Maillog-virus.pl 20070307
Erik van der Leun
evanderleun at hal9000.nl
Sun Mar 11 13:39:51 CET 2007
Hugo van der Kooij wrote:
> Hi,
>
> I did manage to get the timestamps sorted out a bit. (If someone has a
> log file of last year they could see if the timestamps are ok on
> those.) Anything over 11 months old will propably get an inaccurate
> timestamp.
>
> Download: http://hugo.vanderkooij.org/email/stats/maillog-virus.pl
>
> So I now seem to have a way to get the 3 ingredients I want to collect:
> timestamp; AV tool; infection name.
>
> The next thing is to write a collector to handle these reports, put
> them in a database and show some nice statistics about them.
>
> That way there is a way to build a insight into current malware
> activity. At least it could tell what is hot today or what was hot
> yesterday or last week or ....
>
> And finaly it need to be secured so only participating parties can
> have their logs analyzed and added to the database so there is at
> least a reasonable amount of accuracy.
>
> In the end it should resemble the dshield way of doing things by
> publishing the interchange format so people can write their own
> collectors.
>
> So please give this script a spin to see if the collecting is nearing
> accuracy for systems running MailScanner and logging silent virusses
> including the AV info.
>
> The MailScanner config I use contains:
> Virus Scanning = yes
> Virus Scanners = clamav f-prot mcafee
> Silent Viruses = HTML-IFrame All-Viruses
> Log Silent Viruses = yes
>
> (I also wrote a bit to parse BitDefender for now.)
>
> Hugo.
>
> --
> hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
> This message is using 100% recycled electrons.
>
> Some men see computers as they are and say "Windows"
> I use computers with Linux and say "Why Windows?"
> (Thanks JFK, for the insight.)
Nice script :^>
The filename made me look carefully what it did though :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070311/ce3f5b00/attachment.html
More information about the MailScanner
mailing list