Building a log gathering agent
Denis Beauchemin
Denis.Beauchemin at USherbrooke.ca
Mon Mar 5 22:12:05 CET 2007
Denis Beauchemin a écrit :
> Hugo van der Kooij a écrit :
>> On Mon, 5 Mar 2007, Hugo van der Kooij wrote:
>>
>>
>> There is a new version out which now handles ClamAV module,
>> BitDefender and McAfee in the french version as well.
>>
>> I also dropped the syslog module for now. So it flies instead of
>> crawling.
>>
>> Get it at http://hugo.vanderkooij.org/email/scans/maillog-virus.pl
>>
>> If you got any scanner active not yet listed or doubt it will work
>> for you give this new one a shot.
>>
>> Hugo.
>>
> Hugo,
>
> The right URL is:
> http://hugo.vanderkooij.org/email/stats/maillog-virus.pl
>
> The French version of McAfee messages is probably only running at
> USherbrooke.ca... ;)
>
> Denis
>
After testing the new version I find it much more interesting!
I had the following misinterpreted line:
McAfee:
/l255g8Ct024133/msg-16689-948.txt/Update-KB7187-x86.zip/UPDATE-KB7187-X86.EXE
Found trojan or variant New Malware.n:1
I would also like to be able to call it without the "-l logfile"
arguments, such as for:
zcat /var/log/old/maillog.20070301.gz | ./maillog-virus.pl
or
zcat /var/log/old/maillog.20070301.gz | ./maillog-virus.pl -l -
but the script just won't let me.
Thanks!
Denis
PS: replying to myself... yes I am thinking about switching to Postfix! ;-)
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x62252 F: 819.821.8045
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070305/f8d35d5d/smime.bin
More information about the MailScanner
mailing list