If you want Logwatch to display clamav-milter logs - you can use the following files (a short description is located below the files):
clamav-milter.conf: ----------------------------------------------- ######################################################## # clamav-milter script for Logwatch. # This scripts matches # clamd ver. 0.60 # clamav-milter ver. 0.55 # Logwatch ver. 4.3.1 # Written by Soren Schimkat <www.schimkat.dk> ########################################################
Title = "Clamav-milter" LogFile = maillog *OnlyService = clamav-milter *RemoveHeaders -----------------------------------------------
clamav-milter: ----------------------------------------------- #!/usr/bin/perl ######################################################## # clamav-milter script for Logwatch. # This scripts matches # clamd ver. 0.60 # clamav-milter ver. 0.55 # Logwatch ver. 4.3.1 # Written by Soren Schimkat <www.schimkat.dk> ########################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
while (defined($ThisLine = <STDIN>)) {
if (($ThisLine =~ /clean message from/)) {
$CleanMessage++;
} elsif (($ThisLine =~ /Intercepted virus/)) {
$InfectedMessage++;
} elsif (($Virus) = ($ThisLine =~ /^stream: (.*?) FOUND/i )) {
$VirusList{$Virus}++;
} elsif (($MailHost) = ($ThisLine =~ /^clamfi_connect: connection from (.*?)\n/i )) {
$MailHostList{$MailHost}++;
} else {
# Comment the following line out if using verbose logging.
push @OtherList,$ThisLine;
}
}
if ( (keys %MailHostList) ) {
print "\nHost list:\n";
foreach $MailHost (sort {$a cmp $b} keys %MailHostList) {
print "\t" . $MailHost . " - ". $MailHostList{$MailHost} . " Time(s)\n";
}
}
if ($CleanMessage) {
print "\nClean messages: ". $CleanMessage." Message(s)\n";
}if ($InfectedMessage) {
print "\nInfected messages: ". $InfectedMessage." Message(s)\n";
}if ( (keys %VirusList) ) {
print "\nVirus list:\n";
foreach $Virus (sort {$a cmp $b} keys %VirusList) {
print "\t" . $Virus . " - ". $VirusList{$Virus} . " Time(s)\n";
}
}if (($#OtherList >= 0) and (not $IngoreUnmatched)){
print "\n**Unmatched Entries**\n";
print @OtherList;
}exit(0); -----------------------------------------------
Just create the two files in your Logwatch directory structure. On a Redhat 9 maskine, the following directorys is used:
/etc/log.d/conf/services (clamav-milter.conf) /etc/log.d/scripts/services (clamav-milter)
When using these scripts, logwatch will produce a output like this:
--------------------- clamav-milter Begin ------------------------
Clean messages: 112 Message(s)
Infected messages: 24 Message(s)
Virus list:
ClamAV-Test-Signature - 1 Time(s)
Exploit.IFrame.Gen - 3 Time(s)
VBS.LoveLetter.D - 1 Time(s)
VBS/Haptime.A - 1 Time(s)
W95/Hybris.PI.003 - 1 Time(s)
Worm.BugBear.B - 4 Time(s)
Worm.Dumaru.A - 1 Time(s)
Worm.Ganda-A - 1 Time(s)
Worm.Gibe.F - 7 Time(s)
Worm.Gibe.F.UPX.2 - 1 Time(s)
Worm/Klez.H - 2 Time(s)
Yaha.P - 1 Time(s)---------------------- clamav-milter End -------------------------
Regards Søren Schimkat
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
