Virus infected stat?
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5185
Printed Date: 02 May 2025 at 10:35am
Topic: Virus infected stat?
Posted By: Guests
Subject: Virus infected stat?
Date Posted: 23 May 2005 at 11:51am
|
Would it be possible to add a stat that tells an admin how many emails were rejected due to a virus? I know I can get this from the logs, but a quick number would be nice. I consider this rejection reason to be significantly more critical to me than which keyword or RBL blocked the email due to the potential damage that could be caused. An alert to an admin when that number increases (say x rejects in x minutes/seconds etc) too fast would be nice as well. The ability to drop virus infected senders into the Honeypot is great, solves the virus flooding DOS issue!!! Thanks for that!!! Oh, and I'll toss my vote in again for the auto black list function... Cheers, Wayne |
Replies:
Posted By: LogSat
Date Posted: 23 May 2005 at 4:57pm
|
Jacksun, If you're quarantining to a database, you can check the "Statistics" tab, as one of the graphs will show the emails blocked by viruses. The following query for MS SQL will break apart the stats for the various filters starting from a specified date: SELECT dbo.tblQuarantine.RejectID, dbo.tblRejectCodes.RejectDesc, COUNT(dbo.tblQuarantine.Reje ctID) AS Total FROM dbo.tblQuarantine INNER JOIN &nbs p; &nbs p; dbo.tblRejectCodes ON dbo.tblQuarantine.RejectID = dbo.tblRejectCodes.RejectID WHERE (dbo.tblQuarantine.MsgDate > CONVERT(DATETIME, '2005-3-23 16:00', 102)) GROUP BY dbo.tblQuarantine.RejectID, dbo.tblRejectCodes.RejectDesc You can also use Sawmill, a log analyzer that supports SpamFilter, to extract the info from the logfiles. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Desperado
Date Posted: 23 May 2005 at 6:07pm
|
All, As an update to the Sawmill comment that Roberto makes above, I have the latest & greatest filter plug in for Sawmill version 7.1x at: http://spamman.mags.net/sawmill/logsat_spam_filter_isp.cfg - http://spamman.mags.net/sawmill/logsat_spam_filter_isp.cfg Regards, ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: Guests
Date Posted: 22 February 2006 at 7:16am
|
Still, I support the feature request of having for example "Virus stopped: xxx" on the front of the GUI, just like "Emails blocked" is ...
It is nice to be able to show my boss that the antivirus plugin pays off without having to buy all kind of loganalyzers to show that is stops alot .. and I really want to send viruses to null instead of quarantene them just to get stats for them..
pretty please ??
 |
Posted By: LogSat
Date Posted: 22 February 2006 at 4:40pm
|
Workaround... more precise as it will give you counts for any day you wish. You can use the Windows's FIND command to extract the connection cout for a day, along with the viruses count found in a day as follows. From a DOS prompt type: find /c /i "Connection from" c:\spamfilter\logfiles\20060221.log find /c "infected with the virus" c:\spamfilter\logfiles\20060221.log the result will give you the number those events for any day. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Rush
Date Posted: 28 August 2006 at 2:58am
|
I use the command: find /c /i "infected with the virus" d:\spamfilter\logfiles\20060827.log but no longer see that it stops any virus at all ... (allways returns: "0")
Did the logging of viruses change or has my plugin stopped working ??
(It says it is activated and active and checks for updates but I have absolutely no indication it is working, because I know we receive viruses but it seems alot bypass spamfilters virus plugin)
|
Posted By: LogSat
Date Posted: 28 August 2006 at 4:21pm
|
Rush, We used the domain specified in the email address in your forum's profile to test your setup. I sent a test email containing the EICAR attachment, and it was not stopped. The EICAR is a test file used by antivirus vendors that contains a "fake virus" that should trigger a virus alert. It did not trigger in your case, so SpamFilter's A/V plugin does not appear to be running. Can you ensure that on SpamFilter's Antivirus tab, right above the "Update Now" button, there is a label stating "Norman antivirus found"? Could you please also stop/start SpamFilter, wait about 5 minutes, then zip and email us SpamFilter's activity logfile for the day? ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: jerbo128
Date Posted: 22 September 2006 at 9:40pm
Dan Can you tell a dummy how to use your config file with sawmill? jerbo128
|
Desperado wrote:Posted By: Desperado
Date Posted: 27 September 2006 at 12:04pm
|
Jerbo128, If you have the latest Sawmill version, (7.2.x), the plugin *should* be included. Otherwise, replace the existing plugin whith the one above and when you set up a NEW configuration, it will use that plugin. ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |