vnames.pl

Pete Russell pete at ENITECH.COM.AU
Tue Mar 8 11:36:49 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

:) yes it was last week and here it is attached. Some one made one and
attched it to the list also, but i cant see how they would differ much :)



David Curtis wrote:
> Any one have the vnames.pl working to get virus information for
> BitDefender? Sorry if it has been already discussed.
>
> Thanks.
>
> Thanks,
> David Curtis
> dcurtis at sbschools.net
> (802) 652-7254
> South Burlington School District
> 550 Dorset Street
> South Burlington, Vt 05403
>
>
>
>
>
>
>
> This email may contain information protected under the Family
> Educational Rights and Privacy Act (FERPA) or the Health Insurance
> Portability and Accountability Act (HIPAA).  If this email contains
> confidential and/or privileged health or student information and you
> are not entitled to access such information under FERPA or HIPAA,
> federal regulations require that you destroy this email without
> reviewing it and you may not forward it to anyone.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2: "Attached Text" ]

#!/usr/bin/perl -w
#
#  vnames.pl [-v] <emailto>        Version 2.1.2 - 4/5/2004
#  ----------------------------------------------------------------------------
#  Print a report of all the e-mail viruses received today.
#
#  Contributors v.2.x.x:
#    McAfee French, Text Formatting - Denis Beauchemin (Denis.Beauchemin at USherbrooke.ca)
#    H+BEDV AntiVir Support - Wolfgang Bönschen (wolfgang at antares.de)
#    McAfee virus|trojan fix - James Gray (james at grayonline.id.au)
#    Refined & Expanded Scanners - Joshua Hirsh (joshua.hirsh at partnersolutions.ca)
#       originally from David While's MailStats.pl script: (http://staff.cie.uce.ac.uk/~id001869/mailstats/).
#    Panda support - Pedro Rosa (Pedro.Rosa at SA.FC.UL.PT)
#
#  Contributors v.1.x.x:
#    Sophos Support - Aaron Seelye (aseelye-lists at eltopia.com)
#    F-Prot Support - jburzenski (jburzenski at americanhm.com)
#
# Copyright, (c) 2003-2004, Corey S. McFadden & Associates (contact at csma.biz)
#   www.csma.biz
#   By postal mail:
#     McFadden Associates
#     PO Box 20665
#     Lehigh Valley, PA 18002
#     U.S.A.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#

# Definable Vars
$Scanner = "bitdefender,clamav";
   # comma sep: sophos,sophossavi,inoculan,clamav,command,f-prot,
   #            mcafee,mcafee_fr,fsecure,panda,antivir
$HTML = "no"; # yes|no (no=text only)
$Sort = "count"; #count|name (count=ascending)
$MailLogFile = "/var/log/maillog";
$SendMail = "/usr/sbin/sendmail";
$StatsFile = "/root/virus.log";

# Scanner Strings
my %Scanners = (
  bitdefender => {
    Output => '\/.*infected:',
    String => '\/.*infected: (.*)' },
  sophos => {
    Output => '>>> Virus',
    String => '>>> Virus \'(.*)\''},
  sophossavi => {
    Output => 'INFECTED::',
    String => 'INFECTED:: (.*)::'},
  inoculan => {
    Output => 'was infected by virus',
    String => 'was infected by virus \[(.*)\]'},
  clamav => {
    Output => 'FOUND',
    String => ':.* (.*) FOUND'},
  command => {
    Output => 'Infection:',
    String => 'Infection: (.*)'},
  "f-prot" => {
    Output => 'Infection:',
    String => 'Infection: (.*)'},
  mcafee => {
    Output => 'Found the',
    String => 'Found the (.*) (virus|trojan) !!!'},
  mcafee_fr => {
    Output => 'contient le',
    String => 'contient le (?:virus|ver|cheval de Troie) (.*) !!!'},
  fsecure => {
    Output => '.*Infection: (.*)',
    String => '.*Infection: (.*)'},
  panda => {
    Output => 'Virus: (.*)',
    String => '.* => (.*)##'},
  antivir => {
    Output => 'ALERT: (.*)',
    String => 'ALERT: \[(.*)\]'},
);

my %ScannerText = (
bitdefender => "BitDefender",  
sophos => "Sophos SAV",
  sophossavi => "Sophos SAVI",
  inoculan => "Inoculan",
  clamav => "ClamAV",
  command => "Command",
  "f-prot" => "F-Prot",
  mcafee => "McAfee",
  mcafee_fr => "McAfee (with French messages)",
  fsecure => "FSecure",
  panda => "Panda Antivirus",
  antivir => "H+BEDV AntiVir",
);

# Internal Vars
$EmailTo = $ARGV[0];
if ($EmailTo eq "") {
  print "\tUsage: vnames.pl [-v] <emailaddress>\n";
  exit 1;
}
if ($EmailTo eq "-v") {
  print "\n";
  print "\tvnames.pl - MailScanner Virus Filter Report.\n";
  print "\t  Version 2.1.2, released 4/5/2004.\n";
  print "\t  http://web.csma.biz/apps/vnames.shtml\n\n";
  print "\tScanners supported:\n";
  foreach $in(sort(keys %ScannerText)) {
    printf "\t  %-12s %-20s\n", $in, $ScannerText{$in};
  }
  print "\n";
  exit 0;
}
@UseScanners = split(/,/,$Scanner);
$now_date = localtime(time);
@TIM = split(/\ /,$now_date);   # Check this
$AnsiDate = "";


