Maillog-virus.pl 20070307
Hugo van der Kooij
hvdkooij at vanderkooij.org
Wed Mar 7 23:28:42 CET 2007
Hi,
I did manage to get the timestamps sorted out a bit. (If someone has a log
file of last year they could see if the timestamps are ok on those.)
Anything over 11 months old will propably get an inaccurate timestamp.
Download: http://hugo.vanderkooij.org/email/stats/maillog-virus.pl
So I now seem to have a way to get the 3 ingredients I want to collect:
timestamp; AV tool; infection name.
The next thing is to write a collector to handle these reports, put them
in a database and show some nice statistics about them.
That way there is a way to build a insight into current malware activity.
At least it could tell what is hot today or what was hot yesterday or last
week or ....
And finaly it need to be secured so only participating parties can have
their logs analyzed and added to the database so there is at least a
reasonable amount of accuracy.
In the end it should resemble the dshield way of doing things by
publishing the interchange format so people can write their own
collectors.
So please give this script a spin to see if the collecting is nearing
accuracy for systems running MailScanner and logging silent virusses
including the AV info.
The MailScanner config I use contains:
Virus Scanning = yes
Virus Scanners = clamav f-prot mcafee
Silent Viruses = HTML-IFrame All-Viruses
Log Silent Viruses = yes
(I also wrote a bit to parse BitDefender for now.)
Hugo.
--
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for the insight.)
More information about the MailScanner
mailing list