<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4919.2200" name=GENERATOR></HEAD>
<BODY>
<DIV><STRONG><SPAN class=267562414-12092002>></SPAN>2. something that grep
could sniff out easily ONLY for caught viruses.</STRONG> <STRONG>Or do you have
a better solution? The Email ID to go along with it as well would
be nice. for ones that were scanned and ones that were found to be
infected<BR><BR><SPAN class=267562414-12092002>> </SPAN></STRONG>Such
as?<BR><SPAN class=267562414-12092002><FONT face=Arial color=#0000ff
size=2> hmmm lets think hard on this one. DUH!</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<P><FONT size=2>Matt Doherty<BR>IT Dept<BR>Datawatch Corp<BR><BR>>>In a
world without walls or fences, who needs Windows and Gates?<<</FONT> </P>
<BLOCKQUOTE>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Julian Field
[mailto:mailscanner@ECS.SOTON.AC.UK]<BR><B>Sent:</B> Thursday, September 12,
2002 11:05 AM<BR><B>To:</B> MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Re:
logging<BR><BR></FONT></DIV>Ok, here are all the responses:<BR><BR><B>1. From
<$1> To <$2> virus <$3><BR><BR></B>Impossible to generically
extract the name of the virus, so this would have to include the whole virus
report.<BR><BR><B>2. something that grep could sniff out easily ONLY for
caught viruses.</B> <B>Or do you have a better solution? The Email ID to go
along with it as well would be nice. for ones that were scanned and ones that
were found to be infected<BR><BR></B>Such as?<BR><BR><B>3. I would definately
like the virus name reported by the virus engine<BR><BR></B>See
(1)<BR><BR><B>4. making the logging as machine freindly as possible
<BR><BR></B>I will do what I can.<BR><BR><B>5. entries that could be used to
create email usage reports. For each email to have To, From, Subject,
Date, bytes, and names of any attachments would allow for easier creation of
user reports.<BR><BR></B>Is there a limit on the length of a log entry? These
would be *very* long.<BR><BR><B>6. Identifiable tag<BR>When you get a chance
would you consider altering the logging code for<BR>matches on filename rules
to have an identifiable tag. E.g. instead of<BR>logging:<BR>"Executable file
in filename.exe" and "Possible MS-Dos shortcut attack<BR>in
filename.pif"<BR>Log:<BR>"Filename Rules: Executable file in filename.exe" and
"Filename rules:<BR>Possible MS-Dos shortcut attack in
filename.pif"<BR><BR></B>Definite good idea.<BR><BR>Any more thoughts from
anyone?<BR>
<DIV>-- </DIV>
<DIV>Julian
Field
Teaching Systems Manager</DIV>
<DIV>jkf@ecs.soton.ac.uk Dept.
of Electronics & Computer Science</DIV>
<DIV>Tel. 023 8059 2817
University of
Southampton</DIV>
Southampton SO17 1BJ </BLOCKQUOTE></BODY></HTML>