I understand the concern for the setup saying it is replacing files. The question is how well do you trust Microsoft. :) This part of the Microsoft's set-up routine getting all related files current for the release of VB this was compiled under and is not part of the VB program itself. The was complied under VB6 on NT4.
Because of the questions we have installed this on several tech workstations all received the updating files message and are all operating as they should. I have the same version of VB as my tech and it to asked me to replace files (MS patches through roll outs installed). I let it do this and all is fine. I make this statement not as an indication there might not be a problem, just that on several systems it has not created a problem. Standard disclaimer :) This particular program was written by me it was written by one of my technical people so we could see how the virus software was doing. It was put out there strictly as a help for those that may need it and wish to try it. I have used some of the utilities provided by others. This is just a way of saying thanks. Yes it can be run from a workstation. There are no hidden switches. All that is required that the workstation have access to the logflies whether they are on the mail server or copied elsewhere. This does not have to be run on a server. We have run it NT 4 workstations as no 98 systems have the correct access though we have test installed it on 98. The first box will provide a directory listing where you can select the location of the logfile(s). Multiple files can be selected by selecting more than one file separately. The clear button clears these entries. The second box allows you to set the filename and location of the result txt file. The VIEW button will attempt to display the created result file with notepad. The Result can be sorted buy virus name or the number caught. For those that may have VB I have put the program exe up without the Microsoft set-up. It is possible this may run on systems with VB runtime files already installed for some other program. http://www.csonline.net/imailstuff/VirusLogAnalyzer11.exe On systems where we had VB installed it has run fine not needing the install. When we ran the installer on these systems they were told the needed to update also. I hope this answers some questions. I wish I could say exactly what the Microsoft installer was doing. I will see what we can find out. I understand those concerned about using the program for "hacker" reasons and no offence is taken. I will work on the source (GPL) request this more of a red tape issue than any secrets. The program simply reads the log file line by line. When it encounters a line with the "Virus=:" 11/04/2001 00:00:32 Qcb650de Virus=: W95/Hybris.worm.B Attachment=midgets.scr [0] It counts the virus and records the name. Stu System Administrator CSOnline At 10:46 AM 11/28/2001 -0500, you wrote: >Thanks for sharing Stu. > >A few questions. Who programmed this? If you did, would you consider GPL >or releasing it as open source? > >Is there documentation and/or a license? >Are there command-line switches? > >Please don't be offended by my inquiry. If this is something that you wrote >yourself and are just being helpful to the Imail/declude community by >sharing, it is greatly appreciated; however, considering what has happened >in the last couple years regarding exploits and cracker activity, trust is >very important these days. > >It's just that I do not know where this program came from and the installer >worries me. On a currently patched and maintained system it reports that >system files are out-of-date and wants to overwrite files. I would never >install a program that wishes to overwrite system files and has no help >files, software license, contact/support info, etc. > >If you don't have the time or interest in documenting and licensing your >software, can you share the logic that you are using to parse the logs with >from your source code? > >Best regards, >Jeff > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] >Sent: Tuesday, November 27, 2001 4:42 PM >To: [EMAIL PROTECTED] >Subject: [Declude.Virus] DSN:Virus Log File Analyzer > > >A quick and dirty Virus Log Analyzer is available at >http://www.csonline.net/imailstuff/Virusanalyzer.zip > >You can select single or multiple the log files and can select the location >for the summary file to be saved to. > >This is nothing fancy. Below is a sample output. >This was run on a log file where the Deculde loglevel is set to MID. > > >Virus Log Analyzer Report Date: 11/12/2001 8:27:17 AM > >Source Files: ******************************************* > >vir1103.log > >********************************************************* > >Scan Summary -------------------------------------------- > >Total Emails Scanned = 91,268 >Total Emails Clean = 88,463 >Total Emails Infected= 2,805 > >Virus Summary ------------------------------------------- > >Count= 1,835 Virus Name= W95/Hybris.worm.B >Count= 822 Virus Name= W95/Sircam.worm@mm >Count= 136 Virus Name= W95/Magistr.28672@mm >Count= 4 Virus Name= JS/Kak.A@m >Count= 4 Virus Name= W95/Hybris.worm.D >Count= 2 Virus Name= W95/MTX.9244.worm.A >Count= 1 Virus Name= Virus=: W95/Magistr.28672@mm >Count= 1 Virus Name= W95/Hybris.worm.C > >Stu > ----------------------------------------------------------------------------- CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca 814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker 724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com ----------------------------------------------------------------------------- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
