Dilip M wrote: > I have > # rpm -qa|grep clam > clamav-0.67-1 > clamav-devel-0.67-1 > > -------- > # exim -bV > How can i get this work my side ?
On a machine with amavisd-new clamav *and* kaspersky, I just grep through the mail.log for infected files. If you only have clamav, you might just grep through /var/log/messages (this is a linux box here). clamd outputs this into /var/log/messages: Mar 25 10:45:22 mail-gw-1 clamd[11873]: /var/amavis/amavis-20040325T104422-11686/parts/part-00002: Yaha.P FOUND For this you need "LogSyslog" enabled in /etc/clamav/clamav.conf, though I don't know if clamscan also writes to syslog if you're using this, clamd does. As we now know, what the string we're searching looks like, it's just a little sed, grep, sort: grep FOUND /var/log/messages \ | cut -d ":" -f 5 \ | sed -e "s/\ FOUND//" \ | sort \ | uniq -c \ | sort -r This gives us the following output (yes, no percentages, one might hack that into it): 9353 Worm.SomeFool.Gen-1 3647 Worm.SomeFool.P 2312 Worm.SomeFool.Gen-2 912 Worm.Sober.D 521 Worm.Dumaru.A 174 Worm.SomeFool.I 55 Worm.Mydoom.F 53 Worm.Dumaru.K 39 Worm.Dumaru.Y 35 Worm.Bagle.Gen-zippwd 23 Worm.Bagle.Gen-1 [...] HTH, Ralph -- Ralph [EMAIL PROTECTED] | .."Text processing has made it possible Bayerischer Rundfunk...HA-Multimedia | ....to right-justify any idea, even one Rundfunkplatz 1........80300 MÃnchen | .which cannot be justified on any other 089 5900 16023...................... | .........grounds." -- J. Finnegan, USC.
pgp00000.pgp
Description: PGP signature