Here's a little batch file I run each night.
I wrote the yesterday code. It even take leap years into account :)
-Jerry
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Monday, March 07, 2005 7:04 PM
To: [email protected]
Subject: RE: [Declude.Virus] Weak little report on found viruses
I run this batch job every night at just before midnight. It does everything
you asked for and more :) and if you act quickly we can throw in some steak
knives.
And while I am at it does anyone have and batch code that will figure out
yesterdays date? I would love to run my report after midnight and get
yesterday's log file.
Thanx
BTW change the .txt to .cmd and some variables inside.
Goran Jovanovic
The LAN Shoppe
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:Declude.Virus-
> [EMAIL PROTECTED] On Behalf Of Bill Landry
> Sent: Monday, March 07, 2005 6:54 PM
> To: [email protected]
> Subject: Re: [Declude.Virus] Weak little report on found viruses
>
> grep INFECTED vir0307.log | cut -d " " -f 7- | usort | uniq -c | usort
>
> Bill
> ----- Original Message -----
> From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
> To: <[email protected]>
> Sent: Monday, March 07, 2005 12:50 PM
> Subject: [Declude.Virus] Weak little report on found viruses
>
>
> On another list there was a request for a simple quick way (and free?)
> to find out how many viruses Declude Virus has caught.
>
> This will do the trick, but of course it depends on what you're
*really*
> after:
>
> gawk "$4 ~ /Scanner/" vir0307.log
>
> Awk will then check column 4 in the file for a regular expression that
> matches "Scanner" and output the whole line.
>
> You could count the lines in Awk and output the total, but then that
> would probably require a little bit more than you want to learn, so
just
> tack on an easy utility to do that total for you:
>
> gawk "$4 ~ /Scanner/" vir0307.log | wc -l
>
> Andrew 8)
>
> p.s. On my system, I mostly see NetSky, then MyDoom, then IFrame
> exploits.
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list. To unsubscribe,
> just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus". The archives can be found
> at http://www.mail-archive.com.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list. To unsubscribe,
> just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus". The archives can be found
> at http://www.mail-archive.com.
@echo off
::Imail/Declude Logfile parser v2.0
:::Jerod M. Bennett
:::based on original source by Jeff Pitoniak, PCE Systems, Inc.
::::Mailserver usage report
::Run this cmd file at a command prompt to walk through configuration
::Note: You can comment out @echo at the beginning by putting a colon in front
of it to aid in troubleshooting
::::Prerequisites
:::::domlist.exe (must be in the spool directory, DOMLIST.EXE is available on
IPswitch site inder Imail tools)
:::::imail1.exe (part of the Imail server distribution)
::::::You must also specify how you log the POP3 and SMTP services (they should
be using the smae log method)
::REPORT DESTINATION
:::Define email address(es) report is delivered to separate with a comma
SET dest=
if defined dest (echo.Mail destination: %dest%) else (echo.Mail destination:
Report mail address not defined, edit USAGE.CMD under REPORT DESTINATION)
::CHECK THESE PATHS AND MAKE SURE THEY ARE CORRECT
:::Set path variables and make all variables local
setlocal
SET sys=c:\winnt\system32\
SET spl=d:\imail\spool\
SET log=d:\imail\spool\
SET send=d:\imail\imail1.exe
SET util=c:\utils\
::Creates time variable
for /f %%z IN ('TIME/T') do set time=%%z
::Creates date variables
for /f "tokens=1-4 delims=/ " %%a IN ('DATE/T') do (
SET day=%%a
SET mm=%%b
SET dd=%%c
SET year=%%d)
::build yesterday date variables
SET ym=%mm%
SET yy=%year%
::Overcome octal issue...
IF %dd% EQU 08 (SET yd=07)&& GOTO PDSET
IF %dd% EQU 09 (SET yd=08)&& GOTO PDSET
IF %dd% EQU 10 (SET yd=09)&& GOTO PDSET
::Overcome 1st of the month issue...
