Re: [Declude.Virus] log file grepping
On 6 Dec 2004 at 10:25, Johan Driesmans wrote: Hi Johan, I'm interested in your mrtg configuration, can you send me this as an example? Below is the cfg file - it will give you total virus vs total scanned. Bill did unxtools extract which I munged slightly to make mrtg like it better. I am running this in Windows w/Active State perl the latest mrtg program. If you need to know more let me know. Note: The Target[index]:. is _one_ line. [Also I believe Darrell ([EMAIL PROTECTED]) is working on a mrtg ver of a virus analyzer which does this and more... No idea of a release date - ] -Nick ### WorkDir: E:\mrtg-graphs\Imail\grep_virus Title[index]: Connections MRTG PageTop[index]: hrbrh3Server: MX1.MADRIVERACCESS.COMbr Viruses Detected / Total Email Scanned/h3 MaxBytes[index]: 100 AbsMax[index]: 100 Options[index]: gauge,unknaszero,nopercent,growright Target[index]: `egrep File\(|Scanned: (Virus|Error)|Skipping e:\imail\spool\vir1206.log | gawk {print $1,$4,$5,$6} | sed s/\/2004 / TOTAL\n/g | egrep File|TOTAL | gawk {print $(NF)} | usort | uniq -c | cut -b -8 | sed $!N;s/\n//` YLegend[index]: Scanned ShortLegend[index]: Scanned Legend1[index]: Viruses Legend2[index]: Scanned LegendI[index]: nbsp;Scanned LegendO[index]: nbsp;Viruses ### --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] clamAV - OT ClamAV For Windows 0.80-10
I just received the folloing from the Clam list - there appears to be an issue with UDP ports and cygwin -Nick On 6 Dec 2004 at 9:24, Brian Bruns wrote: From: Brian Bruns [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date sent: Mon, 6 Dec 2004 09:24:37 -0500 Subject:[clamav-announce] ClamAV For Windows 0.80-10 Hello all, Its been a while since I sent out a notice of a new version, so here it is - v0.80-10 of ClamAV. Its fresh off the compiler and should be working well. However, I've been notified of a serious issue surrounding ClamAV and Cygwin. Apparently, clamd.exe causes UDP ports to be opened for no reason, and they hang in the open state. The only way to really fix this is to kill off clamd.exe and restart it. I use a program from http://www.beyondlogic.org/consulting/processutil/processutil.htm which makes it rather easy to kill off clamd.exe cleanly. Using the regular clamscan.exe is the only way to completely avoid this issue - but you end up taking a major performance hit. We believe this problem is with Cygwin and not ClamAV, so theres limited I can do on my end until I can hash out the issue with a Cygwin developer. Anyways, latest version is up at: http://www.sosdg.org/clamav-win32 Enjoy! -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / The AHBL http://www.sosdg.org / http://www.ahbl.org ___ ClamAV For Windows Announcement Mailing List http://lists.sosdg.org/mailman/listinfo/clamav-announce --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus MRTG
[Also I believe Darrell ([EMAIL PROTECTED]) is working on a mrtg ver of a virus analyzer which does this and more... No idea of a release date - ] -Nick For the most part its done. I just havent posted it to the web site yet because I havent had a chance to create documentation for it. I will have it posted by the end of the week. Darrell http://www.invariantsystems.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virus MRTG Now Posted
FYI - The Virus MRTG script/program has been posted on our site. You can monitor the following [1] Overall Viruses / Total Messages [2] Specific Virus Scanner / Total Messages Any questions let me know. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. - Original Message - From: DLAnalyzer Support [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 06, 2004 2:41 PM Subject: [Declude.Virus] Virus MRTG [Also I believe Darrell ([EMAIL PROTECTED]) is working on a mrtg ver of a virus analyzer which does this and more... No idea of a release date - ] -Nick For the most part its done. I just havent posted it to the web site yet because I havent had a chance to create documentation for it. I will have it posted by the end of the week. Darrell http://www.invariantsystems.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.