I've downloaded a script that is supposed to output stats on virus's that clamav detects. Needless to say its not working correctly and I'm soliciting some help since I know nothing about perl. I'm sort of getting output however it doesn't show any virus's detected. I'd attach the script but I don't know how the listowner is about attachments. If some kind soul would like to take a look at it I'll email it to them or if its permissable to attach it here I'll do that. Clamav is called via a plugin for SA, my /var/log/clamav/clamd.log shows virus's being detected, they're just not showing up when the stats script is run:
Wed May 24 18:33:49 2006 -> Accepted connection on port 1451, fd 8
Wed May 24 18:33:49 2006 -> stream:
Html.Phishing.Bank.Gen503.Sanesecurity.06042004 FOUND
Wed May 24 18:33:52 2006 -> Accepted connection on port 1995, fd 8
Wed May 24 18:33:52 2006 -> stream:
Html.Phishing.Bank.Gen503.Sanesecurity.06042004 FOUND
Wed May 24 18:50:26 2006 -> SelfCheck: Database status OK.
Wed May 24 18:50:26 2006 -> Accepted connection on port 1141, fd 8
Wed May 24 18:50:26 2006 -> stream: Html.Phishing.Bank.Sanesecurity.06032100
FOUND
Below is the output from a run of the script:
Output from command /usr/local/bin/clamstats.pl ..
ClamAV Statistics
cpollock
--------------------------------------------------------
clamd last started Sat May 20 16:07:28 2006
--------------------------------------------------------
Statistics since
Last Database Update Wed May 24 16:13:29 2006
--------------------------------------------------------
Total viruses detected 0
Total Database Signatures 56,471
--------------------------------------------------------
1 FreshClam errors, last on Thu May 11 01:11:40 2006: Can't query
current.cvd.clamav.net
0 Virus Types Detected
------------------------------------------
0 File Extensions Used
--------------------------
By Date ( . = 1 viruses )
--------------------------
By Hour ( . = 1 viruses )
--------------------------
By Month ( . = 1 viruses )
-------------------------
By Year ( . = 1 viruses )
--------------------------
One thing that was pointed out to me by someone else who looked at the
script, but doesn't run clamv is this:
"I'm really not that familar with clamav log files, but the script is
looking
for
patterns in the log that it is not finding. This regular expression test on
line 96
is never true:
if (/(\w+)\s(\w+)\s{1,2}(\d{1,2})\s(\d+:\d+:\d+)\s(\d+).
+mdefang-(\w+)\/Work\/msg-\d+-\d+\.(\w+):\s+(.+)\sFOUND/) {
so it never picks up anything.
Why it's looking for these specific strings, I don't know. because I don't
know clamav"
As I said, being a new subscriber to the list I'm not sure if I can attach
the script or not.
Any assistance will be appreciated.
--
Chris
Registered Linux User 283774 http://counter.li.org
20:48:38 up 10 days, 8:48, 2 users, load average: 0.86, 0.68, 0.39
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
pgpzinpoZc0g3.pgp
Description: PGP signature
