grep INFECTED vir0307.log | cut -d " " -f 7- | usort | uniq -c | usort
Bill ----- Original Message ----- From: "Colbeck, Andrew" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, March 07, 2005 12:50 PM Subject: [Declude.Virus] Weak little report on found viruses On another list there was a request for a simple quick way (and free?) to find out how many viruses Declude Virus has caught. This will do the trick, but of course it depends on what you're *really* after: gawk "$4 ~ /Scanner/" vir0307.log Awk will then check column 4 in the file for a regular expression that matches "Scanner" and output the whole line. You could count the lines in Awk and output the total, but then that would probably require a little bit more than you want to learn, so just tack on an easy utility to do that total for you: gawk "$4 ~ /Scanner/" vir0307.log | wc -l Andrew 8) p.s. On my system, I mostly see NetSky, then MyDoom, then IFrame exploits. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
