Re: [AMaViS-user] Virus senders IP report

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi  Lynn
It worked with me very well, although I have Mcafee uvscan
Thank you

Hany

----- Original Message ----- 
From: "Lynn Duerksen" <ly...@fu...>
To: <AMa...@li...>
Sent: Wednesday, April 07, 2004 5:57 PM
Subject: RE: [AMaViS-user] Virus senders IP report


>
>
> > I'm using Amavis-new from 6 months ago and it's doing  a
> > great job to block viruses and spams, however  my
> > organization has many branches abroad and some of them
> > sending much of viruses !, is there any tool that can
> > report/analyze the virus senders IPs so I can notify my
> > branches to remove the virus, I'm using the great
> > Amavis-stats tool but it has not this capability.
> > I'm using Postfix on Redhat 9.
> >
> > Any Help would be appreciated.
>
>
> I use OpenBSD 3.3, amavisd-new, postfix and ClamAV. Amavisd-new logs to
mail
> log.
>
> I use the following script to extract that information.  Amavisd-new needs
> log level 4 for this to work and I've had to adjust fields used after
> version updates of applications but it does what I need and may work for
> you.
>
> I launch it in the crontab at 4 A.M each morning on yesterdays maillog:
>
> 0       4       *       *       *       /usr/local/sbin/clamreport
> /var/log/maillog.0.gz
>
>
> - - - - - - -
>
> #!/bin/sh
> # set amavisd.conf log_level=4 to get "INFECTED" inserted into log
>
> usage() {
>     echo ""
>     echo "Usage: clamreport logfile [emailaddress]"
>     echo ""
>     exit 1
> }
>
> if [ "$1" = "" ]; then
>     usage
> fi
>
>
> filedate=`ls -l $1 | awk 'BEGIN { FS = " " } ; { print "Date: " $6 " " $7
> }'`
> datafile="$1"
> # pull virus sender data from yesterday's maillog and send result to root
> zgrep -ai "infected" $datafile | awk 'BEGIN { FS = "[()<>]+" } ; { print
"("
> $4 ")\tfrom\t" $6 "\tto\t" $9 }' | sort > /tmp/clamreport.txt
> report0=`uniq -c /tmp/clamreport.txt`
> awk 'BEGIN { FS="\t" } ; { print $1 }' /tmp/clamreport.txt | sort -d>
> /tmp/clamreport1.txt
> awk 'BEGIN { FS="\t" } ; { print $3 }' /tmp/clamreport.txt | sort -d>
> /tmp/clamreport2.txt
> report1=`uniq -c /tmp/clamreport1.txt | sort -nr`
> report2=`uniq -c /tmp/clamreport2.txt | sort -nr`
> exec 1>/var/log/clamreport
> exec 2>&1
> echo ""
> echo
>
"-------------------------------------------------------------------------"
> echo "             Blocked Viruses "
> echo
>
"-------------------------------------------------------------------------"
> echo "$filedate"
> echo ""
> echo "$report0"
> echo
>
"-------------------------------------------------------------------------"
> echo "By Virus"
> echo
>
"-------------------------------------------------------------------------"
> echo "$report1"
> echo ""
> echo
>
"-------------------------------------------------------------------------"
> echo "By Sender"
> echo
>
"-------------------------------------------------------------------------"
> echo "$report2"
> cat /var/log/clamreport | mail -s "ClamAV Virus Report" username@domain
>
> - - - - - - - - - - -
>
>
> Lynn Duerksen
> Technical Manager
> Futureware Distributing, Inc
>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> AMaViS-user mailing list
> AMa...@li...
> https://lists.sourceforge.net/lists/listinfo/amavis-user
> AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
> AMaViS-HowTos:http://www.amavis.org/howto/
>