Semi-OT: logwatch-pre6.0-4 Released

David Vosburgh vosburgh at DALSEMI.COM
Tue Feb 15 21:33:57 GMT 2005 

Is there any chance of getting these stats broken down per (receiving)
domain? We recently started servicing several new domains and the PHB's
are asking for per domain stats now.  Thanks.

Dave

John Wilcock wrote:
> Phillip T. George wrote:
>
>> That sounds great.  Could I get a link to a site with more information
>> on this script?
>
>
> See www.logwatch.org.
> I don't think there's any information there about the mailscanner script
> in particular, but I've pasted a sample of the output below:
>
>
>>  --------------------- MailScanner Begin ------------------------
>>
>>  MailScanner Status:
>>       566 messages Scanned by MailScanner
>>       5.6 Total MB
>>       76 Spam messages detected by MailScanner
>>               71 Spam messages with action(s) store
>>               5 Spam messages with action(s) store,deliver
>>       9 Viruses found by MailScanner
>>       8 Banned attachments found by MailScanner
>>       1 Content Problems found by MailScanner
>>       493 Messages delivered by MailScanner
>>
>>  ClamAVModule Virus Report: (Total Seen = 9)
>>      Trojan.Downloader.Small-165: 1 Times(s)
>>      Worm.Bagle.AG.2: 4 Times(s)
>>      Worm.Bagle.Gen-zippwd: 1 Times(s)
>>      Worm.SomeFool.P: 3 Times(s)
>>
>>  F-Prot Virus Report: (Total Seen = 9)
>>      HTML/IFrame at expl : 1 Times(s)
>>      W32/Bagle.AI at mm : 4 Times(s)
>>      W32/Bagle.BC at mm : 1 Times(s)
>>      W32/Netsky.Q.corr : 3 Times(s)
>>
>>  Virus Sender Report: (Total Seen = 8)
>>      217.112.52.115 : 1 Times(s)
>>      62.4.16.80 : 2 Times(s)
>>      82.121.133.139 : 1 Times(s)
>>      82.121.133.165 : 1 Times(s)
>>      83.114.148.52 : 1 Times(s)
>>      83.114.150.59 : 1 Times(s)
>>      83.114.152.74 : 1 Times(s)
>>
>>  Content Report: (Total Seen = 1)
>>      HTML-specific exploits: 1 Times(s)
>>
>>  Banned Filename Report: (Total Seen = 8)
>>      Password-protected archive (Fish.zip): 1 Times(s)
>>      possible virus hidden in a screensaver (05280e100c.9e62a data.rtf
>> -space- .scr) : 1 Times(s)
>>      possible virus hidden in a screensaver (e0408e100c.30068
>> message.scr) : 1 Times(s)
>>      windows/dos executable (49734e100c.5f81c doll.exe) : 1 Times(s)
>>      windows/dos executable (9eef3e11e5.e3f87 garry.com) : 1 Times(s)
>>      windows/dos executable (abacfe100c.0997c mp3.exe) : 1 Times(s)
>>      windows/dos executable (c418ae100c.4db55 cool_mp3.exe) : 1 Times(s)
>>      windows/dos executable (e21f0e100c.c7235 siupd02.com) : 1 Times(s)
>>
>>  Phishing Report: (Total Seen = 1)
>>      www.emf2.com: 1 Times(s)
>>
>>    Detail:
>>      www.emf2.com claiming to be www.nicotime.fr: 1 Times(s)
>>
>>  HTML <FORM> tag report: (Total Seen = 4)
>>      alexandra.7105.150558.mailmenu.dbounce at votre.messagizer.fr : 1
>> Times(s)
>>      bounce-mw-20599808 at blast1.myfree.com : 1 Times(s)
>>      chnetwork at newsletter.myabout.com : 1 Times(s)
>>      owner-todaysl*stephen**tradoc*-fr at ablist.about.com : 1 Times(s)
>>
>>  HTML <SCRIPT> tag report: (Total Seen = 1)
>>      christian.delfosse at wanadoo.fr : 1 Times(s)
>>
>>  HTML <IFRAME> tag report: (Total Seen = 1)
>>      webmaster at lerucher.com : 1 Times(s)
>>
>>  **Unmatched Entries**
>>
>> /var/spool/MailScanner/incoming/32006/2214CE100C.14F0A/Fish.zip->glhpfrka.exe
>> could be a suspicious file (encrypted program in archive) : 1 Time(s)
>>     Either you've found a bug in MailScanner's F-Prot output parser,
>> or F-Prot's output format has changed! F-Prot said this
>> "/var/spool/MailScanner/incoming/32006/2214CE100C.14F0A/Fish.zip->glhpfrka.exe
>> could be a suspicious file (encrypted program in archive)". Please
>> mail the author of MailScanner : 1 Time(s)
>>
>>  ---------------------- MailScanner End -------------------------
>
>
>
>
>
>
>
> John.
>
> --
> -- Over 2500 webcams from ski resorts around the world - www.snoweye.com
> -- Translate your technical documents and web pages    - www.tradoc.fr
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>


--

Dave Vosburgh
Dallas Semiconductor

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list