vnames.pl script

Scott Silva ssilva at SGVWATER.COM
Mon Mar 14 23:59:20 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I was playing with the vnames.pl script and added support for
ETrust, clammodule, RAV antivirus, and Trend.
If any one with these virus scanners would like to test and let me know,
I would appreciate it.

I offered a diff to the writer, but have gotten no response as of yet.



--
"If you have ever eaten crow,
It don't taste like chicken!!"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2: "Attached Text" ]

#!/usr/bin/perl -w
#
#  vnames.pl [-v] <emailto>        Version 2.1.2 - 4/5/2004
#  ----------------------------------------------------------------------------
#  Print a report of all the e-mail viruses received today.
#
#  Contributors v.2.x.x:
#    McAfee French, Text Formatting - Denis Beauchemin (Denis.Beauchemin at USherbrooke.ca)
#    H+BEDV AntiVir Support - Wolfgang Bönschen (wolfgang at antares.de)
#    McAfee virus|trojan fix - James Gray (james at grayonline.id.au)
#    BitDefender, RAV, ETrust, trend, and clammodule support - Scott Silva (ssilva at sgvwater.com)
#    Refined & Expanded Scanners - Joshua Hirsh (joshua.hirsh at partnersolutions.ca)
#       originally from David While's MailStats.pl script: (http://staff.cie.uce.ac.uk/~id001869/mailstats/).
#    Panda support - Pedro Rosa (Pedro.Rosa at SA.FC.UL.PT)
#
#  Contributors v.1.x.x:
#    Sophos Support - Aaron Seelye (aseelye-lists at eltopia.com)
#    F-Prot Support - jburzenski (jburzenski at americanhm.com)
#
# Copyright, (c) 2003-2004, Corey S. McFadden & Associates (contact at csma.biz)
#   www.csma.biz
#   By postal mail:
#     McFadden Associates
#     PO Box 20665
#     Lehigh Valley, PA 18002
#     U.S.A.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#

# Definable Vars
$Scanner = "mcafee,clamav,bitdefender";
   # comma sep: sophos,sophossavi,inoculan,clamav,command,f-prot,
   #            mcafee,mcafee_fr,fsecure,panda,antivir,bitdefender
$HTML = "yes"; # yes|no (no=text only)
$Sort = "count"; #count|name (count=ascending)
$MailLogFile = "/var/log/maillog";
$SendMail = "/usr/sbin/sendmail";
$StatsFile = "/root/virus.log";

# Scanner Strings
my %Scanners = (
  sophos => {
    Output => '>>> Virus',
    String => '>>> Virus \'(.*)\''},
  sophossavi => {
    Output => 'INFECTED::',
    String => 'INFECTED:: (.*)::'},
  inoculan => {
    Output => 'was infected by virus',
    String => 'was infected by virus \[(.*)\]'},
  clamav => {
    Output => 'FOUND',
    String => ':.* (.*) FOUND'},
  command => {
    Output => 'Infection:',
    String => 'Infection: (.*)'},
  "f-prot" => {
    Output => 'Infection:',
    String => 'Infection: (.*)'},
  mcafee => {
    Output => 'Found the',
    String => 'Found the (.*) (virus|trojan) !!!'},
  mcafee_fr => {
    Output => 'contient le',
    String => 'contient le (?:virus|ver|cheval de Troie) (.*) !!!'},
  fsecure => {
    Output => '.*Infection: (.*)',
    String => '.*Infection: (.*)'},
  panda => {
    Output => 'Virus: (.*)',
    String => '.* => (.*)##'},
  antivir => {
    Output => 'ALERT: (.*)',
    String => 'ALERT: \[(.*)\]'},
  bitdefender => {
    Output => '\/.*infected:',
    String => '\/.*infected: (.*)'},
  rav => {
    Output => '.*Infected: (.*)',
    String => '.*Infected: (.*)'},
  eTrust => {
    Output => 'is infected by virus:',
    String => 'is infected by virus: (.*)'},
  clamavmodule => {
    Output => 'INFECTED',
    String => 'INFECTED::(.*)::'},
  trend => {
    Output => 'Trend found (.*) in ',
    String => 'Trend found (.*) in '},
);

my %ScannerText = (
  sophos => "Sophos SAV",
  sophossavi => "Sophos SAVI",
  inoculan => "Inoculan",
  clamav => "ClamAV",
  command => "Command",
  "f-prot" => "F-Prot",
  mcafee => "McAfee",
  mcafee_fr => "McAfee (with French messages)",
  fsecure => "FSecure",
  panda => "Panda Antivirus",
  antivir => "H+BEDV AntiVir",
  bitdefender => "BitDefender Antivirus",
  rav => "RAV Antivirus",
  eTrust => "eTrust",
  clamavmodule => "ClamAV Module",
  trend => "Trend Antivirus"
);

# Internal Vars
$EmailTo = $ARGV[0];
if ($EmailTo eq "") {
  print "\tUsage: vnames.pl [-v] <emailaddress>\n";
  exit 1;
}
if ($EmailTo eq "-v") {
  print "\n";
  print "\tvnames.pl - MailScanner Virus Filter Report.\n";
  print "\t  Version 2.1.2, released 4/5/2004.\n";
  print "\t  http://web.csma.biz/apps/vnames.shtml\n\n";
  print "\tScanners supported:\n";
  foreach $in(sort(keys %ScannerText)) {
    printf "\t  %-12s %-20s\n", $in, $ScannerText{$in};
  }
  print "\n";
  exit 0;
}
@UseScanners = split(/,/,$Scanner);
$now_date = localtime(time);
@TIM = split(/\ /,$now_date);   # Check this
$AnsiDate = "";


