Virus infected stat? |
Post Reply 
|
| Author | |
Jacksun 
Guest Group 
|
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Virus infected stat?Posted: 23 May 2005 at 11:51am |
|
Would it be possible to add a stat that tells an admin how many emails were rejected due to a virus? I know I can get this from the logs, but a quick number would be nice. I consider this rejection reason to be significantly more critical to me than which keyword or RBL blocked the email due to the potential damage that could be caused. An alert to an admin when that number increases (say x rejects in x minutes/seconds etc) too fast would be nice as well. The ability to drop virus infected senders into the Honeypot is great, solves the virus flooding DOS issue!!! Thanks for that!!! Oh, and I'll toss my vote in again for the auto black list function... Cheers, Wayne |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 May 2005 at 4:57pm |
|
Jacksun,
If you're quarantining to a database, you can check the "Statistics" tab, as one of the graphs will show the emails blocked by viruses. The following query for MS SQL will break apart the stats for the various filters starting from a specified date: SELECT dbo.tblQuarantine.RejectID, dbo.tblRejectCodes.RejectDesc, COUNT(dbo.tblQuarantine.Reje ctID) AS Total FROM dbo.tblQuarantine INNER JOIN &nbs p; &nbs p; dbo.tblRejectCodes ON dbo.tblQuarantine.RejectID = dbo.tblRejectCodes.RejectID WHERE (dbo.tblQuarantine.MsgDate > CONVERT(DATETIME, '2005-3-23 16:00', 102)) GROUP BY dbo.tblQuarantine.RejectID, dbo.tblRejectCodes.RejectDesc You can also use Sawmill, a log analyzer that supports SpamFilter, to extract the info from the logfiles. |
|
|
|
|
Desperado
Senior Member 
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 May 2005 at 6:07pm |
|
All, As an update to the Sawmill comment that Roberto makes above, I have the latest & greatest filter plug in for Sawmill version 7.1x at: http://spamman.mags.net/sawmill/logsat_spam_filter_isp.cfg Regards, |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
Ronny
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 22 February 2006 at 7:16am |
|
Still, I support the feature request of having for example "Virus stopped: xxx" on the front of the GUI, just like "Emails blocked" is ...
It is nice to be able to show my boss that the antivirus plugin pays off without having to buy all kind of loganalyzers to show that is stops alot .. and I really want to send viruses to null instead of quarantene them just to get stats for them..
pretty please ??
 |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 22 February 2006 at 4:40pm |
|
Workaround... more precise as it will give you counts for any day you wish.
You can use the Windows's FIND command to extract the connection cout for a day, along with the viruses count found in a day as follows. From a DOS prompt type: find /c /i "Connection from" c:\spamfilter\logfiles\20060221.log find /c "infected with the virus" c:\spamfilter\logfiles\20060221.log the result will give you the number those events for any day. |
|
|
|
|
Rush
Newbie 
Joined: 28 August 2006 Location: Norway Status: Offline Points: 3 |
Post Options
Thanks(0)
Quote Reply
Posted: 28 August 2006 at 2:58am |
|
I use the command: find /c /i "infected with the virus" d:\spamfilter\logfiles\20060827.log but no longer see that it stops any virus at all ... (allways returns: "0")
Did the logging of viruses change or has my plugin stopped working ??
(It says it is activated and active and checks for updates but I have absolutely no indication it is working, because I know we receive viruses but it seems alot bypass spamfilters virus plugin)
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 28 August 2006 at 4:21pm |
|
Rush,
We used the domain specified in the email address in your forum's profile to test your setup. I sent a test email containing the EICAR attachment, and it was not stopped. The EICAR is a test file used by antivirus vendors that contains a "fake virus" that should trigger a virus alert. It did not trigger in your case, so SpamFilter's A/V plugin does not appear to be running. Can you ensure that on SpamFilter's Antivirus tab, right above the "Update Now" button, there is a label stating "Norman antivirus found"? Could you please also stop/start SpamFilter, wait about 5 minutes, then zip and email us SpamFilter's activity logfile for the day? |
|
|
|
|
jerbo128
Senior Member
Joined: 06 March 2006 Status: Offline Points: 178 |
Post Options
Thanks(0)
Quote Reply
Posted: 22 September 2006 at 9:40pm |
Dan Can you tell a dummy how to use your config file with sawmill? jerbo128
|
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 September 2006 at 12:04pm |
|
Jerbo128, If you have the latest Sawmill version, (7.2.x), the plugin *should* be included. Otherwise, replace the existing plugin whith the one above and when you set up a NEW configuration, it will use that plugin. |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
Topic Options
Desperado wrote:|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.192 seconds.