Re: [clamav-users] How many viruses/malware is clamav protecting us from?
Thank you for this
On Mon, Dec 19, 2022 at 4:47 PM Sylvain Robitaille
wrote:
> On Thu, 15 Dec 2022, Michael Kyriacou wrote:
>
> > Hello, is there a way to see how viruses/malware clamav current
> > protects us from. Additionally, is there a way to see the amount of
> > added virus definitions/signatures per update if clamav?
>
> I know that this isn't what was being asked for, but I suspect that it
> may be more useful to know how many messages that clamav has matched
> against which virus / malware signature. In other words, how many
> viruses and other malware did clamav protect *our* (users') systems
> from today? To that end, I use the following (admittedly simple)
> script, run nightly on each mail relay server, and I get a daily
> report that I can point to, to show what is being protected against.
>
> #!/bin/sh
> #
> # @(#)maillog_report_clamav_matches 2022-11-25 Sylvain Robitaille
> #
> # report on which clamav signatures have matched, and how many times
> # each have matched from the latest maillog file (or the file(s) named
> # as argument(s).
>
> PATH=/usr/local/bin:/usr/bin:/bin
> #
> IFS="
> "
> export PATH;
> export IFS;
> umask 022
>
> # if we have no arguments, we'll default to the current maillog file;
> # else the arguments are the list;
> if [ "$*" ]; then
>MAILLOG=$*
> else
>MAILLOG="/var/log/maillog"
> fi
>
> # That's it ...
> grep -w FOUND ${MAILLOG} |\
>awk '{print $(NF-1)}' |\
>sort -h |\
>uniq -c |\
>sort -rh |\
>awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'
>
>
> I'm hoping that this can help, or it might perhaps inspire a script
> that's more relevant to your own situation.
>
> --
> --
> Sylvain Robitaille s...@encs.concordia.ca
>
> Systems analyst / Postmaster / AITS Concordia University
> Faculty of Engineering and Computer Science Montreal, Quebec, Canada
> --
> ___
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] How many viruses/malware is clamav protecting us from?
On Thu, 15 Dec 2022, Michael Kyriacou wrote:
Hello, is there a way to see how viruses/malware clamav current
protects us from. Additionally, is there a way to see the amount of
added virus definitions/signatures per update if clamav?
I know that this isn't what was being asked for, but I suspect that it
may be more useful to know how many messages that clamav has matched
against which virus / malware signature. In other words, how many
viruses and other malware did clamav protect *our* (users') systems
from today? To that end, I use the following (admittedly simple)
script, run nightly on each mail relay server, and I get a daily
report that I can point to, to show what is being protected against.
#!/bin/sh
#
# @(#)maillog_report_clamav_matches 2022-11-25 Sylvain Robitaille
#
# report on which clamav signatures have matched, and how many times
# each have matched from the latest maillog file (or the file(s) named
# as argument(s).
PATH=/usr/local/bin:/usr/bin:/bin
#
IFS="
"
export PATH;
export IFS;
umask 022
# if we have no arguments, we'll default to the current maillog file;
# else the arguments are the list;
if [ "$*" ]; then
MAILLOG=$*
else
MAILLOG="/var/log/maillog"
fi
# That's it ...
grep -w FOUND ${MAILLOG} |\
awk '{print $(NF-1)}' |\
sort -h |\
uniq -c |\
sort -rh |\
awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'
I'm hoping that this can help, or it might perhaps inspire a script
that's more relevant to your own situation.
--
--
Sylvain Robitaille s...@encs.concordia.ca
Systems analyst / Postmaster / AITS Concordia University
Faculty of Engineering and Computer Science Montreal, Quebec, Canada
--
___
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] How many viruses/malware is clamav protecting us from?
Technically speaking, this is an impossible question to answer. Since there are millions of pieces of detection in ClamAV, but one piece of detection can cover millions of pieces of malware. > On Dec 15, 2022, at 9:09 AM, Michael Kyriacou via clamav-users > wrote: > > Hello, is there a way to see how viruses/malware clamav current protects us > from. Additionally, is there a way to see the amount of added virus > definitions/signatures per update if clamav? > ___ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] How many viruses/malware is clamav protecting us from?
Al, > From: clamav-users On Behalf Of Al > Varnell via clamav-users > Sent: Thursday, December 15, 2022 9:20 AM > To: ClamAV users ML > Cc: Al Varnell > Subject: Re: [clamav-users] How many viruses/malware is clamav protecting us > from? > > I don't believe I understand your question. Are you asking what malware > clamav is protecting you against? If so the simple answer is all malware > (viruses > are just one type of malware). "sigtool --find-sigs ." should work to list all current rules, but yeah unless you are looking for something specific, I don't know the reason you would want them. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] How many viruses/malware is clamav protecting us from?
Sent from my iPad On Dec 15, 2022, at 06:10, Michael Kyriacou via clamav-users wrote: Hello Michael, > Hello, is there a way to see how viruses/malware clamav current protects us > from. I don't believe I understand your question. Are you asking what malware clamav is protecting you against? If so the simple answer is all malware (viruses are just one type of malware). > Additionally, is there a way to see the amount of added virus > definitions/signatures per update if clamav? Yes, just subscribe to this mail list: https://lists.clamav.net/mailman/listinfo/clamav-virusdb -Al-___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] How many viruses/malware is clamav protecting us from?
Michael, Here’s the update mailing list: https://lists.clamav.net/mailman/listinfo/clamav-virusdb Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 From: clamav-users On Behalf Of Michael Kyriacou via clamav-users Sent: Thursday, December 15, 2022 9:10 AM To: ClamAV users ML Cc: Michael Kyriacou Subject: [clamav-users] How many viruses/malware is clamav protecting us from? Hello, is there a way to see how viruses/malware clamav current protects us from. Additionally, is there a way to see the amount of added virus definitions/signatures per update if clamav? ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] How many viruses/malware is clamav protecting us from?
Hello, is there a way to see how viruses/malware clamav current protects us from. Additionally, is there a way to see the amount of added virus definitions/signatures per update if clamav? ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
