Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Virus infected stat?
  FAQ FAQ  Forum Search   Register Register  Login Login

Virus infected stat?

 Post Reply Post Reply
Author
Jacksun View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Jacksun Quote  Post ReplyReply Direct Link To This Post Topic: Virus infected stat?
    Posted: 23 May 2005 at 11:51am

Would it be possible to add a stat that tells an admin how many emails were rejected due to a virus? I know I can get this from the logs, but a quick number would be nice. I consider this rejection reason to be significantly more critical to me than which keyword or RBL blocked the email due to the potential damage that could be caused. An alert to an admin when that number increases (say x rejects in x minutes/seconds etc) too fast would be nice as well.

The ability to drop virus infected senders into the Honeypot is great, solves the virus flooding DOS issue!!!  Thanks for that!!!

Oh, and I'll toss my vote in again for the auto black list function...

Cheers,

Wayne

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 23 May 2005 at 4:57pm
Jacksun,

If you're quarantining to a database, you can check the "Statistics" tab, as one of the graphs will show the emails blocked by viruses.
The following query for MS SQL will break apart the stats for the various filters starting from a specified date:

SELECT     dbo.tblQuarantine.RejectID, dbo.tblRejectCodes.RejectDesc, COUNT(dbo.tblQuarantine.Reje ctID) AS Total
FROM         dbo.tblQuarantine INNER JOIN
         &nbs p;         &nbs p;  dbo.tblRejectCodes ON dbo.tblQuarantine.RejectID = dbo.tblRejectCodes.RejectID
WHERE     (dbo.tblQuarantine.MsgDate > CONVERT(DATETIME, '2005-3-23 16:00', 102))
GROUP BY dbo.tblQuarantine.RejectID, dbo.tblRejectCodes.RejectDesc

You can also use Sawmill, a log analyzer that supports SpamFilter, to extract the info from the logfiles.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 23 May 2005 at 6:07pm

All,  As an update to the Sawmill comment that Roberto makes above, I have the latest & greatest filter plug in for Sawmill version 7.1x at:

http://spamman.mags.net/sawmill/logsat_spam_filter_isp.cfg

Regards,

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
Ronny View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ronny Quote  Post ReplyReply Direct Link To This Post Posted: 22 February 2006 at 7:16am
Still, I support the feature request of having for example "Virus stopped: xxx" on the front of the GUI, just like "Emails blocked" is ...
 
It is nice to be able to show my boss that the antivirus plugin pays off without having to buy all kind of loganalyzers to show that is stops alot .. and I really want to send viruses to null instead of quarantene them just to get stats for them..
 
pretty please ??
 
 
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 22 February 2006 at 4:40pm
Workaround... more precise as it will give you counts for any day you wish.
You can use the Windows's FIND command to extract the connection cout for a day, along with the viruses count found in a day as follows. From a DOS prompt type:

find /c /i "Connection from" c:\spamfilter\logfiles\20060221.log

find /c "infected with the virus" c:\spamfilter\logfiles\20060221.log

the result will give you the number those events for any day.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Rush View Drop Down
Newbie
Newbie


Joined: 28 August 2006
Location: Norway
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote Rush Quote  Post ReplyReply Direct Link To This Post Posted: 28 August 2006 at 2:58am
I use the command: find /c /i "infected with the virus" d:\spamfilter\logfiles\20060827.log but no longer see that it stops any virus at all ... (allways returns: "0")
 
Did the logging of viruses change or has my plugin stopped working ??
(It says it is activated and active and checks for updates but I have absolutely no indication it is working, because I know we receive viruses but it seems alot bypass spamfilters virus plugin)
 
 
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 28 August 2006 at 4:21pm
Rush,

We used the domain specified in the email address in your forum's profile to test your setup. I sent a test email containing the EICAR attachment, and it was not stopped. The EICAR is a test file used by antivirus vendors that contains a "fake virus" that should trigger a virus alert. It did not trigger in your case, so SpamFilter's A/V plugin does not appear to be running.

Can you ensure that on SpamFilter's Antivirus tab, right above the "Update Now" button, there is a label stating "Norman antivirus found"?

Could you please also stop/start SpamFilter, wait about 5 minutes, then zip and email us SpamFilter's activity logfile for the day?
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
jerbo128 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 March 2006
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote jerbo128 Quote  Post ReplyReply Direct Link To This Post Posted: 22 September 2006 at 9:40pm
Originally posted by Desperado Desperado wrote:

All,  As an update to the Sawmill comment that Roberto makes above, I have the latest & greatest filter plug in for Sawmill version 7.1x at:

http://spamman.mags.net/sawmill/logsat_spam_filter_isp.cfg

Regards,

Dan

Can you tell a dummy how to use your config file with sawmill?

jerbo128

 

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 27 September 2006 at 12:04pm

Jerbo128,

If you have the latest Sawmill version, (7.2.x), the plugin *should* be included.  Otherwise, replace the existing plugin whith the one above and when you set up a NEW configuration, it will use that plugin.

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.