* Ralph Angenendt <[EMAIL PROTECTED]> [20040325 14:04]: wrote: > Dilip M wrote: > > I have > > # rpm -qa|grep clam > > clamav-0.67-1 > > clamav-devel-0.67-1 > > > > -------- > > # exim -bV > > How can i get this work my side ? > > On a machine with amavisd-new clamav *and* kaspersky, I just grep > through the mail.log for infected files. If you only have clamav, you > might just grep through /var/log/messages (this is a linux box here). > clamd outputs this into /var/log/messages: > > Mar 25 10:45:22 mail-gw-1 clamd[11873]: > /var/amavis/amavis-20040325T104422-11686/parts/part-00002: Yaha.P FOUND > > For this you need "LogSyslog" enabled in /etc/clamav/clamav.conf, though > I don't know if clamscan also writes to syslog if you're using this, > clamd does. > > As we now know, what the string we're searching looks like, it's just a > little sed, grep, sort: > > grep FOUND /var/log/messages \ > | cut -d ":" -f 5 \ > | sed -e "s/\ FOUND//" \ > | sort \ > | uniq -c \ > | sort -r > > This gives us the following output (yes, no percentages, one might hack > that into it): > > 9353 Worm.SomeFool.Gen-1 > 3647 Worm.SomeFool.P > 2312 Worm.SomeFool.Gen-2 > 912 Worm.Sober.D > 521 Worm.Dumaru.A > 174 Worm.SomeFool.I > 55 Worm.Mydoom.F > 53 Worm.Dumaru.K > 39 Worm.Dumaru.Y > 35 Worm.Bagle.Gen-zippwd > 23 Worm.Bagle.Gen-1 > [...]
If you use clamd and it logs to clamd.log, the following line can also give you the stats: grep FOUND /var/log/clamav/clamd.log | awk '{print $8}' | \ sed -e "s/\ FOUND//" | sort | uniq -c cheers - wash +----------------------------------+-----------------------------------------+ Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | <wash at wananchi dot com> . 1ere Etage, Loita Hse, Loita St., | GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | +---------------------------------+------------------------------------------+ "Oh My God! They killed init! You Bastards!" --from a /. post ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users