Re: [Declude.Virus] Virus Log Batch?

[smb]

Grant,

If you are referring to the Virus Log Analyzer at
http://www.csonline.net/imailstuff/viruslog.htm

There is an auto run option in the latest version that allows you to set a
run time and will e-mail the results.

When you check the auto run box a selection is provided to set the time and
select the file to be analyzed. Then just minimize the program. 

Stu

At 03:47 PM 7/14/2005 -0500, you wrote:
Does anyone have a batch file that runs the Virus Log Analyzer on a nightly
basis and emails the results to an admin?  We are wanting to run this report
on a nightly or every so many hours to send the report to the network
security person to contact the customer and let them know they are sending
viruses out.  I have looked on the Declude site, but the one link to a batch
file is not working.  We are mostly intereted in the IP the email is coming
from.  We can not control incoming much, but can control the outgoing.

 

Thanks,

Grant Griffith

EI8HTLEGS, A Division of ETC

(812)932-1000

 

html xmlns:o=urn:schemas-microsoft-com:office:office
xmlns:w=urn:schemas-microsoft-com:office:word
xmlns=http://www.w3.org/TR/REC-html40;

head
META HTTP-EQUIV=Content-Type CONTENT=text/html; charset=us-ascii
meta name=Generator content=Microsoft Word 11 (filtered medium)
style
!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
   {margin:0in;
   margin-bottom:.0001pt;
   font-size:12.0pt;
   font-family:Times New Roman;}
a:link, span.MsoHyperlink
   {color:blue;
   text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
   {color:purple;
   text-decoration:underline;}
span.EmailStyle17
   {mso-style-type:personal-compose;
   font-family:Arial;
   color:windowtext;}
@page Section1
   {size:8.5in 11.0in;
   margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
   {page:Section1;}
--
/style

/head

body lang=EN-US link=blue vlink=purple

div class=Section1

p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt;
font-family:Arial'Does anyone have a batch file that runs the Virus Log
Analyzer on a nightly basis and emails the results to an admin?nbsp; We
are wanting
to run this report on a nightly or every so many hours to send the report to
the network security person to contact the customer and let them know they are
sending viruses out.nbsp; I have looked on the Declude site, but the one
link to a
batch file is not working.nbsp; We are mostly intereted in the IP the email is
coming from.nbsp; We can not control incoming much, but can control the
outgoing.o:p/o:p/span/font/p

p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt;
font-family:Arial'o:pnbsp;/o:p/span/font/p

p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt;
font-family:Arial'Thanks,/span/fonto:p/o:p/p

p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt;
font-family:Arial'Grant Griffith/span/fonto:p/o:p/p

p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt;
font-family:Arial'EI8HTLEGS, A Division of ETC/span/fonto:p/o:p/p

p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt;
font-family:Arial'(812)932-1000/span/fonto:p/o:p/p

p class=MsoNormalfont size=3 face=Times New Romanspan style='font-size:
12.0pt'o:pnbsp;/o:p/span/font/p

/div

/body

/html


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Virus log program / new log format

[smb]

John,

The answer to your question is Yes this is something that will be looked at.

Steve has been on another project that is just finishing so there should be
some time to have him look at this and correct this issue.

I will try and have time frame for you by tomorrow.

Stu





At 02:26 PM 6/7/2005 -0500, you wrote:
This is directed to Stephen Slater (csonline.net), author of
VirusLogAnalyzer 3.0 beta.

Stephen:

A change in logging format for Declude Virus (EVA) apparently has broken the
program.  (Getting a division by zero error.)  Any chance you might be
updating this program?  Really did like it. 

Thanks,
John

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] New Virus option question

[smb]

Scott,

Would it be possible to add an option to the per user setting in Declude
virus to

A) allow the vulnerabilities test to be skipped per user while maintaining all 
   other defined virus scanning 
or 

B) to override the virus.cfg defined virus action for email failing 
   vulnerabilities test. 

like [EMAIL PROTECTED] BANCRVIRUSES OFF 

or   [EMAIL PROTECTED] BANCRVIRUSES NOACTION

In the past this was mostly a now and then issue. However lately this has
come up more often. Luck of the draw I guess.