#
# Program Main
#
&parse_date;
open (SENDMAIL,"|$SendMail $EmailTo") or die "Cannot open $SendMail.";
&print_header;

foreach $in(@UseScanners) {
  &init_vars;
  &print_sectionheader($in);
  &check_log($in);
  &print_sortedresults;
  &print_sectionfooter;
}

&print_footer;
close SENDMAIL;
#&write_stats;




#
# Program Subroutines
#
sub init_vars {
  %Seen = ();
  @SortedList = ();
  @Names1 = ();
  $count = 0;
}

sub print_header {
  # Print e-mail header
  my $myhostname = (`hostname`);
  $myhostname =~ s/\n//g;

  print SENDMAIL "Reply-to: root\@$myhostname\n";
  print SENDMAIL "Subject: E-Mail Viruses ($TIM[0]) - $myhostname\n";
  print SENDMAIL "To: $EmailTo\n";
  if ($HTML eq "yes") {
    print SENDMAIL "Content-type: text/html\;\n\n";
    print SENDMAIL "<html><body>\n";
  } else {
    print SENDMAIL "\n";
  }
}

sub print_sectionheader {
  # Start each scanner block
  # Current scanner name must be supplied
  my $currentscanner = $_[0];

  if ($HTML eq "yes") {
    print SENDMAIL "<p>\n";
    print SENDMAIL "<b>Viruses found by MailScanner \&amp\; $ScannerText{$currentscanner} today:</b>\n";
  } else {
    print SENDMAIL "Viruses found by MailScanner \& $ScannerText{$currentscanner} today:\n";
  }
}

sub print_sectionfooter {
  if ($HTML eq "yes") {
    print SENDMAIL "</p><br><p>";
  } else {
    print SENDMAIL "\n\n";
  }
}

sub check_log {
  # Current scanner name must be supplied
  my $currentscanner = $_[0];
  my $ThisScanner = $Scanners{$currentscanner};

  open (MAILLOG,$MailLogFile);
  while ($cline = <MAILLOG>) {
    $cline =~ s/\n//g;
    if ($cline =~ "$TIM[1] $TIM[2]") {
      if ($cline =~ /$ThisScanner->{Output}/) {
        ($vname) = ($cline =~ /$ThisScanner->{String}/);
        $count = ($count + 1);
        $vname =~ s/\ //g;
        $vname =~ s/\n//g;
        push @Names1,"$vname";
      }
    }
  }
  close MAILLOG;
}

sub print_sortedresults {
  # Take the resulting array, Names1, and sort with a count.
  my @UniqueList = ();

  foreach $in(@Names1) {
    push (@UniqueList,$in) unless ($Seen{$in});
    $Seen{$in}++;
   }
  @SortedList = sort(@UniqueList);

  if ($HTML eq "yes") {
    # HTML output
    print SENDMAIL "<table>\n";
    if ($Sort eq "count") {
      # Sorted by count
      foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) {
#        print SENDMAIL "<tr><td>\&nbsp;\&nbsp;$in</td><td align=right>\&nbsp;\&nbsp; $Seen{$in}</td></tr>\n";
        print SENDMAIL "<tr><td>\&nbsp;\&nbsp;$in</td><td width=\"15\">\&nbsp;</td><td align=right>$Seen{$in}</td></tr>\n";
      }
    } else {
      # Sorted by name
      foreach $in(@SortedList) {
        print SENDMAIL "<tr><td>\&nbsp;\&nbsp;$in</td><td width=\"15\">\&nbsp;</td><td align=right>$Seen{$in}</td></tr>\n";
      }
    }
    print SENDMAIL "</table>\n";
  } else {
    # Text output
    if ($Sort eq "count") {
      # Sorted by count
      foreach $in(sort { $Seen{$b} <=> $Seen{$a} } keys %Seen) {
        printf SENDMAIL "    - %-28s %7d\n", $in, $Seen{$in};
      }
    } else {
      # Sorted by name
      foreach $in(@SortedList) {
        printf SENDMAIL "    - %-28s %7d\n", $in, $Seen{$in};
      }
    }
  }
  if ($count eq 0) {
    print SENDMAIL "None.\n";
  } else {
    print SENDMAIL "A total of $count viruses were found and filtered.\n";
  }
}

sub print_footer {
  if ($HTML eq "yes") {
    print SENDMAIL "</body></html>\n";
  } else {
    print SENDMAIL "\n";
  }
}

sub write_stats {
  # Write CSV Stats for Excel graphs and whatnot
  open (STAT, ">>$StatsFile");
  foreach $in(@SortedList) {
    print STAT "$AnsiDate,$in,$Seen{$in}\n";
  }
  close STAT;
}

sub parse_date {
  my $date=localtime();
  my ($day, $month, $num, $time, $year) = split(/\s+/,$date);
  if ($month eq "Jan") { $month = "1"; }
  if ($month eq "Feb") { $month = "2"; }
  if ($month eq "Mar") { $month = "3"; }
  if ($month eq "Apr") { $month = "4"; }
  if ($month eq "May") { $month = "5"; }
  if ($month eq "Jun") { $month = "6"; }
  if ($month eq "Jul") { $month = "7"; }
  if ($month eq "Aug") { $month = "8"; }
  if ($month eq "Sep") { $month = "9"; }
  if ($month eq "Oct") { $month = "10"; }
  if ($month eq "Nov") { $month = "11"; }
  if ($month eq "Dec") { $month = "12"; }
  $month = int($month);
  $num = int($num);
  if ($month < 10) { $fmonth = "0$month"; } else { $fmonth = "$month"; };
  if ($num < 10) { $fnum = "0$num"; } else { $fnum = "$num"; };
  $AnsiDate = "$year-$fmonth-$fnum";
}

exit 0;

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list