#
# Program Main
#
&parse_date;
open (SENDMAIL,"|$SendMail $EmailTo") or die "Cannot open $SendMail.";
&print_header;

foreach $in(@UseScanners) {
  &init_vars;
  &print_sectionheader($in);
  &check_log($in);
  &print_sortedresults;
  &print_sectionfooter;
}

&print_footer;
close SENDMAIL;
#&write_stats;




#
# Program Subroutines
#
sub init_vars {
  %Seen = ();
  @SortedList = ();
  @Names1 = ();
  $count = 0;
}

sub print_header {
  # Print e-mail header
  my $myhostname = (`hostname`);
  $myhostname =~ s/\n//g;

  print SENDMAIL "Reply-to: root\@$myhostname\n";
  print SENDMAIL "Subject: E-Mail Viruses ($TIM[0]) - $myhostname\n";
  print SENDMAIL "To: $EmailTo\n";
  if ($HTML eq "yes") {
    print SENDMAIL "Content-type: text/html\;\n\n";
    print SENDMAIL "<html><body>\n";
  } else {
    print SENDMAIL "\n";
  }
}

sub print_sectionheader {
  # Start each scanner block
  # Current scanner name must be supplied
  my $currentscanner = $_[0];

  if ($HTML eq "yes") {
    print SENDMAIL "<p>\n";
    print SENDMAIL "<b>Viruses found by MailScanner \&amp\; $ScannerText{$currentscanner} today:</b>\n";
  } else {
    print SENDMAIL "Viruses found by MailScanner \& $ScannerText{$currentscanner} today:\n";
  }
}

sub print_sectionfooter {
  if ($HTML eq "yes") {
    print SENDMAIL "</p><br><p>";
  } else {
    print SENDMAIL "\n\n";
  }
}

sub check_log {
  # Current scanner name must be supplied
  my $currentscanner = $_[0];
  my $ThisScanner = $Scanners{$currentscanner};

  open (MAILLOG,$MailLogFile);
  while ($cline = <MAILLOG>) {
    $cline =~ s/\n//g;
    if ($cline =~ "$TIM[1] $TIM[2]") {
      if ($cline =~ /$ThisScanner->{Output}/) {
        ($vname) = ($cline =~ /$ThisScanner->{String}/);
        $count = ($count + 1);
        $vname =~ s/\ //g;
        $vname =~ s/\n//g;
        push @Names1,"$vname";
      }
    }
  }
  close MAILLOG;
}

sub print_sortedresults {
  # Take the resulting array, Names1, and sort with a count.
  my @UniqueList = ();

  foreach $in(@Names1) {
    push (@UniqueList,$in) unless ($Seen{$in});
    $Seen{$in}++;
   }
  @SortedList = sort(@UniqueList);

  if ($HTML eq "yes") {
    # HTML output
    print SENDMAIL "<table>\n";
    if ($Sort eq "count") {
      # Sorted by count
      foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) {
#        print SENDMAIL "<tr><td>\&nbsp;\&nbsp;$in</td><td align=right>\&nbsp;\&nbsp; $Seen{$in}</td></tr>\n";
        print SENDMAIL "<tr><td>\&nbsp;\&nbsp;$in</td><td width=\"15\">\&nbsp;</td><td align=right>$Seen{$in}</td></tr>\n";
      }
    } else {
      # Sorted by name
      foreach $in(@SortedList) {
        print SENDMAIL "<tr><td>\&nbsp;\&nbsp;$in</td><td width=\"15\">\&nbsp;</td><td align=right>$Seen{$in}</td></tr>\n";
      }
    }
    print SENDMAIL "</table>\n";
  } else {
    # Text output
    if ($Sort eq "count") {
      # Sorted by count
      foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) {
        printf SENDMAIL "    - %-28s %7d\n", $in, $Seen{$in};
      }
    } else {
      # Sorted by name
      foreach $in(@SortedList) {
        printf SENDMAIL "    - %-28s %7d\n", $in, $Seen{$in};
      }
    }
  }
  if ($count eq 0) {
    print SENDMAIL "None.\n";
  } else {
    print SENDMAIL "A total of $count viruses were found and filtered.\n";
  }
}

sub print_footer {
  if ($HTML eq "yes") {
    print SENDMAIL "</body></html>\n";
  } else {
    print SENDMAIL "\n";
  }
}

sub write_stats {
  # Write CSV Stats for Excel graphs and whatnot
  open (STAT, ">>$StatsFile");
  foreach $in(@SortedList) {
    print STAT "$AnsiDate,$in,$Seen{$in}\n";
  }
  close STAT;
}

sub parse_date {
  my $date=localtime();
  my ($day, $month, $num, $time, $year) = split(/\s+/,$date);
  if ($month eq "Jan") { $month = "1"; }
  if ($month eq "Feb") { $month = "2"; }
  if ($month eq "Mar") { $month = "3"; }
  if ($month eq "Apr") { $month = "4"; }
  if ($month eq "May") { $month = "5"; }
  if ($month eq "Jun") { $month = "6"; }
  if ($month eq "Jul") { $month = "7"; }
  if ($month eq "Aug") { $month = "8"; }
  if ($month eq "Sep") { $month = "9"; }
  if ($month eq "Oct") { $month = "10"; }
  if ($month eq "Nov") { $month = "11"; }
  if ($month eq "Dec") { $month = "12"; }
  $month = int($month);
  $num = int($num);
  if ($month < 10) { $fmonth = "0$month"; } else { $fmonth = "$month"; };
  if ($num < 10) { $fnum = "0$num"; } else { $fnum = "$num"; };
  $AnsiDate = "$year-$fmonth-$fnum";
}

exit 0;

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list