[Logwatch-Devel] Re: Remove time from logwatch reports
mgt at stellarcore.net
Thu Feb 9 15:08:02 MST 2006
On Thu, 2006-02-09 at 19:19 +0200, Nerijus Baliunas wrote:
> Thanks, it works very nice. Two more types of output though:
> **Unmatched Entries**
> /var/spool/MailScanner/incoming/3615/F1C708013E.CA126/msg-3615-121.html SUSPICION Exploit.HTML.Iframe.FileDownload : 1 Time(s)
> Files hidden in very deeply nested archive in 5A4C480130.D0ED9 : 1 Time(s)
> Files hidden in very deeply... is from MailScanner, not Kaspersky.
I wonder if SUSPICION should be ignored? If it was an iframe it should
have be picked up by Mailscanner also and should be the Content
Files hidden in very deeply should probably also be ignored as it is
more a warning then anything else.
Anyone have any input on this?
> And here is the output from kavdaemon:
> ./k187d4530186/21_price.zip/whtmlge.exe^Iinfected: Email-Worm.Win32.Bagle.fj^M : 1 Time(s)
> Found viruses: ./k18H8j501094/your_text.pif^Iinfected: Email-Worm.Win32.NetSky.d^M : 1 Time(s)
> You can either make kavdaemon a section of its own or use the same Kaspersky Virus Report
These are in your maillogs but are from mailscanner that is do they show
up as Unmatched entries? Otherwise it is probably just repeated
information. One report from the daemon and one report for Mailscanner.
More information about the Logwatch-Devel