Dilip M wrote: > I have > # rpm -qa|grep clam > clamav-0.67-1 > clamav-devel-0.67-1 > > -------- > # exim -bV > How can i get this work my side ?
On a machine with amavisd-new clamav *and* kaspersky, I just grep
through the mail.log for infected files. If you only have clamav, you
might just grep through /var/log/messages (this is a linux box here).
clamd outputs this into /var/log/messages:
Mar 25 10:45:22 mail-gw-1 clamd[11873]:
/var/amavis/amavis-20040325T104422-11686/parts/part-00002: Yaha.P FOUND
For this you need "LogSyslog" enabled in /etc/clamav/clamav.conf, though
I don't know if clamscan also writes to syslog if you're using this,
clamd does.
As we now know, what the string we're searching looks like, it's just a
little sed, grep, sort:
grep FOUND /var/log/messages \
| cut -d ":" -f 5 \
| sed -e "s/\ FOUND//" \
| sort \
| uniq -c \
| sort -r
This gives us the following output (yes, no percentages, one might hack
that into it):
9353 Worm.SomeFool.Gen-1
3647 Worm.SomeFool.P
2312 Worm.SomeFool.Gen-2
912 Worm.Sober.D
521 Worm.Dumaru.A
174 Worm.SomeFool.I
55 Worm.Mydoom.F
53 Worm.Dumaru.K
39 Worm.Dumaru.Y
35 Worm.Bagle.Gen-zippwd
23 Worm.Bagle.Gen-1
[...]
HTH,
Ralph
--
Ralph [EMAIL PROTECTED] | .."Text processing has made it possible
Bayerischer Rundfunk...HA-Multimedia | ....to right-justify any idea, even one
Rundfunkplatz 1........80300 MÃnchen | .which cannot be justified on any other
089 5900 16023...................... | .........grounds." -- J. Finnegan, USC.
pgp00000.pgp
Description: PGP signature