Just asking

Stu
-
CSOnline Technical Support Normal hours - Monday thru Saturday 8am - 12pm 

CSOnline Technical Support Numbers 
Seneca814-677-2447   Clarion   814-227-3638   Cochranton   814-425-1696
Parker724-399-1158   GremLan   814-337-7060 
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com
http://www.gremlan.org  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] CSonline Virus Log analyser

[smb]

John,

My apologies as I completely missed your first message.

Yes this is somthing will look into adding.


Stu




Any comments?

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


 -Original Message-
 
 Feature request:
 
 List number by extension messages held for banned extension.
 
 John Tolmachoff
 Engineer/Consultant/Owner
 eServices For You
-
CSOnline Technical Support Normal hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Summer hours - Monday thru Saturday 8am - 12pm 
 (June - July - August) 
CSOnline Technical Support Numbers 
Seneca814-677-2447   Clarion   814-227-3638   Cochranton   814-425-1696
Parker724-399-1158   GremLan   814-337-7060 
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com
http://www.gremlan.org  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] log file analyzer

[smb]

Andy,

If you have not gotten this to work yet pelase send me a copy of the log
file off list at [EMAIL PROTECTED] so we can see what might be happening.

Also what version of declude are you using.

Stu


At 09:04 AM 01/31/2004 -0500, you wrote:
I tried 2.2, did the same thing.

thanks, andy

- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, January 31, 2004 2:07 AM
Subject: RE: [Declude.Virus] log file analyzer


As far as the error message, you need to comment out or delete a part of the
setup config file, I forget what it is called. I think it is the second
section. The one that talks about some vb dll and such.

I am using version 1.2 and 2.2 fine. Try using 2.2.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.Virus-
 [EMAIL PROTECTED] On Behalf Of andyb
 Sent: Friday, January 30, 2004 9:16 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.Virus] log file analyzer

 Yes, I did the install in that order.

 I got an error with on the NT boxes on the install, but on a Win 2000
 server
 and on the Win98 box, the install went fine.

 The analyzer appears to be working, it just isn't counting the virus, only
 the CR vulnerability.

 thanks, andy
 - Original Message -
 From: Fritz Squib [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Friday, January 30, 2004 11:46 PM
 Subject: RE: [Declude.Virus] log file analyzer


 Andy,
  I,m using http://www.csonline.net/imailstuff/viruslog.htm v 3.0.0 beta on
 Declude v1.77i12 Pro and it's working fine.

 Only 1 scanner, f-prot.

 You DID run the installer from v222 first THEN replace the 222 executable
 with the 3.0.0, right?

 Fritz

 Frederick P. Squib, Jr.
 Network Operations/Mail Administrator
 Citizens Telephone Company of Kecksburg
 http://www.wpa.net

 ()  ascii ribbon campaign - against html mail
 /\- against microsoft attachments

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of andyb
 Sent: Friday, January 30, 2004 11:13 PM
 To: [EMAIL PROTECTED]
 Subject: Fw: [Declude.Virus] log file analyzer


 Hi everyone,

 Scott, anybody, does the log file analyzer work?  Am I chasing my tail
 here?
 Is there a log file analyzer out there that IS working?  If so can someone
 point the way?  I've looked in the archives and haven't found anything.

 This the 3rd post, and haven't even gotten a grunt from anyone yet

 Thanks, Andy

 - Original Message -
 From: andyb
 To: [EMAIL PROTECTED]
 Sent: Friday, January 30, 2004 5:12 PM
 Subject: [Declude.Virus] log file analyzer


 HI,

 The log file analyzer 3.0 is counting the carriage return vulnerablity,
 but
 not the virus.  There are hundreds of virus in log files.  It also appears
 that the .txt file is properly formed (no garbage, it is just saying there
 are - 0 - virus found)

 I'm using declude 1.77.

