Mailwatch question

Bill Huff bhuff at COLLTECH.COM
Thu Jan 6 15:02:24 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt, mailwatch does indeed capture the difference, however there is not a 
'provided' interface to view it.  It is all in the DB however, and a custom 
report is trivial to create based on the way that the mailwatch reporting system 
is designed.

In your mailwatch database is a table called maillog.  In the maillog table 
there are columns to track if a given message is spam, if it is high scoring 
spam, if it is virus infected or if it was name or content infected.

Here is a 'describe' of the columns that I am referring too.  You can see that 
you have a very full set of information that is being tracked.  It would be 
trivial to create a report like you are asking for, the data is all there.

If you would like some help, contact me off list and I will give you a hand.

--
Bill

| isspam          | tinyint(1)    | YES  |     | 0       |       |
| ishighspam      | tinyint(1)    | YES  |     | 0       |       |
| issaspam        | tinyint(1)    | YES  |     | 0       |       |
| isrblspam       | tinyint(1)    | YES  |     | 0       |       |
| spamwhitelisted | tinyint(1)    | YES  |     | 0       |       |
| spamblacklisted | tinyint(1)    | YES  |     | 0       |       |
| sascore         | decimal(7,2)  | YES  |     | 0.00    |       |
| spamreport      | text          | YES  |     | NULL    |       |
| virusinfected   | tinyint(1)    | YES  |     | 0       |       |
| nameinfected    | tinyint(1)    | YES  |     | 0       |       |
| otherinfected   | tinyint(1)    | YES  |     | 0       |       |


Matt Kehler wrote:
> Thanks Glenn.  I know they are a different color, and I know they show 
> at the top right when looking at the current (daily) stats.  But what 
> I"m looking for is 'in the month of December, XXXX emails were blocked 
> due to file attachment'.   Better yet, since we service multiple domain 
> names, add '  .....blocked due to file attachment when destined for 
> abc123.com '
>  
> I assume I will have to do my own custom report for that?  Even when 
> filtering for December; it will show emails/spam/virus per day, per 
> month, etc..but it doesn't seem that blocked are included.  Unless I'm 
> crazy (which very well could be :)
>  
> Matt
> 
>  >>> Glenn.Steen at AP1.SE 01/05/05 05:10PM >>>
> As replied on theother list.... Red for blocked content, pink for spam 
> (darker for High Scoring)... You'll note the difference:-). As I said, 
> even a severely colorblind person like me have no problem with that:-).
> 
> If you like to have reports on each type, you'll just have to select a 
> relevant subset of limits. Again, it's pretty straightforward.
> 
> -- Glenn
> 
> 
> -----Original Message-----
> From:   MailScanner mailing list on behalf of Matt Kehler
> Sent:   on 2005-01-05 20:04
> To:     MAILSCANNER at JISCMAIL.AC.UK
> Cc:   
> Subject:        Mailwatch question
> I know its a MailWatch question, but it seems as though theres a lot 
> more MW users on this list than the actual MW list itself...so... :)
> 
> 
> 
> If you have MS configured to block emails based on extension (such as 
> ..pif's for example), do those blocked emails show in the MailWatch 
> 'spam' statistics, or do they not show at all?   Is there a way to 
> differentiate the emails blocked due to file extension from the emails 
> blocked due to spam?  Our management wants to know how much MailScanner 
> is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) 
> as opposed to stuff that we manually configure  (ie, the file extensions 
> that we block regardless of infection or spam)
> 
> 
> 
> thx
> 
> Matt
> 
> 
> 
> 
> This email and/or any documents in this transmission is intended for the
> addressee(s) only and may contain legally privileged or confidential
> information.  Any unauthorized use, disclosure, distribution, copying or
> dissemination is strictly prohibited.  If you receive this transmission in
> error, please notify the sender immediately and return the original.
> 
> Ce courriel et tout document dans cette transmission est destiné à la 
> personne
> ou aux personnes à qui il est adressé. Il peut contenir des informations
> privilégiées ou confidentielles. Toute utilisation, divulgation, 
> distribution,
> copie, ou diffusion non autorisée est strictement défendue. Si vous 
> n'êtes pas
> le destinataire de ce message, veuillez en informer l'expéditeur 
> immédiatement
> et lui remettre l'original.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> This email and/or any documents in this transmission is intended for the 
> addressee(s) only and may contain legally privileged or confidential 
> information. Any unauthorized use, disclosure, distribution, copying or 
> dissemination is strictly prohibited. If you receive this transmission 
> in error, please notify the sender immediately and return the original. 
> Ce courriel et tout document dans cette transmission est destiné à la 
> personne ou aux personnes à qui il est adressé. Il peut contenir des 
> informations privilégiées ou confidentielles. Toute utilisation, 
> divulgation, distribution, copie, ou diffusion non autorisée est 
> strictement défendue. Si vous n'êtes pas le destinataire de ce message, 
> veuillez en informer l'expéditeur immédiatement et lui remettre 
> l'original. ------------------------ MailScanner list 
> ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*

-- 
      _____
     / ___/___       | Bill Huff, CISSP - Director of Technology
    / /__  __/       | Voice: (512) 263-0770 x 262
   / /__/ /          |   Fax: (512) 263-8921
   \___/ /ollective  |  Cell: (512) 630-5424
       \/echnologies | --[ http://www.colltech.com ] --

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list