Mailwatch question

[Bill Huff]

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I am pretty sure that nameinfected means that a rule in filename.rules hit and 
otherinfected means that a rule in filetype.rules hit.

--
Bill


Matt Kehler wrote:
> Thanks Bill.  I'll try to add 'nameinfected' (I believe thats what the 
> blocked is) to the daily and monthly reports.   When it comes to stuff 
> like this I"m lost, so I may be emailing you soon enough :)
>  
> thanks!
> Matt
> 
>  >>> bhuff at COLLTECH.COM 01/06/05 09:02AM >>>
> Matt, mailwatch does indeed capture the difference, however there is not a
> 'provided' interface to view it.  It is all in the DB however, and a custom
> report is trivial to create based on the way that the mailwatch 
> reporting system
> is designed.
> 
> In your mailwatch database is a table called maillog.  In the maillog table
> there are columns to track if a given message is spam, if it is high 
> scoring
> spam, if it is virus infected or if it was name or content infected.
> 
> Here is a 'describe' of the columns that I am referring too.  You can 
> see that
> you have a very full set of information that is being tracked.  It would be
> trivial to create a report like you are asking for, the data is all there.
> 
> If you would like some help, contact me off list and I will give you a hand.
> 
> --
> Bill
> 
> | isspam          | tinyint(1)    | YES  |     | 0       |       |
> | ishighspam      | tinyint(1)    | YES  |     | 0       |       |
> | issaspam        | tinyint(1)    | YES  |     | 0       |       |
> | isrblspam       | tinyint(1)    | YES  |     | 0       |       |
> | spamwhitelisted | tinyint(1)    | YES  |     | 0       |       |
> | spamblacklisted | tinyint(1)    | YES  |     | 0       |       |
> | sascore         | decimal(7,2)  | YES  |     | 0.00    |       |
> | spamreport      | text          | YES  |     | NULL    |       |
> | virusinfected   | tinyint(1)    | YES  |     | 0       |       |
> | nameinfected    | tinyint(1)    | YES  |     | 0       |       |
> | otherinfected   | tinyint(1)    | YES  |     | 0       |       |
> 
> 
> Matt Kehler wrote:
>  > Thanks Glenn.  I know they are a different color, and I know they show
>  > at the top right when looking at the current (daily) stats.  But what
>  > I"m looking for is 'in the month of December, XXXX emails were blocked
>  > due to file attachment'.   Better yet, since we service multiple domain
>  > names, add '  .....blocked due to file attachment when destined for
>  > abc123.com '
>  > 
>  > I assume I will have to do my own custom report for that?  Even when
>  > filtering for December; it will show emails/spam/virus per day, per
>  > month, etc..but it doesn't seem that blocked are included.  Unless I'm
>  > crazy (which very well could be :)
>  > 
>  > Matt
>  >
>  >  >>> Glenn.Steen at AP1.SE 01/05/05 05:10PM >>>
>  > As replied on theother list.... Red for blocked content, pink for spam
>  > (darker for High Scoring)... You'll note the difference:-). As I said,
>  > even a severely colorblind person like me have no problem with that:-).
>  >
>  > If you like to have reports on each type, you'll just have to select a
>  > relevant subset of limits. Again, it's pretty straightforward.
>  >
>  > -- Glenn
>  >
>  >
>  > -----Original Message-----
>  > From:   MailScanner mailing list on behalf of Matt Kehler
>  > Sent:   on 2005-01-05 20:04
>  > To:     MAILSCANNER at JISCMAIL.AC.UK
>  > Cc:  
>  > Subject:        Mailwatch question
>  > I know its a MailWatch question, but it seems as though theres a lot
>  > more MW users on this list than the actual MW list itself...so... :)
>  >
>  >
>  >
>  > If you have MS configured to block emails based on extension (such as
>  > ..pif's for example), do those blocked emails show in the MailWatch
>  > 'spam' statistics, or do they not show at all?   Is there a way to
>  > differentiate the emails blocked due to file extension from the emails
>  > blocked due to spam?  Our management wants to know how much MailScanner
>  > is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc)
>  > as opposed to stuff that we manually configure  (ie, the file extensions
>  > that we block regardless of infection or spam)
>  >
>  >
>  >
>  > thx
>  >
>  > Matt
>  >
>  >
>  >
>  >
>  > This email and/or any documents in this transmission is intended for the
