Semi-OT: logwatch-pre6.0-4 Released
Peter Russell
pete at ENITECH.COM.AU
Tue Feb 15 21:22:07 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
WOuld also be nice to see something like the per hour stats as produced
by pflogsumm.
IS your report formatted in such a way that it could be easily imported
into excel?
Per-Hour Traffic Summary
time received delivered deferred bounced rejected
--------------------------------------------------------------------
0000-0100 51 60 5 2 121
0100-0200 45 45 2 7 127
0200-0300 41 36 5 6 122
0300-0400 50 40 4 1 83
0400-0500 69 60 3 1 244
0500-0600 48 44 5 6 315
0600-0700 44 33 4 0 650
0700-0800 55 48 5 1 631
0800-0900 129 202 6 1 872
0900-1000 192 222 6 2 444
1000-1100 194 448 6 2 410
1100-1200 192 738 11 5 444
1200-1300 194 261 6 1 434
1300-1400 180 179 4 4 368
1400-1500 876 914 12 72 1808
1500-1600 966 1010 26 39 2002
1600-1700 918 968 11 24 1879
1700-1800 107 125 12 0 222
1800-1900 79 80 11 2 182
1900-2000 56 56 7 0 114
2000-2100 52 47 12 0 117
2100-2200 71 89 14 2 225
2200-2300 75 75 8 3 188
2300-2400 41 42 13 3 101
Phillip T. George wrote:
> Beautiful. Could you perhaps add a "Spam Sender Report" (with the IPs)
> or is that already there and just not shown?
>
> Thanks,
> Phillip
>
> John Wilcock wrote:
>
>> Phillip T. George wrote:
>>
>>> That sounds great. Could I get a link to a site with more information
>>> on this script?
>>
>>
>>
>> See www.logwatch.org.
>> I don't think there's any information there about the mailscanner script
>> in particular, but I've pasted a sample of the output below:
>>
>>
>>> --------------------- MailScanner Begin ------------------------
>>>
>>> MailScanner Status:
>>> 566 messages Scanned by MailScanner
>>> 5.6 Total MB
>>> 76 Spam messages detected by MailScanner
>>> 71 Spam messages with action(s) store
>>> 5 Spam messages with action(s) store,deliver
>>> 9 Viruses found by MailScanner
>>> 8 Banned attachments found by MailScanner
>>> 1 Content Problems found by MailScanner
>>> 493 Messages delivered by MailScanner
>>>
>>> ClamAVModule Virus Report: (Total Seen = 9)
>>> Trojan.Downloader.Small-165: 1 Times(s)
>>> Worm.Bagle.AG.2: 4 Times(s)
>>> Worm.Bagle.Gen-zippwd: 1 Times(s)
>>> Worm.SomeFool.P: 3 Times(s)
>>>
>>> F-Prot Virus Report: (Total Seen = 9)
>>> HTML/IFrame at expl : 1 Times(s)
>>> W32/Bagle.AI at mm : 4 Times(s)
>>> W32/Bagle.BC at mm : 1 Times(s)
>>> W32/Netsky.Q.corr : 3 Times(s)
>>>
>>> Virus Sender Report: (Total Seen = 8)
>>> 217.112.52.115 : 1 Times(s)
>>> 62.4.16.80 : 2 Times(s)
>>> 82.121.133.139 : 1 Times(s)
>>> 82.121.133.165 : 1 Times(s)
>>> 83.114.148.52 : 1 Times(s)
>>> 83.114.150.59 : 1 Times(s)
>>> 83.114.152.74 : 1 Times(s)
>>>
>>> Content Report: (Total Seen = 1)
>>> HTML-specific exploits: 1 Times(s)
>>>
>>> Banned Filename Report: (Total Seen = 8)
>>> Password-protected archive (Fish.zip): 1 Times(s)
>>> possible virus hidden in a screensaver (05280e100c.9e62a
>>> data.rtf -space- .scr) : 1 Times(s)
>>> possible virus hidden in a screensaver (e0408e100c.30068
>>> message.scr) : 1 Times(s)
>>> windows/dos executable (49734e100c.5f81c doll.exe) : 1 Times(s)
>>> windows/dos executable (9eef3e11e5.e3f87 garry.com) : 1 Times(s)
>>> windows/dos executable (abacfe100c.0997c mp3.exe) : 1 Times(s)
>>> windows/dos executable (c418ae100c.4db55 cool_mp3.exe) : 1 Times(s)
>>> windows/dos executable (e21f0e100c.c7235 siupd02.com) : 1 Times(s)
>>>
>>> Phishing Report: (Total Seen = 1)
>>> www.emf2.com: 1 Times(s)
>>>
>>> Detail:
>>> www.emf2.com claiming to be www.nicotime.fr: 1 Times(s)
>>>
>>> HTML <FORM> tag report: (Total Seen = 4)
>>> alexandra.7105.150558.mailmenu.dbounce at votre.messagizer.fr : 1
>>> Times(s)
>>> bounce-mw-20599808 at blast1.myfree.com : 1 Times(s)
>>> chnetwork at newsletter.myabout.com : 1 Times(s)
>>> owner-todaysl*stephen**tradoc*-fr at ablist.about.com : 1 Times(s)
>>>
>>> HTML <SCRIPT> tag report: (Total Seen = 1)
>>> christian.delfosse at wanadoo.fr : 1 Times(s)
>>>
>>> HTML <IFRAME> tag report: (Total Seen = 1)
>>> webmaster at lerucher.com : 1 Times(s)
>>>
>>> **Unmatched Entries**
>>>
>>> /var/spool/MailScanner/incoming/32006/2214CE100C.14F0A/Fish.zip->glhpfrka.exe
>>>
>>> could be a suspicious file (encrypted program in archive) : 1 Time(s)
>>> Either you've found a bug in MailScanner's F-Prot output parser,
>>> or F-Prot's output format has changed! F-Prot said this
>>> "/var/spool/MailScanner/incoming/32006/2214CE100C.14F0A/Fish.zip->glhpfrka.exe
>>>
>>> could be a suspicious file (encrypted program in archive)". Please
>>> mail the author of MailScanner : 1 Time(s)
>>>
>>> ---------------------- MailScanner End -------------------------
>>
>>
>>
>>
>>
>>
>>
>>
>> John.
>>
>> --
>> -- Over 2500 webcams from ski resorts around the world - www.snoweye.com
>> -- Translate your technical documents and web pages - www.tradoc.fr
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list