On Sat, 3 May 2003 [EMAIL PROTECTED] wrote:
> Date: Sat, 03 May 2003 18:26:38 PST
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: clamav stats and virus types
>
>
> Hi Ed,
>
> I was wondering how you got the statistics you displayed below, does
> clamav keep some cumulative statistics of viruses found?
>
> Also, for any particular file, if clamscan finds a virus, how can I tell
> which virus(es) it found? I can't seem to find how to do that by running
> clamscan. Even in the summary, it will only say how many were found, but
> not the actual type.
Hi,
I got these counts from our clamd log. Each time it finds a virus, it
prints a line naming the virus.
Hope this helps...
Ed
>
> Thanks
> Ricardo
>
> On Tue, 29 Apr 2003 11:46:24 -0400 (EDT) Ed Phillips wrote:
>
> > 2 Joke.CokeGift FOUND
> > 2 Joke.Schmilz FOUND
> > 2 Kit/VCL FOUND
> > 2 TR.IWorm.MTX FOUND
> > 2 W2000M/Thus.B.Macro FOUND
> > 2 W32/Nimda.eml FOUND
> > 2 W97M/VMPCK FOUND
> > 2 Worm/Fbound.C FOUND
> > 3 W32/Gop FOUND
> > 4 CIH #2 FOUND
> > 4 ClamAV-Test-Signature FOUND
> > 4 Mid/Kakworm-Z FOUND
> > 4 VBS.SST-A #3 FOUND
> > 4 W32/Joke.HHold FOUND
> > 4 W97M/Class.B FOUND
> > 4 Worm/BadTrans.B1 FOUND
> > 5 W32.FunLove.4099 FOUND
> > 6 Joke.SmallPenis FOUND
> > 6 W32/Blakan FOUND
> > 6 W32/Joke.Jep FOUND
> > 8 Oror-fam FOUND
> > 10 TR.Sub7.Bonus.Srv FOUND
> > 11 WM97/Marker FOUND
> > 12 Worm.Yaha-L FOUND
> > 12 Yaha.R FOUND
> > 14 HTML/Winevar FOUND
> > 14 W32/Worm.Winevar FOUND
> > 14 WScr.Unsafe.D FOUND
> > 15 VBS/Redlof-A FOUND
> > 16 TR.Happy99/SKA FOUND
> > 18 W32/Goner-A FOUND
> > 18 W32/Magistr.B2 FOUND
> > 18 W95/Hybris.PI.004 FOUND
> > 20 Eicar-Test-Signature FOUND
> > 20 V5M.Unstable FOUND
> > 20 W32/Magistr.B1 FOUND
> > 26 W32/Hybris.C FOUND
> > 32 W32/Magistr.B4 FOUND
> > 34 VBS.Redlof.Encoded FOUND
> > 34 W32/Magistr.B3 FOUND
> > 40 W95.Matrix.SCR FOUND
> > 40 WM/Thus.B FOUND
> > 48 W32/Magistr.B6 FOUND
> > 48 W97/Marker FOUND
> > 56 VBS.LoveLetter.D FOUND
> > 62 W32/Nimda.html FOUND
> > 82 Lirva FOUND
> > 108 Worm.Ganda-A FOUND
> > 138 W32/Magistr.B5 FOUND
> > 140 Worm/Gibe.1 FOUND
> > 160 W95/Hybris.PI.000 FOUND
> > 160 Worm/Lentin.E FOUND
> > 166 W95/Hybris.PI.001 FOUND
> > 169 Worm/Klez.E FOUND
> > 240 W32/Magistr.A FOUND
> > 264 W95/Hybris.PI.002 FOUND
> > 290 Lirva-B FOUND
> > 302 Lirva-C FOUND
> > 435 Yaha.P FOUND
> > 506 W32/BugBear.A FOUND
> > 526 W32/Magistr.B FOUND
> > 528 W98/Hybris.E FOUND
> > 796 Worm.Gibe.B FOUND
> > 829 W32/Brid.Worm FOUND
> > 2184 W95/Hybris.PI.003 FOUND
> > 3846 Worm.Sobig.A FOUND
> > 6536 Exploit.IFrame FOUND
> > 9894 W32/Yaha.g.dam FOUND
> > 10354 Sircam FOUND
> > 10980 Yaha.K FOUND
> > 119974 Exploit.IFrame.HTML FOUND
> > 182089 Worm/Klez.H FOUND
> >
> > Amazingly short list for a University with no firewalls, students and
> > staff installing computers and hooking them to the network without any
> > security requirements or checks, etc. Note the major percentage of our
> > total virus counts are in the top-ten at the bottom of the list (Yep,
> > that's 182,089 copies of Klez.H stripped out of email attachments!).
> >
>
Ed Phillips <[EMAIL PROTECTED]> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l [EMAIL PROTECTED] for PGP public key
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
