OT - Clamav question
Scott Silva
ssilva at SGVWATER.COM
Thu Mar 3 23:47:43 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Scott Silva wrote:
> Pete Russell wrote:
>
>>I would like to try and get it to handle Bitdefender. only need to
>>modify ONE (or maybe 2) line of code from what i can see.
>>
>>The output and string values for Bitdefender. ANy idea whgat they might be?
>>
>># Scanner Strings
>>my %Scanners = (
>> bitdefender => {
>> Output => '/(.+) Found virus (.*)',
>> String => '/(.+) Found virus (.*)\'},
>> sophos => {
>> Output => '>>> Virus',
>> String => '>>> Virus \'(.*)\''},
>> sophossavi => {
>> Output => 'INFECTED::',
>> String => 'INFECTED:: (.*)::'},
>> inoculan => {
>> Output => 'was infected by virus',
>> String => 'was infected by virus \[(.*)\]'},
>> clamav => {
>> Output => 'FOUND',
>> String => ':.* (.*) FOUND'},
>> command => {
>> Output => 'Infection:',
>> String => 'Infection: (.*)'},
>> "f-prot" => {
>> Output => 'Infection:',
>> String => 'Infection: (.*)'},
>> mcafee => {
>> Output => 'Found the',
>
>
> Maybe start with this;
> bitdefender=> {
> Output => '\/.*infected:',
> String => '\/.*infected: (.*)' },
>
> Might take some playing, but this is out of Vispan. I had to give credit
> where credit is due!
>
As a matter of fact, try this one as I got it working today;
I will have to send a diff to the writer
--
"If you have ever eaten crow,
It don't taste like chicken!!"
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
[ Part 2: "Attached Text" ]
#!/usr/bin/perl -w
#
# vnames.pl [-v] <emailto> Version 2.1.2 - 4/5/2004
# ----------------------------------------------------------------------------
# Print a report of all the e-mail viruses received today.
#
# Contributors v.2.x.x:
# McAfee French, Text Formatting - Denis Beauchemin (Denis.Beauchemin at USherbrooke.ca)
# H+BEDV AntiVir Support - Wolfgang Bönschen (wolfgang at antares.de)
# McAfee virus|trojan fix - James Gray (james at grayonline.id.au)
# BitDefender support - Scott Silva (ssilva at sgvwater.com)
# Refined & Expanded Scanners - Joshua Hirsh (joshua.hirsh at partnersolutions.ca)
# originally from David While's MailStats.pl script: (http://staff.cie.uce.ac.uk/~id001869/mailstats/).
# Panda support - Pedro Rosa (Pedro.Rosa at SA.FC.UL.PT)
#
# Contributors v.1.x.x:
# Sophos Support - Aaron Seelye (aseelye-lists at eltopia.com)
# F-Prot Support - jburzenski (jburzenski at americanhm.com)
#
# Copyright, (c) 2003-2004, Corey S. McFadden & Associates (contact at csma.biz)
# www.csma.biz
# By postal mail:
# McFadden Associates
# PO Box 20665
# Lehigh Valley, PA 18002
# U.S.A.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Definable Vars
$Scanner = "mcafee,clamav,bitdefender";
# comma sep: sophos,sophossavi,inoculan,clamav,command,f-prot,
# mcafee,mcafee_fr,fsecure,panda,antivir,bitdefender
$HTML = "yes"; # yes|no (no=text only)
$Sort = "count"; #count|name (count=ascending)
$MailLogFile = "/var/log/maillog";
$SendMail = "/usr/sbin/sendmail";
$StatsFile = "/root/virus.log";
# Scanner Strings
my %Scanners = (
sophos => {
Output => '>>> Virus',
String => '>>> Virus \'(.*)\''},
sophossavi => {
Output => 'INFECTED::',
String => 'INFECTED:: (.*)::'},
inoculan => {
Output => 'was infected by virus',
String => 'was infected by virus \[(.*)\]'},
clamav => {
Output => 'FOUND',
String => ':.* (.*) FOUND'},
command => {
Output => 'Infection:',
String => 'Infection: (.*)'},
"f-prot" => {
Output => 'Infection:',
String => 'Infection: (.*)'},
mcafee => {
Output => 'Found the',
String => 'Found the (.*) (virus|trojan) !!!'},
mcafee_fr => {
Output => 'contient le',
String => 'contient le (?:virus|ver|cheval de Troie) (.*) !!!'},
fsecure => {
Output => '.*Infection: (.*)',
String => '.*Infection: (.*)'},
panda => {
Output => 'Virus: (.*)',
String => '.* => (.*)##'},
antivir => {
Output => 'ALERT: (.*)',
String => 'ALERT: \[(.*)\]'},
bitdefender => {
Output => '\/.*infected:',
String => '\/.*infected: (.*)'},
);
my %ScannerText = (
sophos => "Sophos SAV",
sophossavi => "Sophos SAVI",
inoculan => "Inoculan",
clamav => "ClamAV",
command => "Command",
"f-prot" => "F-Prot",
mcafee => "McAfee",
mcafee_fr => "McAfee (with French messages)",
fsecure => "FSecure",
panda => "Panda Antivirus",
antivir => "H+BEDV AntiVir",
bitdefender =>"BitDefender Antivirus"
);
# Internal Vars
$EmailTo = $ARGV[0];
if ($EmailTo eq "") {
print "\tUsage: vnames.pl [-v] <emailaddress>\n";
exit 1;
}
if ($EmailTo eq "-v") {
