On Tue, 18 May 2004, Antony Stone wrote: > On Tuesday 18 May 2004 3:39 pm, Samuel Benzaquen wrote: > > > I'm trying to do a report of how clamav have reduced disk usage by blocking > > virus emails. > > Huh? That seems like a very strange measure of benefit from blocking viruses > to me.
Depends on how much disk space you have to burn. We used to filter incoming viruses to a mailbox. During an outbreak it wasn't uncommon for it to "break" when the mailbox file hit the 2G filesize limit. > > What I need is the virus size. Can I get that from the signature file? > > No. You might be able to get an idea from some other A-V vendors' websites, > but I wouldn't think it's commonly listed information. > > Anyway, what do you want to measure the size of? The raw binary? A > UUencoded MIME attachment? Base64? All these things and more will be very > different sizes. I'd recommend looking at http://vil.nai.com/. They have the size listed for each virus. If you're thinking of encoded stuff (base64) then multiply by 4/3 and add a couple K for headers. You can use http://www.rainingfrogs.co.uk to translate from ClamAV names to NAI names. Most of the time there are only a few viruses to worry about, so just count the big ones (grep and wc -l are great for this) and multiply the sizes. Should only take maybe an hour to get a fairly accurate estimate. Of course, there's a catch if it was sent to a mailing list, since you'll only see one block in your logs, but it actually prevented 10+ people from getting it saved to their inboxes. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