>  > addressee(s) only and may contain legally privileged or confidential
>  > information.  Any unauthorized use, disclosure, distribution, copying or
>  > dissemination is strictly prohibited.  If you receive this 
> transmission in
>  > error, please notify the sender immediately and return the original.
>  >
>  > Ce courriel et tout document dans cette transmission est destiné à la
>  > personne
>  > ou aux personnes à qui il est adressé. Il peut contenir des informations
>  > privilégiées ou confidentielles. Toute utilisation, divulgation,
>  > distribution,
>  > copie, ou diffusion non autorisée est strictement défendue. Si vous
>  > n'êtes pas
>  > le destinataire de ce message, veuillez en informer l'expéditeur
>  > immédiatement
>  > et lui remettre l'original.
>  >
>  > ------------------------ MailScanner list ------------------------
>  > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>  > 'leave mailscanner' in the body of the email.
>  > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>  > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>  >
>  > Support MailScanner development - buy the book off the website!
>  >
>  > ------------------------ MailScanner list ------------------------
>  > To unsubscribe, email jiscmail at jiscmail.ac..uk with the words:
>  > 'leave mailscanner' in the body of the email.
>  > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>  > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>  >
>  > Support MailScanner development - buy the book off the website!
>  > This email and/or any documents in this transmission is intended for the
>  > addressee(s) only and may contain legally privileged or confidential
>  > information. Any unauthorized use, disclosure, distribution, copying or
>  > dissemination is strictly prohibited. If you receive this transmission
>  > in error, please notify the sender immediately and return the original.
>  > Ce courriel et tout document dans cette transmission est destiné à la
>  > personne ou aux personnes à qui il est adressé. Il peut contenir des
>  > informations privilégiées ou confidentielles. Toute utilisation,
>  > divulgation, distribution, copie, ou diffusion non autorisée est
>  > strictement défendue. Si vous n'êtes pas le destinataire de ce message,
>  > veuillez en informer l'expéditeur immédiatement et lui remettre
>  > l'original. ------------------------ MailScanner list
>  > ------------------------
>  > To unsubscribe, email jiscmail at jiscmail.ac..uk with the words:
>  > 'leave mailscanner' in the body of the email.
>  > Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
>  > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>  >
>  > *Support MailScanner development - buy the book off the website!*
> 
> -- 
>       _____
>      / ___/___       | Bill Huff, CISSP - Director of Technology
>     / /__  __/       | Voice: (512) 263-0770 x 262
>    / /__/ /          |   Fax: (512) 263-8921
>    \___/ /ollective  |  Cell: (512) 630-5424
>        \/echnologies | --[ http://www.colltech.com 
> <http://www.colltech.com/> ] --
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> This email and/or any documents in this transmission is intended for the 
> addressee(s) only and may contain legally privileged or confidential 
> information. Any unauthorized use, disclosure, distribution, copying or 
> dissemination is strictly prohibited. If you receive this transmission 
> in error, please notify the sender immediately and return the original. 
> Ce courriel et tout document dans cette transmission est destiné à la 
> personne ou aux personnes à qui il est adressé. Il peut contenir des 
> informations privilégiées ou confidentielles. Toute utilisation, 
> divulgation, distribution, copie, ou diffusion non autorisée est 
> strictement défendue. Si vous n'êtes pas le destinataire de ce message, 
> veuillez en informer l'expéditeur immédiatement et lui remettre 
> l'original. ------------------------ MailScanner list 
> ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*

-- 
      _____
     / ___/___       | Bill Huff, CISSP - Director of Technology
    / /__  __/       | Voice: (512) 263-0770 x 262
   / /__/ /          |   Fax: (512) 263-8921
   \___/ /ollective  |  Cell: (512) 630-5424
       \/echnologies | --[ http://www.colltech.com ] --

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!