print "\n";
print "\tvnames.pl - MailScanner Virus Filter Report.\n";
print "\t Version 2.1.2, released 4/5/2004.\n";
print "\t http://web.csma.biz/apps/vnames.shtml\n\n";
print "\tScanners supported:\n";
foreach $in(sort(keys %ScannerText)) {
printf "\t %-12s %-20s\n", $in, $ScannerText{$in};
}
print "\n";
exit 0;
}
@UseScanners = split(/,/,$Scanner);
$now_date = localtime(time);
@TIM = split(/\ /,$now_date); # Check this
$AnsiDate = "";
#
# Program Main
#
&parse_date;
open (SENDMAIL,"|$SendMail $EmailTo") or die "Cannot open $SendMail.";
&print_header;
foreach $in(@UseScanners) {
&init_vars;
&print_sectionheader($in);
&check_log($in);
&print_sortedresults;
&print_sectionfooter;
}
&print_footer;
close SENDMAIL;
#&write_stats;
#
# Program Subroutines
#
sub init_vars {
%Seen = ();
@SortedList = ();
@Names1 = ();
$count = 0;
}
sub print_header {
# Print e-mail header
my $myhostname = (`hostname`);
$myhostname =~ s/\n//g;
print SENDMAIL "Reply-to: root\@$myhostname\n";
print SENDMAIL "Subject: E-Mail Viruses ($TIM[0]) - $myhostname\n";
print SENDMAIL "To: $EmailTo\n";
if ($HTML eq "yes") {
print SENDMAIL "Content-type: text/html\;\n\n";
print SENDMAIL "<html><body>\n";
} else {
print SENDMAIL "\n";
}
}
sub print_sectionheader {
# Start each scanner block
# Current scanner name must be supplied
my $currentscanner = $_[0];
if ($HTML eq "yes") {
print SENDMAIL "<p>\n";
print SENDMAIL "<b>Viruses found by MailScanner \&\; $ScannerText{$currentscanner} today:</b>\n";
} else {
print SENDMAIL "Viruses found by MailScanner \& $ScannerText{$currentscanner} today:\n";
}
}
sub print_sectionfooter {
if ($HTML eq "yes") {
print SENDMAIL "</p><br><p>";
} else {
print SENDMAIL "\n\n";
}
}
sub check_log {
# Current scanner name must be supplied
my $currentscanner = $_[0];
my $ThisScanner = $Scanners{$currentscanner};
open (MAILLOG,$MailLogFile);
while ($cline = <MAILLOG>) {
$cline =~ s/\n//g;
if ($cline =~ "$TIM[1] $TIM[2]") {
if ($cline =~ /$ThisScanner->{Output}/) {
($vname) = ($cline =~ /$ThisScanner->{String}/);
$count = ($count + 1);
$vname =~ s/\ //g;
$vname =~ s/\n//g;
push @Names1,"$vname";
}
}
}
close MAILLOG;
}
sub print_sortedresults {
# Take the resulting array, Names1, and sort with a count.
my @UniqueList = ();
foreach $in(@Names1) {
push (@UniqueList,$in) unless ($Seen{$in});
$Seen{$in}++;
}
@SortedList = sort(@UniqueList);
if ($HTML eq "yes") {
# HTML output
print SENDMAIL "<table>\n";
if ($Sort eq "count") {
# Sorted by count
foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) {
# print SENDMAIL "<tr><td>\ \ $in</td><td align=right>\ \ $Seen{$in}</td></tr>\n";
print SENDMAIL "<tr><td>\ \ $in</td><td width=\"15\">\ </td><td align=right>$Seen{$in}</td></tr>\n";
}
} else {
# Sorted by name
foreach $in(@SortedList) {
print SENDMAIL "<tr><td>\ \ $in</td><td width=\"15\">\ </td><td align=right>$Seen{$in}</td></tr>\n";
}
}
print SENDMAIL "</table>\n";
} else {
# Text output
if ($Sort eq "count") {
# Sorted by count
foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) {
printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in};
}
} else {
# Sorted by name
foreach $in(@SortedList) {
printf SENDMAIL " - %-28s %7d\n", $in, $Seen{$in};
}
}
}
if ($count eq 0) {
print SENDMAIL "None.\n";
} else {
print SENDMAIL "A total of $count viruses were found and filtered.\n";
}
}
sub print_footer {
if ($HTML eq "yes") {
print SENDMAIL "</body></html>\n";
} else {
print SENDMAIL "\n";
}
}
sub write_stats {
# Write CSV Stats for Excel graphs and whatnot
open (STAT, ">>$StatsFile");
foreach $in(@SortedList) {
print STAT "$AnsiDate,$in,$Seen{$in}\n";
}
close STAT;
}
sub parse_date {
my $date=localtime();
my ($day, $month, $num, $time, $year) = split(/\s+/,$date);
if ($month eq "Jan") { $month = "1"; }
if ($month eq "Feb") { $month = "2"; }
if ($month eq "Mar") { $month = "3"; }
if ($month eq "Apr") { $month = "4"; }
if ($month eq "May") { $month = "5"; }
if ($month eq "Jun") { $month = "6"; }
if ($month eq "Jul") { $month = "7"; }
if ($month eq "Aug") { $month = "8"; }
if ($month eq "Sep") { $month = "9"; }
if ($month eq "Oct") { $month = "10"; }
if ($month eq "Nov") { $month = "11"; }
if ($month eq "Dec") { $month = "12"; }
$month = int($month);
$num = int($num);
if ($month < 10) { $fmonth = "0$month"; } else { $fmonth = "$month"; };
if ($num < 10) { $fnum = "0$num"; } else { $fnum = "$num"; };
$AnsiDate = "$year-$fmonth-$fnum";
}
exit 0;
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list