IF %dd% NEQ 01 (GOTO YDSET)
IF %mm% EQU 01 (SET /A yy=%year%-1&& SET ym=12&& SET yd=31&& GOTO PDSET)
IF %mm% EQU 02 (SET ym=01&& SET yd=31&& GOTO PDSET)
IF %mm% EQU 04 (SET ym=03&& SET yd=31&& GOTO PDSET)
IF %mm% EQU 05 (SET ym=04&& SET yd=30&& GOTO PDSET)
IF %mm% EQU 06 (SET ym=05&& SET yd=31&& GOTO PDSET)
IF %mm% EQU 07 (SET ym=06&& SET yd=30&& GOTO PDSET)
IF %mm% EQU 08 (SET ym=07&& SET yd=31&& GOTO PDSET)
IF %mm% EQU 09 (SET ym=08&& SET yd=31&& GOTO PDSET)
IF %mm% EQU 10 (SET ym=09&& SET yd=30&& GOTO PDSET)
IF %mm% EQU 11 (SET ym=10&& SET yd=31&& GOTO PDSET)
IF %mm% EQU 12 (SET ym=11&& SET yd=30&& GOTO PDSET)
::Do Leap Year Calculations
SET /A yearchk=(%year% %% 4)
IF %yearchk% NEQ 0 (GOTO NOTLEAP)
SET /A yearchk=(%year% %% 400)
IF %yearchk% EQU 0 (GOTO YESLEAP)
SET /A yearchk=(%year% %% 100)
IF %yearchk% EQU 0 (GOTO NOTLEAP)
:YESLEAP
SET ym=02
SET yd=29
GOTO PDSET
:NOTLEAP
SET ym=02
SET yd=28
GOTO PDSET
:YDSET
SET /A pd=%dd%-1
IF %pd% LSS 8 (set yd=0%pd%) else (set yd=%pd%)
:PDSET
::AT THIS POINT YESTERDAY == %ym%\%yd%\%yy%
::LOGGING METHOD (SMTP & POP3) AND LOGFILE LOCATION
::::CHECK THE IMAIL ADMINISTRATOR PROGRAM UNDER LOCALHOST>SERVICES>POP3 AND SMTP
:::::Uncomment the method you chose by removing the 2 colons for the
corresponding method.
::::: Note: make sure that you have 2 colons in front of the unused method.
::For SYSMMDD.TXT log setting uncomment below by removing 2 colons
(set typ=sys) && set lt=SYSMMDD.TXT
::For Log Server setting uncomment below by removing 2 colons
::(set typ=log) && set lt=Log Server
if defined typ (echo.Log Method: %lt%) else (echo.Log Method: Log method not
defined)
if exist %spl%%typ%%ym%%yd%.txt (echo.Imail logfile found:
%spl%%typ%%ym%%yd%.txt) else (echo.Imail logfile: Imail logfile NOT found,
check ::LOGGING METHOD && goto VIRUS)
::CHECK FOR DOMLIST.EXE (available on IPswitch website under free tools)
if not exist %spl%domlist.exe (echo.Domain lister tool not found at location
%spl%DOMLIST.EXE && goto VIRUS )
::Generate report
echo.Report created %time% %year%-%mm%-%dd% by Usage(v2.0) on Imail server (for
%yy%-%ym%-%yd%) > %log%%ym%%yd%usage.log
:Domain breakdown:
%spl%domlist %spl%%typ%%ym%%yd%.txt | find /V "Domain Lister - (C) Copyright
2001" | find /V "Please consider using our" >> %log%%ym%%yd%usage.log
:VIRUS DETECTIONS
if exist %spl%vir%ym%%yd%.log (echo.Declude.Virus logfile:
%spl%vir%ym%%yd%.log) else (echo.Declude logfile: Declude.Virus logfile not
found && goto showlog)
echo.Virus Detections: >> %log%%ym%%yd%usage.log
for /f "tokens=3" %%v IN ('%sys%find /C "Scanned: CONTAINS A VIRUS"
%spl%vir%ym%%yd%.log') do set virs=%%v
echo.%virs% Viruses detected for %ym%-%yd%-%yy% >> %log%%ym%%yd%usage.log
::Virus detail
::echo %day%, %mm%-%dd%-%year% yesterday: %ym-%yd%-%yy%
echo.> viri.tmp && echo.> virilist.tmp && echo.> viri.dat
::Virus Counts
echo.>> %log%%ym%%yd%usage.log
echo.Virus Counts >> %log%%ym%%yd%usage.log
echo.>> %log%%ym%%yd%usage.log
for /f "tokens=4 delims=:" %%v IN ('%sys%find "INFECTED" %spl%vir%ym%%yd%.log')
do echo.%%v | %sys%find " " >> virilist.tmp
%util%sort.exe virilist.tmp > virisort.tmp
%util%uniq.exe -c -i virisort.tmp > virilist.tmp
%util%sort.exe -g -r virilist.tmp >> %log%%ym%%yd%usage.log
::Virus Recipients
echo.>> %log%%ym%%yd%usage.log
echo.Virus Recipients >> %log%%ym%%yd%usage.log
echo.>> %log%%ym%%yd%usage.log
echo.> virilist.tmp
for /f "tokens=5 delims=:[" %%v IN ('%sys%find "[incoming"
%spl%vir%ym%%yd%.log') do echo.%%v | %sys%find "@" >> virilist.tmp
for /f "tokens=6 delims=:[" %%v IN ('%sys%find "[incoming"
%spl%vir%ym%%yd%.log') do echo.%%v | %sys%find "@" >> virilist.tmp
for /f "tokens=7 delims=:[" %%v IN ('%sys%find "[incoming"
%spl%vir%ym%%yd%.log') do echo.%%v | %sys%find "@" >> virilist.tmp
%util%sort.exe virilist.tmp > virisort.tmp
%util%uniq.exe -c -i virisort.tmp > virilist.tmp
%util%sort.exe -g -r virilist.tmp >> %log%%ym%%yd%usage.log
::Virus Sources
echo.>> %log%%ym%%yd%usage.log
echo.Virus Sources >> %log%%ym%%yd%usage.log
echo.>> %log%%ym%%yd%usage.log
echo.> virilist.tmp
for /f "tokens=7 delims=:[]" %%v IN ('%sys%find "[incoming"
%spl%vir%ym%%yd%.log') do echo.%%v | %sys%find "from" >> virilist.tmp
for /f "tokens=8 delims=:[]" %%v IN ('%sys%find "[incoming"
%spl%vir%ym%%yd%.log') do echo.%%v | %sys%find "from" >> virilist.tmp
for /f "tokens=9 delims=:[]" %%v IN ('%sys%find "[incoming"
%spl%vir%ym%%yd%.log') do echo.%%v | %sys%find "from" >> virilist.tmp
%util%sort.exe virilist.tmp > virisort.tmp
%util%uniq.exe -c -i virisort.tmp > virilist.tmp
%util%sort.exe -g -r virilist.tmp >> %log%%ym%%yd%usage.log
::Virus Logs
for /f "tokens=1-3" %%v IN ('%sys%find "Scanned: CONTAINS A VIRUS"
%spl%vir%ym%%yd%.log') do echo.%%x | %sys%find "Q" >> viri.tmp
for /f "skip=1" %%j IN (viri.tmp) do %sys%find "%%j" %spl%vir%ym%%yd%.log >>
viri.dat
%sys%find /v "D:" viri.dat | %sys%find /v "----" >> %log%%ym%%yd%usage.log
:Send report
if not defined dest goto showlog
%send% -f %log%%ym%%yd%usage.log -s "%day% %ym%-%yd%-%yy% Mail usage/Virus
report" -t %dest% -u jbennett -h mail.quickflix.com && goto end
:showlog
if not exist %log%%ym%%yd%usage.log goto end
echo. & echo.
::type %log%%ym%%yd%usage.log
:end
endlocal
