[Logwatch-Devel] Re: Remove time from logwatch reports

Mike Tremaine mgt at stellarcore.net
Thu Feb 9 15:08:02 MST 2006


On Thu, 2006-02-09 at 19:19 +0200, Nerijus Baliunas wrote:

> 
> Thanks, it works very nice. Two more types of output though:
> 
>  **Unmatched Entries**
>     /var/spool/MailScanner/incoming/3615/F1C708013E.CA126/msg-3615-121.html     SUSPICION       Exploit.HTML.Iframe.FileDownload : 1 Time(s)
>     Files hidden in very deeply nested archive in 5A4C480130.D0ED9 : 1 Time(s)
> 
> Files hidden in very deeply... is from MailScanner, not Kaspersky.

I wonder if SUSPICION should be ignored? If it was an iframe it should
have be picked up by Mailscanner also and should be the Content
Checks...

Files hidden in very deeply should probably also be ignored as it is
more a warning then anything else.

Anyone have any input on this?

> 
> And here is the output from kavdaemon:
> 
>     ./k187d4530186/21_price.zip/whtmlge.exe^Iinfected: Email-Worm.Win32.Bagle.fj^M : 1 Time(s)
>     Found viruses: ./k18H8j501094/your_text.pif^Iinfected: Email-Worm.Win32.NetSky.d^M : 1 Time(s)
> 
> You can either make kavdaemon a section of its own or use the same Kaspersky Virus Report
> section.

These are in your maillogs but are from mailscanner that is do they show
up as Unmatched entries? Otherwise it is probably just repeated
information. One report from the daemon and one report for Mailscanner.

-Mike



More information about the Logwatch-Devel mailing list