 I've tried installing the analyzer on 4 different computers, 3 different
 operating systems so it appears that there may be an issue with the log
 files, not with the analyzer.

 There is nothing about this in the archives that I could find.

 What does the log analyzer need to have in the logs to count the virus?

 Guidance please.

 thanks, Andy
 Thumpernet

 ---
 [This E-mail scanned by Citizens Internet Services with Declude Virus.]

 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.The archives can be found
 at http://www.mail-archive.com.


 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.The archives can be found
 at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


-
CSOnline Technical Support Normal hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Summer hours - Monday thru Saturday 8am - 12pm 
 (June - July - August) 
CSOnline Technical Support Numbers 
Seneca

[Declude.Virus] Virus Log Analyzer 3.0 beta

[smb]

We have posted a new (beta) version of the virus log analyzer.

http://www.csonline.net/imailstuff/viruslog.htm

The Virus report (examples below) now includes a virus count by sending IP
address. Requires Declude Virus 1.66 or higher for IP reporting.

 The option to for more detail by including the from information in virus
 count by ip address data.

 The ability to configure the program to exclude forging virus names from 
 the count by IP address tallys. This does not affect the virus count by

 name part of the report.  

An Autorun feature. Sorry this is not command line yet. However in can be
run minimized, has schedulin  and will e-mail the results.

The autorun feature is where we are still working on some issues. 
Please read the notes paying particular attention to the notes on file location.

Stu


Examples:

Virus Summary by Count ---

Count  Inbound/OutboundName
337   337 / 0   W32/[EMAIL PROTECTED]
222 7 / 215 W32/Hybris.worm.B
92 57 / 35  W32/[EMAIL PROTECTED]

--

IP Virus Summary -

IP AddressCount Inbound / Outbound

xxx.xxx.xxx.211 3   0 / 3
xxx.xxx.xxx.30  82  82 / 0
xxx.xxx.xxx.59  18  18 / 0
xxx..xxx.60 351 351 / 0




Virus Summary by Count ---

Count  Inbound/OutboundName
337   337 / 0   W32/[EMAIL PROTECTED]
222 7 / 215 W32/Hybris.worm.B
92 57 / 35  W32/[EMAIL PROTECTED]

--

IP Virus Tally ---

IP AddressVirus Name   Sender - In/Outbound
xxx.xxx.xxx.211 W32/Hybris.worm.B   (3) - Outbound
xxx.xxx.xxx.30  W32/[EMAIL PROTECTED]   [EMAIL PROTECTED](1) - Inbound
xxx.xxx.xxx.30  W32/[EMAIL PROTECTED]   [EMAIL PROTECTED](2) - Inbound


-
CSOnline Technical Support Normal hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Summer hours - Monday thru Saturday 8am - 12pm 
 (June - July - August) 
CSOnline Technical Support Numbers 
Seneca814-677-2447   Clarion   814-227-3638   Cochranton   814-425-1696
Parker724-399-1158   GremLan   814-337-7060 
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com
http://www.gremlan.org  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Virus Log Analyzer..

[smb]

From the report format I believe you downloaded this from
http://www.csonline.net/imailstuff/viruslog.htm

I belive the issue is your version. The report states Version 1.2. it should
be version 2.2.2

Try downloading version 2.2.2.
http://www.csonline.net/imailstuff/viruslog.htm  (right above the full install)

The full set up was for those that did not have VB runtime. Once that is
installed either via the full set up or by some other VB program all that is
needed is the update.

Seems we missed getting to updating the full install to include the latest
version. My apologies other internal projects seem to have taken priority. 

Stu

Report on a log file using 2.2.2

Virus Log Analyzer  Report Date: 08/27/2003 12:20:56 PM
Source Files: 
v0822ml.log
**
Scan Summary -
Total Emails Scanned= 117,228
Total Emails Clean  = 112,465
Total Emails Infected   = 4,763Inbound=4,581 / Outbound=182
Outlook vulnerabilities = 209
Infected / Scanned  = 4.063 %
--
Log File Summary -
Log NameVirus Count Total Scanned
v0822ml.log 4,763   117,228
--
Virus Summary by Count ---
Count  Inbound/OutboundName
4,495   4,495 / 0   W32/[EMAIL PROTECTED]
126 1 / 125 W32/Hybris.worm.B
91 58 / 33  W32/[EMAIL PROTECTED]
13  0 / 13  W32/[EMAIL PROTECTED]
11  1 / 10  W32/[EMAIL PROTECTED]
9   9 / 0   W32/[EMAIL PROTECTED]
8   8 / 0   W32/[EMAIL PROTECTED]
4   4 / 0   W32/[EMAIL PROTECTED]
3   3 / 0   VBS/Lovelorn.dropper
1   1 / 0   W32/[EMAIL PROTECTED]
1   0 / 1   W32/Hybris.worm.D
1   1 / 0   W32/[EMAIL PROTECTED]
--

-
CSOnline Technical Support Normal hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Summer hours - Monday thru Saturday 8am - 12pm 
 (June - July - August) 
CSOnline Technical Support Numbers 
Seneca814-677-2447   Clarion   814-227-3638   Cochranton   814-425-1696
Parker724-399-1158   GremLan   814-337-7060 
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com
http://www.gremlan.org  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] Hourly Logs?

[smb]

You could use NT's scheduler to rename the files on a hourly (or whatever)
time frame.

Stu




At 02:59 PM 02/20/2003 -0600, you wrote:
Does anyone know of a way to set the logs to go hourly? Our daily logs, set
on Low are reaching over 100 megs.

Thanks.

Bralynn


[Scanned by AwesomeNet Anti-Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

DSN:Re: [Declude.Virus] Tis the season log analzyer

[smb]

Tis the seaon to be jolly  
Consider this it being looked at.

Questions and suggestions can be posted to this list or sent to be directly at
[EMAIL PROTECTED]

Stu


At 08:29 AM 12/09/2002 -0600, you wrote:
The holiday junk mail sure has kicked up its pace.  Declude Antivirus is 
  catching so many of them by Outlook vulnerabilities, starting to 
wonder if I really need Junkmail --  (don't worry, Scott, the order 
should be on it way shortly.)

Who do I get in contact with about the Antivirus log analyzer program 
(from CSonline -- but don't know who there is doing it.)  Have 
suggestion of adding the from addresses to report output -- so one 
could cut/paste to kill file if they wanted to or at least see who the 
bad boys are.

Thanks,
John

-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

DSN:Re: [Declude.Virus] Tis the season log analzyer

[smb]

The main reason this has not been done in the past is due to the number of
forged from addresses that show up.  Snowhite for example shows up with 
in the from address. However we may be able to add something for those that
want to trust this information.

Stu



At 08:29 AM 12/09/2002 -0600, you wrote:
The holiday junk mail sure has kicked up its pace.  Declude Antivirus is 
  catching so many of them by Outlook vulnerabilities, starting to 
wonder if I really need Junkmail --  (don't worry, Scott, the order 
should be on it way shortly.)

Who do I get in contact with about the Antivirus log analyzer program 
(from CSonline -- but don't know who there is doing it.)  Have 
suggestion of adding the from addresses to report output -- so one 
could cut/paste to kill file if they wanted to or at least see who the 
bad boys are.

Thanks,
John

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

DSN:Re: [Declude.Virus] Something wrong?

[smb]

Craig,

There is no weight in the third column and the type is helovalid.

The line should look like this

HELOBOGUS   helovalid   x   x   1   0


Stu




At 04:32 PM 06/26/2002 -0400, you wrote:
Am I doing something incorrectly? I have put the following lines in my
config files:

Global.cfg
HELOBOGUS  helobogus   x   x   0   0

$default$.junkmail
HELOBOGUS  HOLD

F:\IMaildeclude -diag
Declude (C) Copyright 2000-2002 Computerized Horizons.  All Rights Reserved.


Diagnostics ON (Declude v1.55).

Declude JunkMail:  Config file found (F:\IMail\Declude\global.CFG).
Declude Virus: Config file found (F:\IMail\Declude\Virus.CFG).
Declude Hijack:Not installed (no F:\IMail\Declude\Hijack.CFG file).
Declude Confirm:   Not installed (no F:\IMail\Declude\Confirm.CFG file).

So why am I getting none of these bogus emails being held? I find it
impossible to believe that I am not getting any bogus connections. We handle
over 2 million emails a month.


Craig.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

DSN:RE: Re: [Declude.Virus] E-Mail Count

[smb]

Rodney,

For a quick and dirty count of Inbound vs. Outbound you can download the
unix/dos tools from   http://unxutils.sourceforge.net/ and use a line like 

grep -i -c ldeliver log.txt(Local/inbound Deliveries)
grep -i -c rdeliver log.txt(Remote/outbound Deliveries)
grep -i -c gdeliver log.txt(gateway Deliveries if needed)

or on NT you could use

find /C /I ldeliver log.txt
find /C /I rdeliver log.txt
find /C /I gdeliver log.txt

/C = display count only  
/I = ignore case

This will give you a good count of just the number of outbound vs. inbound 
messages.

Stu


At 09:28 AM 06/03/2002 -0400, you wrote:
I'll take a look at the I-Mail analyzer, but I won't go in expecting too
much. ;-)   I've been spoiled by Scott and all that Declude has to offer.

Thanks!

Rodney

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Monday, June 03, 2002 9:14 AM
To: [EMAIL PROTECTED]
Subject: DSN:Re: [Declude.Virus] E-Mail Count


Rodney,

If by regular e-mail you mean messages not containg a virus the answer is no
as this is not recorded in the logfile. (at least not at the MID level)
Something like this must be gathered from the IMail logs and one of the
IMail log file analyzer. IMail has been beta testing their own version on
this on the IMail list.

Scott and the fokes at Declude were nice enough to include an in/out
indicator for the virus messages at the MID level upon request. It may be a
bit much to ask for this on the regular mail messages.

Stu


At 07:55 AM 06/03/2002 -0400, you wrote:
Hello,

I've recently downloaded the Virus Log Analyzer and love the report it
generates.  The only thing it's missing is a breakdown on regular e-mail as
to # incoming and # outgoing.  Is there a way to generate this?

Thanks,

Rodney

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .



-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am
CSOnline Technical Support Numbers Seneca814-677-2447
  Clarion   814-227-3638
  Meadville 814-425-1696
  Parker724-399-1158
http://www.csonline.net  http://www.cshowcase.com
http://www.learncenter.com

-

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] DSN:New Version of Virus Log Analyzer

[smb]

I dosen't cost anything so it must be a minor one :) :)

Stu


At 04:54 PM 05/09/2002 -, you wrote:
is is a major or minor upgrade ?
:)


- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 09, 2002 4:28 PM
Subject: [Declude.Virus] DSN:New Version of Virus Log Analyzer


 New version of the Virus Log Analyser has been posted.

-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] DSN:New Version of Virus Log Analyzer

[smb]

No I don't believe you are doing anything wrong. 

I received one other report on this. They noticed that the program won't
create a new file but if you select an existing file it will work. You might
want to try this as a possible work around. Making a blank file with notepad
then selecting it.

Nothing on this should be different but we are checking to see if there is
something that might have gotten changed that would cause this in some
instances.

Stu

At 08:18 AM 05/10/2002 -0500, you wrote:
I just downloaded your latest version of Virus Log Analyzer and I cannot
get it to work. I keep getting an error about the source and output
files being the same. They are not. I have attached a screen shot of the
files I have selected and the error dialog.
Am I doing something wrong here? My previous version (1.2) worked fine.

John Olden - Systems Administrator
Champaign Park District

-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

RE: [Declude.Virus] DSN:New Version of Virus Log Analyzer

[smb]

Something for the future?  How about Inbound and outbound counts by domain
for those of us who use the Pro version and need/want stats on a per domain
basis.




We run the pro version also. We have looked at this before but have stayed
away from it as it may not be too accurate due to a few of the viruses
forging the to: and from: addresses. 

