On Mon, Aug 09, 2004 at 04:10:22PM -0400, Brett Simpson said: > Is there a way I can configure the following log entry for Clamav-milter to also > output the origin address? The reason I'm asking is because I'm using a script to go > through the log file and count all of the big virus senders but it takes forever to > run since I'm having to loop through my maillog file to find the message id > "i79K3CfR009900" with the ip address. > > So I see this.... > Aug 9 16:03:14 ns2b clamav-milter[9851]: i79K3CfR009900: stream: > Trojan.JS.RunMeIntercepted virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> > > But would like to see something similar to this...(if possible) > Aug 9 16:03:14 ns2b clamav-milter[9851]: i79K3CfR009900: stream: > Trojan.JS.RunMeIntercepted virus from <[EMAIL PROTECTED]> at 4.4.103.77 to <[EMAIL > PROTECTED]>
Don't loop - make a more complicated data structure, like a multi level hash (ugly pseudo-code to follow): my %hash = [ i79K3CfR009900 => [ virus => Trojan.JS.RunMeIntercepted, to => [EMAIL PROTECTED], from => [EMAIL PROTECTED], ip => 4.4.103.77,], nextmessageid => [ ...], ]; Just read the file once, fill in the bits as you go, and process the whole thing at the end. As for your actual question, I don;t think the milter has access to that - it gets the email as a data stream from sendmail, and is relatively isolated from the actual connection, AFAIK. -- -------------------------------------------------------------------------- | Stephen Gran | <Kensey> RMS for President??? <RelDrgn> | | [EMAIL PROTECTED] | ...or ESR, he wants a new job ;) | | http://www.lobefin.net/~steve | | --------------------------------------------------------------------------
pgpmlHGw3bGbo.pgp
Description: PGP signature
