On Sun, 4 May 2003, Daniel Wiberg wrote:
> Ricardo,
>
> I can't answer for Ed, but usually the stats are built from the scanner
> software/plugin that scans the email. I'm using qmail-scanner so I'm
> building my stats from Qmail-Scanner Statistics
> (http://sourceforge.net/projects/qss/), it gives a nice graphic
> representation of the viruses found, sender domains and trends.
My stats were just simple awk/grep/sort/uniq of the clamd log. Since we
use sendmail + MIMEDefang, we have been trying out GraphDefang, which is
pretty nice.
Ed
>
> BR,
> Daniel Wiberg
>
> [EMAIL PROTECTED] wrote:
> > Hi Ed,
> >
> > I was wondering how you got the statistics you displayed below, does
> > clamav keep some cumulative statistics of viruses found?
> >
> > Also, for any particular file, if clamscan finds a virus, how can I tell
> > which virus(es) it found? I can't seem to find how to do that by running
> > clamscan. Even in the summary, it will only say how many were found, but
> > not the actual type.
> >
> > Thanks
> > Ricardo
> >
> > On Tue, 29 Apr 2003 11:46:24 -0400 (EDT) Ed Phillips wrote:
> >
> >
> >> 2 Joke.CokeGift FOUND
> >> 2 Joke.Schmilz FOUND
> >> 2 Kit/VCL FOUND
> >> 2 TR.IWorm.MTX FOUND
> >> 2 W2000M/Thus.B.Macro FOUND
> >> 2 W32/Nimda.eml FOUND
> >> 2 W97M/VMPCK FOUND
> >> 2 Worm/Fbound.C FOUND
> >> 3 W32/Gop FOUND
> >> 4 CIH #2 FOUND
> >> 4 ClamAV-Test-Signature FOUND
> >> 4 Mid/Kakworm-Z FOUND
> >> 4 VBS.SST-A #3 FOUND
> >> 4 W32/Joke.HHold FOUND
> >> 4 W97M/Class.B FOUND
> >> 4 Worm/BadTrans.B1 FOUND
> >> 5 W32.FunLove.4099 FOUND
> >> 6 Joke.SmallPenis FOUND
> >> 6 W32/Blakan FOUND
> >> 6 W32/Joke.Jep FOUND
> >> 8 Oror-fam FOUND
> >> 10 TR.Sub7.Bonus.Srv FOUND
> >> 11 WM97/Marker FOUND
> >> 12 Worm.Yaha-L FOUND
> >> 12 Yaha.R FOUND
> >> 14 HTML/Winevar FOUND
> >> 14 W32/Worm.Winevar FOUND
> >> 14 WScr.Unsafe.D FOUND
> >> 15 VBS/Redlof-A FOUND
> >> 16 TR.Happy99/SKA FOUND
> >> 18 W32/Goner-A FOUND
> >> 18 W32/Magistr.B2 FOUND
> >> 18 W95/Hybris.PI.004 FOUND
> >> 20 Eicar-Test-Signature FOUND
> >> 20 V5M.Unstable FOUND
> >> 20 W32/Magistr.B1 FOUND
> >> 26 W32/Hybris.C FOUND
> >> 32 W32/Magistr.B4 FOUND
> >> 34 VBS.Redlof.Encoded FOUND
> >> 34 W32/Magistr.B3 FOUND
> >> 40 W95.Matrix.SCR FOUND
> >> 40 WM/Thus.B FOUND
> >> 48 W32/Magistr.B6 FOUND
> >> 48 W97/Marker FOUND
> >> 56 VBS.LoveLetter.D FOUND
> >> 62 W32/Nimda.html FOUND
> >> 82 Lirva FOUND
> >> 108 Worm.Ganda-A FOUND
> >> 138 W32/Magistr.B5 FOUND
> >> 140 Worm/Gibe.1 FOUND
> >> 160 W95/Hybris.PI.000 FOUND
> >> 160 Worm/Lentin.E FOUND
> >> 166 W95/Hybris.PI.001 FOUND
> >> 169 Worm/Klez.E FOUND
> >> 240 W32/Magistr.A FOUND
> >> 264 W95/Hybris.PI.002 FOUND
> >> 290 Lirva-B FOUND
> >> 302 Lirva-C FOUND
> >> 435 Yaha.P FOUND
> >> 506 W32/BugBear.A FOUND
> >> 526 W32/Magistr.B FOUND
> >> 528 W98/Hybris.E FOUND
> >> 796 Worm.Gibe.B FOUND
> >> 829 W32/Brid.Worm FOUND
> >>2184 W95/Hybris.PI.003 FOUND
> >>3846 Worm.Sobig.A FOUND
> >>6536 Exploit.IFrame FOUND
> >>9894 W32/Yaha.g.dam FOUND
> >>10354 Sircam FOUND
> >>10980 Yaha.K FOUND
> >>119974 Exploit.IFrame.HTML FOUND
> >>182089 Worm/Klez.H FOUND
> >>
> >>Amazingly short list for a University with no firewalls, students and
> >>staff installing computers and hooking them to the network without any
> >>security requirements or checks, etc. Note the major percentage of our
> >>total virus counts are in the top-ten at the bottom of the list (Yep,
> >>that's 182,089 copies of Klez.H stripped out of email attachments!).
> >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> --
> Daniel Wiberg
> www.wiberg.nu
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
Ed Phillips <[EMAIL PROTECTED]> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l [EMAIL PROTECTED] for PGP public key
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