For example this is a log entry for the Snow White virus that was caught.

05/08/2002 00:01:11 Qa2fb1b2 Scanner 1: Virus=: W32/Hybris.worm.B   
05/08/2002 00:01:11 Qa2fb1b2 File(s) are INFECTED [3]
05/08/2002 00:01:11 Qa2fb1b2 Deleting file with virus
05/08/2002 00:01:11 Qa2fb1b2 Deleting E-mail with virus!
05/08/2002 00:01:11 Qa2fb1b2 Scanned: CONTAINS A VIRUS [MIME: 2 23288]
05/08/2002 00:01:11 Qa2fb1b2 From:  To: ˜  @
05/08/2002 00:01:11
Qa2fb1b2 Subject: Snowhite and the Seven Dwarfs - The REAL story!

As you can see the To: and From: probably don't exist in anyones user list :)
The accuracy would vary depending on whether the virus forged the to: from:
info in the log file.

As others have asked I will look into some type of summary report via
domain. How well it works for each may need to be taken with a grain of salt
due to the address forging though.

Stu











At 04:28 PM 05/09/2002 -0500, you wrote:
Something for the future?  How about Inbound and outbound counts by domain
for those of us who use the Pro version and need/want stats on a per domain
basis.

Steven

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
 Sent: Thursday, May 09, 2002 11:29 AM
 To: [EMAIL PROTECTED]
 Subject: [Declude.Virus] DSN:New Version of Virus Log Analyzer


 New version of the Virus Log Analyser has been posted.

 http://www.csonline.net/imailstuff/viruslog.htm

 The report will now show inbound and outbound counts for the individual
 viruses detected.

 Example:
 Virus Summary by Count ---

 Count  Inbound/Outbound Name
 10090 / 10   W32/Klez.H@mm
 150125/ 25   W32/Hybris.worm.B


 Stu
 --
 ---
 CSOnline Technical Support hours - Monday thru Saturday 7am - 1am
 CSOnline Technical Support Numbers Seneca814-677-2447
 Clarion   814-227-3638
 Meadville 814-425-1696
 Parker724-399-1158
 http://www.csonline.net  http://www.cshowcase.com
http://www.learncenter.com

-

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] DSN:New Version of Virus Log File Analyzer

[smb]

Is there a way to get the inbound/outbound stat per virus, instead of total
for the report ?

I will put this on the list.

Also, inbound mean local delivery, and outbound is delivery to a remote mail
server. Correct ?

Inbound would be mail inbound from the Internet to accounts on the server.
Outbound would be mail outbound for the Internet.
I believe, and Scott may correct me on this, mail sent locally (to users on
the same IMail server) would be included in the outbound totals as Declude
would scan this as the sender sent the e-mail through IMail before it was
delivered to the intended local account.

anyway we can get stats of viruses sent by local senders ? (Outbound +
local2local)

We will look into this however, I'm not sure if there is any direct viable
indication of local to local e-mail at the MID level. So I'm not sure if
this can be done. Using the to and from information is not accurate as many
viruses forge this information. 

My first thought is, following the thought that Declude would pick up local
sent viruses as outbound, that any reduction (if possible) of outbound
viruses would also cause a reduction of local to local sent viruses.

Stu



- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 02, 2002 9:11 PM
Subject: [Declude.Virus] DSN:New Version of Virus Log File Analyzer


 For those using the virus log file analyzer (or those that wish to try it)
a
 new version of the Virus Log Analyzer is a available at

 http://www.csonline.net/imailstuff/viruslog.htm

 This version has changes to the report that now indicates the number of
 Inbound and Outbound viruses. Virus lines that are not indicated as
Inbound
 or Outbound in the log file will be listed on the report as unknown.
 You would normally see this if you ran this log analyzer version on a
 Declude Virus Log file before Declude Virus version 1.50. This is because
 these log files did not have the indicator.

 Many thanks to Scott and the rest at Computerized Horizons for adding this
 indicator.

