[sanesecurity] Re: brassbandportal.co.uk honey-pot
- From: Bill Randle <billr@xxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Thu, 23 Apr 2009 19:25:15 -0700
On Thu, 2009-04-23 at 20:12 -0500, Chris wrote:
> On Fri, 2009-04-24 at 11:52 +1100, Michael Mansour wrote:
>
> >
> > Can the most updated script be made available on the Sanesecurity website
> > please?
> >
> > Because of this thread, I plan on implementing the script this weekend and
> > making available my stats via URL to Steve for posting.
> >
> > Thanks.
> >
> > Michael.
> >
> I just looked at the file Steve has and it is the most updated as it has
> the changed line 158. One other note, I have the meter.jpg file placed
> in /var/www/html/meter.jpg on my Mandriva 2009 box, YMMV though. This is
> what creates the - in the .html output.
I edited the stats program to include support for amavis:
--- clamstats.pl 2009-01-25 18:07:30.000000000 -0800
+++ /usr/local/bin/clamstats.pl 2009-04-23 19:23:44.000000000 -0700
@@ -154,6 +154,9 @@
print "DEFANG: ID: $id, EXT: $ext, VIRUS: $virus\n";
addstats($date,$virus,$ext);
+ } elsif (($id,$virus) = ($log =~ m{amavis-(\w+).*:\s+(.+)
FOUND} )) {
+ #print "AMAVIS: ID: $id, VIRUS: $virus\n";
+ addstats($date,$virus,'N/A');
# } elsif (($virus) = ($log =~ /^stream(?: \d+)?: (.+)
FOUND/ )) {
} elsif (($virus) = ($log =~ /^stream[^:]+: (.+) FOUND/ ))
{
# Tue Feb 13 23:03:04 2007 -> stream:
Html.Phishing.Bank.Gen175.Sanesecurity.06032008 FOUND
-Bill
Other related posts:
