Building a log gathering agent

Denis Beauchemin Denis.Beauchemin at
Mon Mar 5 16:11:51 CET 2007

Hugo van der Kooij a écrit :
> Hi,
> I am attempting to build a more concise overview of infections based 
> on MailScanner logs.
> The first stage is to write an agent to gather the logs. I wrote one 
> that can understand ClamAV, F-Prot and McAfee output as far as I could 
> test it on my logs.
> If you are willing to assist me I would appreciate it if you can get 
> the perl script from: 
> You need the following perl modules:
>     File::Basename;
>     Getopt::Std;
>     Parse::Syslog;
>     Time::Local;
> (Centos users should be able to get all of the through `yum install` 
> commands. But I will not document it at this time.)
> Please run it against 1 of your logfiles and store the output. If you 
> get anything other than a overview of the number of hits on scanners I 
> would very appriciate it if you could send me the output file along 
> with a filtered output of your logfile by email so I can anticipate 
> other scanners and other detection strings.
> For example:
> ./ -l /var/log/maillog.1 > /tmp/hvdkooij-output
> grep "Viruses marked as silent" > /tmp/hvdkooij-syslog
> tar -tzf /tmp/hvdkooij.tar.gz /tmp/hvdkooij-output /tmp/hvdkooij-syslog
> If you use your own initials instead of mine I can keep the seperated 
> more easily.
> I will try to update the script based on your feedback the upcoming week.
> Thanks,
> Hugo.
Hi Hugo,

It's awfully slow on my 471,455 lines maillog: 3m36.936s;  I have a 
similar script that goes through the same file in 0m0.196s!

Besides it doesn't seems to know about "ClamAV Module:" nor 
"Bitdefender:" (but you didn't mention this one as supported).


  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the MailScanner mailing list