[Logwatch-Devel] Re: Remove time from logwatch reports

Nerijus Baliunas nerijus at users.sourceforge.net
Thu Feb 9 10:19:09 MST 2006


On Thu, 09 Feb 2006 08:30:28 -0800 Mike Tremaine <mgt at stellarcore.net> wrote:

> How about I try adding Kaspersky support instead. :)
> 
> I just commit kaspersky support to CVS, I also posted the new
> mailscanner here
> 
> http://www.stellarcore.net/downloads/mailscanner
> 
> If I did it right you should get a Virus report for Kaspersky. All you
> Kaspersky users should test it and let me know how I can make it better
> for you.

Thanks, it works very nice. Two more types of output though:

 **Unmatched Entries**
    /var/spool/MailScanner/incoming/3615/F1C708013E.CA126/msg-3615-121.html     SUSPICION       Exploit.HTML.Iframe.FileDownload : 1 Time(s)
    Files hidden in very deeply nested archive in 5A4C480130.D0ED9 : 1 Time(s)

Files hidden in very deeply... is from MailScanner, not Kaspersky.

And here is the output from kavdaemon:

    ./k187d4530186/21_price.zip/whtmlge.exe^Iinfected: Email-Worm.Win32.Bagle.fj^M : 1 Time(s)
    Found viruses: ./k18H8j501094/your_text.pif^Iinfected: Email-Worm.Win32.NetSky.d^M : 1 Time(s)

You can either make kavdaemon a section of its own or use the same Kaspersky Virus Report
section.

Regards,
Nerijus


More information about the Logwatch-Devel mailing list