Erik van der Leun evanderleun at
Sun Mar 11 13:39:51 CET 2007

Hugo van der Kooij wrote:
> Hi,
> I did manage to get the timestamps sorted out a bit. (If someone has a 
> log file of last year they could see if the timestamps are ok on 
> those.) Anything over 11 months old will propably get an inaccurate 
> timestamp.
> Download:
> So I now seem to have a way to get the 3 ingredients I want to collect:
> timestamp; AV tool; infection name.
> The next thing is to write a collector to handle these reports, put 
> them in a database and show some nice statistics about them.
> That way there is a way to build a insight into current malware 
> activity. At least it could tell what is hot today or what was hot 
> yesterday or last week or ....
> And finaly it need to be secured so only participating parties can 
> have their logs analyzed and added to the database so there is at 
> least a reasonable amount of accuracy.
> In the end it should resemble the dshield way of doing things by 
> publishing the interchange format so people can write their own 
> collectors.
> So please give this script a spin to see if the collecting is nearing 
> accuracy for systems running MailScanner and logging silent virusses 
> including the AV info.
> The MailScanner config I use contains:
> Virus Scanning = yes
> Virus Scanners = clamav f-prot mcafee
> Silent Viruses = HTML-IFrame All-Viruses
> Log Silent Viruses = yes
> (I also wrote a bit to parse BitDefender for now.)
> Hugo.
>  --
>     hvdkooij at
>         This message is using 100% recycled electrons.
>     Some men see computers as they are and say "Windows"
>     I use computers with Linux and say "Why Windows?"
>         (Thanks JFK, for the insight.)
Nice script :^>
The filename made me look carefully what it did though :)
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list