[Clamav-users] Re: Application to generate CLAMAV report

Fri, 26 Mar 2004 10:20:08 -0800 

Ralph Angenendt wrote:

[...]

>     grep FOUND /var/log/messages \
>     | cut -d ":" -f 5 \
>     | sed -e "s/\ FOUND//" \
>     | sort \
>     | uniq -c \
>     | sort -r
> 
> This gives us the following output (yes, no percentages, one might hack
> that into it):
> 
>    9353  Worm.SomeFool.Gen-1
>    3647  Worm.SomeFool.P
>    2312  Worm.SomeFool.Gen-2
>     912  Worm.Sober.D
>     521  Worm.Dumaru.A
>     174  Worm.SomeFool.I
>      55  Worm.Mydoom.F
>      53  Worm.Dumaru.K
>      39  Worm.Dumaru.Y
>      35  Worm.Bagle.Gen-zippwd
>      23  Worm.Bagle.Gen-1
>      [...]

:) That's interesting. I use something very similar with qmail-scanner on
FreeBSD. And all this time I thought I was being clever. :)

zcat /var/spool/qmailscan/quarantine.log.0.gz \
| awk 'BEGIN { FS = "\t" }{print $5};' \
| sed 's/ - Files.*/ - (ATTACHMENT)/' \
| sort -d | uniq -c | sort -n -r

Here's a sample output:

 490 Worm.SomeFool.P
 382 Worm.SomeFool.Gen-1
 134 JS.Spam.Scramble.A
  54 Worm.SomeFool.I
  31 Worm.SomeFool.Gen-2
  19 Worm.Gibe.F
  18 Disallowed content found in MIME attachment - potential virus
  15 Worm.Klez.H
  14 Encrypted.Zip
  13 Worm.Bagle.N
   8 Disallowed MIME boundary found in attachment - potential virus
   6 Worm.Dumaru.A
   2 Worm.SomeFool.O
   2 Worm.Ganda-A
   2 CIH #2
   1 Worm.SomeFool.F
   1 Worm.BugBear.B
   1 Worm.Bagle.H-zippwd-1
   1 Worm.Bagle.Gen-1
   1 W32.Magistr.B5
   1 W32.Magistr.B
   1 Trojan.URLspoof.gen.2
   1 SCR - (ATTACHMENT)
   1 PIF - (ATTACHMENT)
   1 LNK - (ATTACHMENT)
   1 Exploit.HTML.Bagle.Gen-7-eml
   1 Exploit.HTML.Bagle.Gen-3-eml
   1 Disallowed breakage found in header name - potential virus


-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to