Re: [Clamav-users] Application to generate CLAMAV report

Odhiambo Washington Thu, 25 Mar 2004 21:30:16 -0800

* Ralph Angenendt <[EMAIL PROTECTED]> [20040325 14:04]: wrote:
> Dilip M wrote:
> > I have
> > # rpm -qa|grep clam
> > clamav-0.67-1
> > clamav-devel-0.67-1
> > 
> > --------
> > # exim -bV
> > How can i get this work my side ?
> 
> On a machine with amavisd-new clamav *and* kaspersky, I just grep
> through the mail.log for infected files. If you only have clamav, you
> might just grep through /var/log/messages (this is a linux box here).
> clamd outputs this into /var/log/messages:
> 
> Mar 25 10:45:22 mail-gw-1 clamd[11873]: 
> /var/amavis/amavis-20040325T104422-11686/parts/part-00002: Yaha.P FOUND
> 
> For this you need "LogSyslog" enabled in /etc/clamav/clamav.conf, though
> I don't know if clamscan also writes to syslog if you're using this,
> clamd does.
> 
> As we now know, what the string we're searching looks like, it's just a
> little sed, grep, sort:
> 
>     grep FOUND /var/log/messages \
>     | cut -d ":" -f 5 \
>     | sed -e "s/\ FOUND//" \
>     | sort \
>     | uniq -c \
>     | sort -r
> 
> This gives us the following output (yes, no percentages, one might hack
> that into it):
> 
>    9353  Worm.SomeFool.Gen-1
>    3647  Worm.SomeFool.P
>    2312  Worm.SomeFool.Gen-2
>     912  Worm.Sober.D
>     521  Worm.Dumaru.A
>     174  Worm.SomeFool.I
>      55  Worm.Mydoom.F
>      53  Worm.Dumaru.K
>      39  Worm.Dumaru.Y
>      35  Worm.Bagle.Gen-zippwd
>      23  Worm.Bagle.Gen-1
>      [...]



If you use clamd and it logs to clamd.log, the following line can also
give you the stats:

grep FOUND /var/log/clamav/clamd.log  | awk '{print $8}' | \
sed -e "s/\ FOUND//"  | sort | uniq -c



        cheers
       - wash 
+----------------------------------+-----------------------------------------+
Odhiambo Washington                     . WANANCHI ONLINE LTD (Nairobi, KE)  |
<wash at wananchi dot com>              . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223                 . # 10286, 00100 NAIROBI             |
GSM: (+254) 733 744 121                 . (+254) 020 313 985 - 9             |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"  
                                                 --from a /. post


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Application to generate CLAMAV report

Reply via email to