : 1
>> Times(s)
>>      bounce-mw-20599808 at blast1.myfree.com : 1 Times(s)
>>      chnetwork at newsletter.myabout.com : 1 Times(s)
>>      owner-todaysl*stephen**tradoc*-fr at ablist.about.com : 1 Times(s)
>>
>>  HTML <SCRIPT> tag report: (Total Seen = 1)
>>      christian.delfosse at wanadoo.fr : 1 Times(s)
>>
>>  HTML <IFRAME> tag report: (Total Seen = 1)
>>      webmaster at lerucher.com : 1 Times(s)
>>
>>  **Unmatched Entries**
>>
>> /var/spool/MailScanner/incoming/32006/2214CE100C.14F0A/Fish.zip->glhpfrka.exe
>> could be a suspicious file (encrypted program in archive) : 1 Time(s)
>>     Either you've found a bug in MailScanner's F-Prot output parser,
>> or F-Prot's output format has changed! F-Prot said this
>> "/var/spool/MailScanner/incoming/32006/2214CE100C.14F0A/Fish.zip->glhpfrka.exe
>> could be a suspicious file (encrypted program in archive)". Please
>> mail the author of MailScanner : 1 Time(s)
>>
>>  ---------------------- MailScanner End -------------------------
>
>
>
>
>
>
>
> John.
>
> --
> -- Over 2500 webcams from ski resorts around the world - www.snoweye.com
> -- Translate your technical documents and web pages    - www.tradoc.fr
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list