Stu, I have changed the virus.cfg to LOGLEVEL MID and I can see the text "Virus=" without the ":", and the analyzer doesn't pick up any viruses. Is there some other setting? Do I have the wrong version of Declude? Any help is appreciated.
Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 28, 2001 2:51 PM To: [EMAIL PROTECTED] Subject: DSN:RE: RE: [Declude.Virus] Virus Log File Analyzer Ed, Check the virus.cfg file. The log level in the Declude virus.cfg file should be set to MID. LOGLEVEL MID Stu CSOnline System Administrator At 02:45 PM 11/28/2001 -0500, you wrote: >Does the Declude log file need to be configured to include the text that >your program is searching for? I don't get any entries for "Virus=:" in my >log file. It does report finding viruses but your program isn't picking up >the entries as infected emails. > >Ed Chabot >The Marlin Firearms Company >100 Kenna Drive >North Haven, CT 06473 >(203)985-3254 > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Bill Beach >Sent: Wednesday, November 28, 2001 1:21 PM >To: [EMAIL PROTECTED] >Subject: RE: RE: [Declude.Virus] Virus Log File Analyzer > > >Would it be possible to make it so multiple files could be selected >using Ctrl or Shift instead of having to select them individually? >This would save some time if I wanted to look at an entire month's >worth of log files. Just a suggestion, other than that, it's a great >tool! > >-Bill > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] >Sent: Wednesday, November 28, 2001 1:17 PM >To: [EMAIL PROTECTED] >Subject: DSN:RE: [Declude.Virus] Virus Log File Analyzer > > >I understand the concern for the setup saying it is replacing files. > >The question is how well do you trust Microsoft. :) This part of the >Microsoft's set-up routine getting all related files current for the release >of VB this was compiled under and is not part of the VB program itself. The >was complied under VB6 on NT4. > >Because of the questions we have installed this on several tech workstations >all received the updating files message and are all operating as they >should. I have the same version of VB as my tech and it to asked me to >replace files (MS patches through roll outs installed). I let it do this and >all is fine. >I make this statement not as an indication there might not be a problem, >just that on several systems it has not created a problem. Standard >disclaimer :) > >This particular program was written by me it was written by one of my >technical people so we could see how the virus software was doing. > >It was put out there strictly as a help for those that may need it and wish >to try it. I have used some of the utilities provided by others. This is >just a way of saying thanks. > >Yes it can be run from a workstation. > >There are no hidden switches. All that is required that the workstation have >access to the logflies whether they are on the mail server or copied >elsewhere. >This does not have to be run on a server. We have run it NT 4 workstations >as no 98 systems have the correct access though we have test installed it on >98. > >The first box will provide a directory listing where you can select the >location of the logfile(s). Multiple files can be selected by selecting more >than one file separately. The clear button clears these entries. > >The second box allows you to set the filename and location of the result txt >file. > >The VIEW button will attempt to display the created result file with >notepad. > >The Result can be sorted buy virus name or the number caught. > >For those that may have VB I have put the program exe up without the >Microsoft set-up. It is possible this may run on systems with VB runtime >files already installed for some other program. >http://www.csonline.net/imailstuff/VirusLogAnalyzer11.exe > >On systems where we had VB installed it has run fine not needing the >install. When we ran the installer on these systems they were told the >needed to update also. > >I hope this answers some questions. >I wish I could say exactly what the Microsoft installer was doing. I will >see what we can find out. > >I understand those concerned about using the program for "hacker" reasons >and no offence is taken. I will work on the source (GPL) request this more >of a red tape issue than any secrets. > >The program simply reads the log file line by line. > >When it encounters a line with the "Virus=:" > >11/04/2001 00:00:32 Qcb650de Virus=: W95/Hybris.worm.B >Attachment=midgets.scr [0] > >It counts the virus and records the name. > > >Stu >System Administrator CSOnline > > > >At 10:46 AM 11/28/2001 -0500, you wrote: >>Thanks for sharing Stu. >> >>A few questions. Who programmed this? If you did, would you consider GPL >>or releasing it as open source? >> >>Is there documentation and/or a license? >>Are there command-line switches? >> >>Please don't be offended by my inquiry. If this is something that you >wrote >>yourself and are just being helpful to the Imail/declude community by >>sharing, it is greatly appreciated; however, considering what has happened >>in the last couple years regarding exploits and cracker activity, trust is >>very important these days. >> >>It's just that I do not know where this program came from and the installer >>worries me. On a currently patched and maintained system it reports that >>system files are out-of-date and wants to overwrite files. I would never >>install a program that wishes to overwrite system files and has no help >>files, software license, contact/support info, etc. >> >>If you don't have the time or interest in documenting and licensing your >>software, can you share the logic that you are using to parse the logs with >>from your source code? >> >>Best regards, >>Jeff >> >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] >>Sent: Tuesday, November 27, 2001 4:42 PM >>To: [EMAIL PROTECTED] >>Subject: [Declude.Virus] DSN:Virus Log File Analyzer >> >> >>A quick and dirty Virus Log Analyzer is available at >>http://www.csonline.net/imailstuff/Virusanalyzer.zip >> >>You can select single or multiple the log files and can select the location >>for the summary file to be saved to. >> >>This is nothing fancy. Below is a sample output. >>This was run on a log file where the Deculde loglevel is set to MID. >> >> >>Virus Log Analyzer Report Date: 11/12/2001 8:27:17 AM >> >>Source Files: ******************************************* >> >>vir1103.log >> >>********************************************************* >> >>Scan Summary -------------------------------------------- >> >>Total Emails Scanned = 91,268 >>Total Emails Clean = 88,463 >>Total Emails Infected= 2,805 >> >>Virus Summary ------------------------------------------- >> >>Count= 1,835 Virus Name= W95/Hybris.worm.B >>Count= 822 Virus Name= W95/Sircam.worm@mm >>Count= 136 Virus Name= W95/Magistr.28672@mm >>Count= 4 Virus Name= JS/Kak.A@m >>Count= 4 Virus Name= W95/Hybris.worm.D >>Count= 2 Virus Name= W95/MTX.9244.worm.A >>Count= 1 Virus Name= Virus=: W95/Magistr.28672@mm >>Count= 1 Virus Name= W95/Hybris.worm.C >> >>Stu >> >--------------------------------------------------------------------------- - >- >CSOnline Technical Support hours - Monday thru Saturday 7am - 1am >CSOnline Technical Support Numbers Seneca 814-677-2447 > Clarion 814-227-3638 > Meadville 814-425-1696 > Parker 724-399-1158 >http://www.csonline.net http://www.cshowcase.com >http://www.learncenter.com >--------------------------------------------------------------------------- - >- > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . > > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . > >This E-mail came from the Declude.Virus mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus". You can E-mail >[EMAIL PROTECTED] for assistance. You can visit our web >site at http://www.declude.com . > > ---------------------------------------------------------------------------- - CSOnline Technical Support hours - Monday thru Saturday 7am - 1am CSOnline Technical Support Numbers Seneca 814-677-2447 Clarion 814-227-3638 Meadville 814-425-1696 Parker 724-399-1158 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com ---------------------------------------------------------------------------- - This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
