[Mimedefang] Sample Graphing Scripts on the mimedefang website

David F. Skoll dfs at roaringpenguin.com
Wed May 15 09:56:20 EDT 2002


On Wed, 15 May 2002, Anthony Giggins wrote:

> Do you have these sample logging scripts available for us the
> programming impaired?

Oh, sure; they're tiny.

Prerequisites:

- Tcl 8.0 or higher
- Gnuplot

(I really like Tcl, and would have written mimedefang in Tcl instead of
Perl were it not for all the great CPAN modules. :-()

Also, when you bounce a virus, the filter must do something like this:

syslog('info', "$MsgID from $Sender via $RelayAddr ($RelayHostname) " .
               "re: ($Subject) bounced because of attachment $fname");

because the graphing script keys on the "bounced because of" phrase.

Grapher attached.  It's rather specific to my mail server, but
should be relatively easy to modify.

Regards,

David.

#----------------- Cut here ------------------------------------------

#!/usr/bin/tclsh
#***********************************************************************
#
# count-viruses.tcl
#
# Analyzes mail and web log files to look for virus hits.
#
# Copyright (C) 2002 Roaring Penguin Software Inc.
#
# $Id: count-viruses.tcl,v 1.4 2002/05/07 03:22:10 dfs Exp $
#***********************************************************************

# Mail viruses per day are indexed in $MailViruses(yyyy/mm/dd)

catch { unset MailViruses }
catch { unset MailTotal }
#***********************************************************************
# %PROCEDURE: parseMailLog
# %ARGUMENTS:
#  fname -- name of mail log file
# %RETURNS:
#  Nothing
# %DESCRIPTION:
#  Increments MailViruses(yyyy/mm/dd) for each bounced virus.
#***********************************************************************
proc parseMailLog { fname } {
    global MailViruses MailTotal
    if {[catch {set fp [open $fname "r"]}]} {
	return
    }
    while {[gets $fp line] >= 0} {
	if {[regexp "sendmail.*: from=<" $line]} {
	    set time [string range $line 0 6]
	    set time [clock format [clock scan $time] -format "%Y/%m/%d"]
	    if {[info exists MailTotal($time)]} {
		incr MailTotal($time)
	    } else {
		set MailTotal($time) 1
	    }
	}
	if {![regexp -expanded -nocase "mimedefang.pl.*bounced.*.(pif|exe|bat|com|scr|wsh|dll)" $line]} {
	    continue
	}
	set time [string range $line 0 6]
	set time [clock format [clock scan $time] -format "%Y/%m/%d"]
	if {[info exists MailViruses($time)]} {
	    incr MailViruses($time)
	} else {
	    set MailViruses($time) 1
	}
    }
    close $fp
}

#***********************************************************************
# %PROCEDURE: plotMailLog
# %ARGUMENTS:
#  Nothing
# %RETURNS:
#  Calls gnuplot to plot mail virus statistics
#***********************************************************************
proc plotMailLog {} {
    global MailViruses
    set fp [open "|gnuplot" w]
    puts $fp "set xdata time"
    puts $fp {set yrange [0:*]}
    puts $fp "set size 1,0.5"
    puts $fp "set timefmt \"%Y/%m/%d\""
    puts $fp "set xlabel 'Date'"
    puts $fp "set ylabel \"Viruses per day\""
    puts $fp "set title 'Microsoft Virus Arrival Frequency'"
    puts $fp "set format x '%d/%b'"
    puts $fp "set xtics 86400*7"
    puts $fp "set mxtics 7"
    puts $fp "set grid mxtics xtics ytics"
    puts $fp "set terminal png small color"
    puts $fp "set output 'mail-viruses.png'"
    puts $fp "plot '-' using 1:2 title 'Viruses' with lines"
    set keys [lsort [array names MailViruses]]
    foreach thing $keys {
	set val $MailViruses($thing)
	puts $fp "$thing $val"
    }
    puts $fp "e"
    flush $fp
    close $fp
}

#***********************************************************************
# %PROCEDURE: plotMailPercentage
# %ARGUMENTS:
#  Nothing
# %RETURNS:
#  Calls gnuplot to plot mail virus statistics
#***********************************************************************
proc plotMailPercentage {} {
    global MailViruses MailTotal
    set fp [open "|gnuplot" w]
    puts $fp "set xdata time"
    puts $fp {set yrange [0:*]}
    puts $fp "set size 1,0.5"
    puts $fp "set timefmt \"%Y/%m/%d\""
    puts $fp "set xlabel 'Date'"
    puts $fp "set ylabel \"Percentage\""
    puts $fp "set title 'Microsoft Viruses as Percentage of Messages'"
    puts $fp "set format x '%d/%b'"
    puts $fp "set xtics 86400*7"
    puts $fp "set mxtics 7"
    puts $fp "set grid mxtics xtics ytics"
    puts $fp "set terminal png small color"
    puts $fp "set output 'mail-percent.png'"
    puts $fp "plot '-' using 1:2 title 'Viruses' with lines"
    set keys [lsort [array names MailViruses]]
    foreach thing $keys {
	set val $MailViruses($thing)
	if {[catch { set total $MailTotal($thing) }]} {
	    continue
	}
	if {$total == 0} {
	    continue
	}
	set val [expr (100.0 * $val) / (1.0 * $total)]
	puts $fp "$thing $val"
    }
    puts $fp "e"
    flush $fp
    close $fp
}

parseMailLog "/var/log/maillog.4"
parseMailLog "/var/log/maillog.3"
parseMailLog "/var/log/maillog.2"
parseMailLog "/var/log/maillog.1"
parseMailLog "/var/log/maillog"

foreach thing [lsort [array names MailTotal]] {
    if {![info exists MailViruses($thing)]} {
	set MailViruses($thing) 0
    }
}

plotMailLog
plotMailPercentage




More information about the MIMEDefang mailing list