<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2719.2200" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=272553817-12092002>Julian,</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=272553817-12092002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=272553817-12092002>I
understand that #5 would result in a large amount of data being generated in log
files however the problem that I am attempting to solve is that the mailarchive
function uses a *huge* amount of space when enabled. In the end I am
looking to generate per user, per domain and summary statistics from this type
of log. I can see where the TO field may end up as a fairly long
string. I understand if it seems impractical.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=272553817-12092002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=272553817-12092002><!-- Converted from text/plain format -->
<P><FONT size=2>Matthew Richard<BR><A
href="mailto:matthew.richard@cocc.com">matthew.richard@cocc.com</A><BR>860-678-0444x449<BR>Connecticut
Online Computer Center<BR>Avon, CT 06001<BR></FONT></P></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=272553817-12092002><FONT
size=3><FONT color=#000000><FONT
face="Times New Roman"><STRONG></STRONG></FONT></FONT></FONT></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=272553817-12092002><FONT
size=3><FONT color=#000000><FONT face="Times New Roman"><STRONG>5. entries that
could be used to create email usage reports. For each email to have To,
From, Subject, Date, bytes, and names of any attachments would allow for easier
creation of user reports.<BR><BR></STRONG>Is there a limit on the length of a
log entry? These would be *very*
long.</FONT></FONT></FONT><BR></DIV></SPAN></FONT>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=272553817-12092002></SPAN></FONT> </DIV>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Julian Field
[mailto:mailscanner@ECS.SOTON.AC.UK] <BR><B>Sent:</B> Thursday, September 12,
2002 9:33 AM<BR><B>To:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Re:
logging<BR><BR></FONT></DIV>Ok, here are all the responses:<BR><BR><B>1. From
<$1> To <$2> virus <$3><BR><BR></B>Impossible to generically
extract the name of the virus, so this would have to include the whole virus
report.<BR><BR><B>2. something that grep could sniff out easily ONLY for
caught viruses.</B> <B>Or do you have a better solution? The Email ID to go
along with it as well would be nice. for ones that were scanned and ones that
were found to be infected<BR><BR></B>Such as?<BR><BR><B>3. I would definately
like the virus name reported by the virus engine<BR><BR></B>See
(1)<BR><BR><B>4. making the logging as machine freindly as possible
<BR><BR></B>I will do what I can.<BR><BR><B>5. entries that could be used to
create email usage reports. For each email to have To, From, Subject,
Date, bytes, and names of any attachments would allow for easier creation of
user reports.<BR><BR></B>Is there a limit on the length of a log entry? These
would be *very* long.<BR><BR><B>6. Identifiable tag<BR>When you get a chance
would you consider altering the logging code for<BR>matches on filename rules
to have an identifiable tag. E.g. instead of<BR>logging:<BR>"Executable file
in filename.exe" and "Possible MS-Dos shortcut attack<BR>in
filename.pif"<BR>Log:<BR>"Filename Rules: Executable file in filename.exe" and
"Filename rules:<BR>Possible MS-Dos shortcut attack in
filename.pif"<BR><BR></B>Definite good idea.<BR><BR>Any more thoughts from
anyone?<BR>
<DIV>-- </DIV>
<DIV>Julian
Field
Teaching Systems Manager</DIV>
<DIV>jkf@ecs.soton.ac.uk Dept.
of Electronics & Computer Science</DIV>
<DIV>Tel. 023 8059 2817
University of
Southampton</DIV>
Southampton SO17 1BJ </BLOCKQUOTE></BODY></HTML>