The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
Scripts / handy tips
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 script for virus activity...
Author: Erin 
Date:   06-08-04 16:39

I use Amavisd-new via postfix and wanted to see the virus activity without using grep on the log file. This is the program I use... It only shows the current log and is very simple.

-------------------------------
#!/usr/bin/perl -w

use strict;

my $i           = 0;
my @DATA;
my %main;
my $virus;
my $key;

open(DATA, "/var/log/maillog") or die"Unable to open log file: $!";
  while(<DATA>) {
    if ( /INFECTED\s+\(([0-9a-zA-Z.-]{4,25})\)\,/ ) {
      $main{$1}++;
      $i++;
    };
  };
close(DATA);

foreach $key (sort keys %main) {
  print $key . " -> " . $main{$key} . "\n"
};

print "Total: $i\n";

exit(1);

-------------------------------

And a sample output:

------------------------------
root@vhost# ./virus.pl
Exploit.IFrame.Gen -> 2
W95.Hybris.PI.003 -> 4
Worm.Bagle.AC -> 8
Worm.Bagle.AG -> 2
Worm.Bagle.AG.2 -> 6
Worm.Bagle.Gen-vbs -> 34
Worm.Bagle.Z -> 60
Worm.Klez.H -> 6
Worm.Lovgate.X -> 12
Worm.Mimail.J -> 4
Worm.Mydoom.I -> 12
Worm.Mydoom.M -> 32
Worm.SomeFool.AB -> 22
Worm.SomeFool.Gen-1 -> 122
Worm.SomeFool.I -> 74
Worm.SomeFool.P -> 821
Worm.SomeFool.Q -> 324
Worm.SomeFool.Z -> 8
Total: 1553
root@vhost#

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org