 The report also now lists a count of the Outlook Vulnerabilities caught.
 The is a total for all types caught. This count is not included in the
total
 virus count

 3 report sort options are no listed.
 Count produces a report with the viruses sorted by count.
 Name produce a report with the viruses listed by name.
 CountName includes a list by count and by name on the same report.

 Stu

 --
---
 CSOnline Technical Support hours - Monday thru Saturday 7am - 1am
 CSOnline Technical Support Numbers Seneca814-677-2447
Clarion   814-227-3638
Meadville 814-425-1696
Parker724-399-1158
 http://www.csonline.net  http://www.cshowcase.com
http://www.learncenter.com
 --
---

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.  You can E-mail
 [EMAIL PROTECTED] for assistance.  You can visit our web
 site at http://www.declude.com .
 ---
 [This E-mail scanned for viruses by Declude Virus]



---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

Re: [Declude.Virus] DSN:Log File Request

[smb]

Many Thanks Scott.

Stu


At 05:12 PM 04/24/2002 -0400, you wrote:

I know I mentioned this before but thought I'd ask again.
Any chance of getting an I (for Inbound) or O (for Outbound) added to the
virus line in the log file at the MID level. So Inbound vs Outbound Viruses
can be tracked.

This will be included in the next release, so it will appear as you 
described with an I or O at the end of the line to designate incoming 
or outgoing:

04/11/2002 01:44:13 Q22a1152 Scanner 1: Virus=: W32/Hybris.worm.B 
Attachment=dwarf4you.exe [0] I
04/11/2002 01:44:13 Q22a1152 Scanner 1: Virus=: W32/Hybris.worm.B 
Attachment=dwarf4you.exe [0] O

 -Scott

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

DSN:Re: [Declude.Virus] scanning ?

[smb]

Declude scans the e-mail when it is received by IMail.

So if you set up a gateway server running Imail and Declude the gateway
server  will scan the e-mail before it delivers it to your other mail server.

Stu



At 06:10 PM 04/25/2002 +0200, you wrote:
Hi

Is this possible:

On the gateway server i want to recieve the mail and when its passed to my
mailserver it will be scanned by declude.
So that the server just recieve the mail without scanning and first when it
pass it to the other server it will be scanned on the
way out ?

Benny

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

DSN:Re: [Declude.Virus] DORKZTL:what to have in declude

[smb]

Set the LOGLEVEL to MID in the Virus Configuration file

Stu




At 11:29 PM 04/17/2002 +0200, you wrote:
Hi 

what do i vahe to have in declude to se the virusname ?

after setting prescan to on and loglewel to low its no longer tellig the
virusname in the virlog file

Benny
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

DSN:Re: [Declude.Virus] Prescaning the party

[smb]

F-prot did not correctly identify the virus for us till we updated the def's at
aprox 1:30pm est time today. These appear to be diffent def's than were
available in the am though the file names and sizes are the same.

Stu


At 09:53 PM 01/29/2002 -, you wrote:
And if I don't have a prescan line, the default is on or off ?

BTW, someone just sent me a copy, and fprot did not identify the virus
correctly, notification said unknown virus.
others said here they were correctly identifying the virus, what do you
think the problem is over here ?
Prescan default to on ? or some other issue ?

Thanks


- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 29, 2002 7:39 PM
Subject: Re: [Declude.Virus] Prescaning the party



 I don't think I ever used the prescan, but just to make sure, how do you
 turn it off ?

 You would just change the PRESCAN ON line to PRESCAN OFF (in the virus.cfg
 file).

 manual.html does not mention prescan

 Thanks for pointing that out -- we're putting a list of additions to make
 to the manual.
-Scott

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.  You can E-mail
 [EMAIL PROTECTED] for assistance.  You can visit our web
 site at http://www.declude.com .



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

DSN:Re: [Declude.Virus] vir####.log analyzer ?

[smb]

A simple virus log file analyizer can be found at the addresses below.
Note in the Declude virus.cfg file the LOGLEVEL must be set to MID to report
the virus names.

Stu
CSOnline System Administrator

An update to the Virus Log File Analyzer previously listed has been posted.

Version 1.2 deals with:
Deals with an issue where some log files did not contain a : after the 
  virus= in the log file. 
It allows for the selection of multiple files at one time. 
There is a read me file included that can be viewed by clicking on help.

For those that have already installed the program or have VB on their
systems the new exe and read me file can be found at
http://www.csonline.net/imailstuff/VirusLog_v12_StandAlone.zip

For those that may need the complete install program this can be found at
http://www.csonline.net/imailstuff/VirusLogAnalyzer12_Setup.zip

Stu


At 09:10 AM 12/11/2001 -0500, you wrote:
I'm wondering if anybody has a utility that will process the 
vir.log that is produced to provide useful statistics on the 
types of viruses received as well as the number (and maybe even 
sender/recipient info).

Has this been done by anybody yet?

Mike Tindor
 


 1st.net


 
   
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .



At 09:10 AM 12/11/2001 -0500, you wrote:
I'm wondering if anybody has a utility that will process the 
vir.log that is produced to provide useful statistics on the 
types of viruses received as well as the number (and maybe even 
sender/recipient info).

Has this been done by anybody yet?

Mike Tindor
 


 1st.net


 
   
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

DSN:RE: [Declude.Virus] Virus Log File Analyzer

[smb]

Ed,

Thanks for the virus log file. I don't know why your version of Declude
writes only the virus= without the :. That would be a question for Scott
in his spare time :)

In the meantime we are just going to change the change the search string to
not include the :. This should fix your situation.

Stu


At 04:49 PM 11/30/2001 -0500, you wrote:
Stu,
I have changed the virus.cfg to LOGLEVEL MID and I can see the text Virus=
without the :, and the analyzer doesn't pick up any viruses.  Is there
some other setting?  Do I have the wrong version of Declude?  Any help is
appreciated.

Ed Chabot
The Marlin Firearms Company
100 Kenna Drive
North Haven, CT 06473
(203)985-3254

-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

[Declude.Virus] DSN:Virus Log File Analyzer

[smb]

A quick and dirty Virus Log Analyzer is available at
http://www.csonline.net/imailstuff/Virusanalyzer.zip

You can select single or multiple the log files and can select the location
for the summary file to be saved to.

This is nothing fancy. Below is a sample output. 
This was run on a log file where the Deculde loglevel is set to MID.


Virus Log Analyzer   Report Date: 11/12/2001 8:27:17 AM

Source Files: ***

vir1103.log

*

Scan Summary 

Total Emails Scanned = 91,268
Total Emails Clean   = 88,463
Total Emails Infected= 2,805

Virus Summary ---

Count= 1,835Virus Name= W95/Hybris.worm.B 
Count= 822  Virus Name= W95/Sircam.worm@mm 
Count= 136  Virus Name= W95/Magistr.28672@mm 
Count= 4Virus Name= JS/Kak.A@m 
Count= 4Virus Name= W95/Hybris.worm.D 
Count= 2Virus Name= W95/MTX.9244.worm.A 
Count= 1Virus Name= Virus=: W95/Magistr.28672@mm 
Count= 1Virus Name= W95/Hybris.worm.C 

Stu


We installed Declude Virus yesterday without any major problems (the demo of
F-Prot is not upgradable to the newest definition files... and we had to
wait for the key to arrive today).

In the last 3 hours, Declude has intercepted 732 virus attachements!

Has anyone written a log analyzer to sumarize what is scanned and blocked at
the end of the day?


Sheldon


Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com
Ten Forward Communications  E-Commerce that makes sense!
360-457-9023http://store.tenforward.com

Whenever you find yourself on the side of the majority, it's time
to pause and reflect. Mark Twain


-
CSOnline Technical Support hours - Monday thru Saturday 7am - 1am 
CSOnline Technical Support Numbers Seneca814-677-2447 
   Clarion   814-227-3638  
   Meadville 814-425-1696
   Parker724-399-1158   
http://www.csonline.net  http://www.cshowcase.com  http://www.learncenter.com  
-

This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .