Author: Erin
Date: 06-08-04 16:39
I use Amavisd-new via postfix and wanted to see the virus activity without using grep on the log file. This is the program I use... It only shows the current log and is very simple.
-------------------------------
#!/usr/bin/perl -w
use strict;
my $i = 0;
my @DATA;
my %main;
my $virus;
my $key;
open(DATA, "/var/log/maillog") or die"Unable to open log file: $!";
while(<DATA>) {
if ( /INFECTED\s+\(([0-9a-zA-Z.-]{4,25})\)\,/ ) {
$main{$1}++;
$i++;
};
};
close(DATA);
foreach $key (sort keys %main) {
print $key . " -> " . $main{$key} . "\n"
};
print "Total: $i\n";
exit(1);
-------------------------------
And a sample output:
------------------------------
root@vhost# ./virus.pl
Exploit.IFrame.Gen -> 2
W95.Hybris.PI.003 -> 4
Worm.Bagle.AC -> 8
Worm.Bagle.AG -> 2
Worm.Bagle.AG.2 -> 6
Worm.Bagle.Gen-vbs -> 34
Worm.Bagle.Z -> 60
Worm.Klez.H -> 6
Worm.Lovgate.X -> 12
Worm.Mimail.J -> 4
Worm.Mydoom.I -> 12
Worm.Mydoom.M -> 32
Worm.SomeFool.AB -> 22
Worm.SomeFool.Gen-1 -> 122
Worm.SomeFool.I -> 74
Worm.SomeFool.P -> 821
Worm.SomeFool.Q -> 324
Worm.SomeFool.Z -> 8
Total: 1553
root@vhost#
|
|
