I run this batch job every night at just before midnight. It does
everything you asked for and more :) and if you act quickly we can throw
in some steak knives.
And while I am at it does anyone have and batch code that will figure
out yesterdays date? I would love to run my report after midnight and
get yesterday's log file.
Thanx
BTW change the .txt to .cmd and some variables inside.
Goran Jovanovic
The LAN Shoppe
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:Declude.Virus-
> [EMAIL PROTECTED] On Behalf Of Bill Landry
> Sent: Monday, March 07, 2005 6:54 PM
> To: [email protected]
> Subject: Re: [Declude.Virus] Weak little report on found viruses
>
> grep INFECTED vir0307.log | cut -d " " -f 7- | usort | uniq -c | usort
>
> Bill
> ----- Original Message -----
> From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
> To: <[email protected]>
> Sent: Monday, March 07, 2005 12:50 PM
> Subject: [Declude.Virus] Weak little report on found viruses
>
>
> On another list there was a request for a simple quick way (and free?)
> to find out how many viruses Declude Virus has caught.
>
> This will do the trick, but of course it depends on what you're
*really*
> after:
>
> gawk "$4 ~ /Scanner/" vir0307.log
>
> Awk will then check column 4 in the file for a regular expression that
> matches "Scanner" and output the whole line.
>
> You could count the lines in Awk and output the total, but then that
> would probably require a little bit more than you want to learn, so
just
> tack on an easy utility to do that total for you:
>
> gawk "$4 ~ /Scanner/" vir0307.log | wc -l
>
> Andrew 8)
>
> p.s. On my system, I mostly see NetSky, then MyDoom, then IFrame
> exploits.
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus". The archives can be found
> at http://www.mail-archive.com.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus". The archives can be found
> at http://www.mail-archive.com.
@echo off
rem Nightly Jobs to run before midnight
set send=c:\imail\imail1.exe
set [EMAIL PROTECTED]
set [EMAIL PROTECTED]
for /f "Tokens=2-4 Delims=/ " %%i in ('date /t') do set v_Month=%%i
for /f "Tokens=2-4 Delims=/ " %%i in ('date /t') do set v_Date=%%j
set VFileName=VIR%v_Month%%v_Date%.log
set IFileName=SYS%v_Month%%v_Date%.txt
rem ================= Vulnerabilities and Viruses ==============================
set DecludeLogName=C:\IMail\Spool\Declude\%VFileName%
rem Count the Vulnerabilities
grep Vulnerability %decludelogname% | cut -d " " -f 3 | usort | uniq | grep -c
Q >VResults0.txt
rem Get totals of which scanner did what
grep -i -U "Scanner 1: Virus=" %decludelogname% | cut -b 39- | cut -b -80 |
usort | uniq -c -s 100 | cut -b -19 > VResults1.txt
grep -i -U "Scanner 2: Virus=" %decludelogname% | cut -b 39- | cut -b -80 |
usort | uniq -c -s 100 | cut -b -19 > VResults2.txt
rem Get detailed stats on the daily viruses
grep -i -U "Scanner 1: Virus=" %decludelogname% | cut -b 39- | cut -b -80 |
usort | cut -d " " -f 4 | uniq -c > VResults1a.txt
grep -i -U "Scanner 2: Virus=" %decludelogname% | cut -b 39- | cut -b -80 |
usort | cut -d " " -f 5 | uniq -c > VResults2a.txt
cat V-Head0.txt VResults0.txt V-Space.txt V-Head1.txt VResults1.txt V-Space.txt
VResults1a.txt V-Head2.txt VResults2.txt V-Space.txt VResults2a.txt
>DailyVirus.txt
del vresults0.txt >nul
del vresults1.txt >nul
del vresults2.txt >nul
del vresults1a.txt >nul
del vresults2a.txt >nul
%send% -f DailyVirus.txt -s "Virus and Vulnerability report for %VFileName% on
IMAIL1" -t %dest1% -u [EMAIL PROTECTED]
rem %send% -f DailyVirus.txt -s "Virus and Vulnerability report for %VFileName%
on IMAIL1" -t %dest1% -u [EMAIL PROTECTED]
rem ================= Messages by Hour ==============================
set DecludeLogName=C:\imail\spool\%IFileName%
grep -i -U "ehlo mail1.example.com" %decludelogname% | cut -b 7-8 | usort
>HourSend.txt
grep -i -U "10.0.0.8] connect" %decludelogname% | cut -b 7-8 | usort
>HourRecv.txt
cat HourSend.txt HourRecv.txt | usort >HourAll.txt
echo Messages sent and received by hour >ByHour.txt
uniq -c HourAll.txt >>ByHour.txt
echo . >>ByHour.txt
echo . >>ByHour.txt
echo Messages sent by hour >>ByHour.txt
uniq -c HourSend.txt >>ByHour.txt
echo . >>ByHour.txt
echo . >>ByHour.txt
echo Messages received by hour >>ByHour.txt
uniq -c HourRecv.txt >>ByHour.txt
%send% -f ByHour.txt -s "Messages processed by hour report for %IFileName% on
IMAIL1" -t %dest1% -u [EMAIL PROTECTED]
del HourSend.txt
del HourRecv.txt
del HourAll.txt
del ByHour.txt
:test
rem ================= Messages by Hour ==============================
set DecludeLogName=C:\imail\spool\%IFileName%
grep -i -U "skip list" %decludelogname% >SkipList.txt
%send% -f SkipList.txt -s "Skip List report for %IFileName% on IMAIL1" -t
%dest1% -u [EMAIL PROTECTED]
del SkipList.txt
