OT: RE: [Mimedefang] Graphdefang not graphing virus types

Joe Arnstein mimedefang at claireandjoe.com
Mon May 17 15:47:07 EDT 2004 

Jonas and all ,

Grep'ing through the logs manually, I see a virus called "<Anonymous".
Not sure if it was some kind of anomaly with uvscan, or Mimedefang, or
if there really was some virus known as <Anonymous, but is it possible
Graphdefang is having trouble processing VirusName with garbage like <
as value1?  If it is, do you know a way to remove this data from
SummaryDB.db?  

I'm otherwise stumped.  

Thanks,
Joe Arnstein

-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of Joe
Arnstein
Sent: Monday, May 17, 2004 12:09 PM
To: mimedefang at lists.roaringpenguin.com
Subject: RE: [Mimedefang] Graphdefang not graphing virus types

Hi Jonas,

Thanks for your response.  The default 'general' file I'm using matches
up with what my log files look like, and SummaryDB.db contains
virus-type information, indicating that it is collecting that
data....not sure if it's saved as 'value1' or not.

The logs that incorporate value2 are accurate, but there is only one
value1 graph which of course didn't work.  Here is a snip from my log:

May 17 11:58:40 mailserver1 mimedefang.pl[5603]:
MDLOG,i4HG1s5B024434,virus,W32/Netsky.p at MM,68.41.153.55,<nuferm at sender.c
om>,<lunketm at recipient.com>,Mail Delivery (failure lunketm at sender.com)


        if ($text =~
m/^MDLOG,\S+?,(\S+?),(\S*?),(\S*?),(.*?),(.*?),(.*)$/ ) 
 
                        $event = $1;
                        $value1 = $2;
                        $value2 = $3;
                        $sender = $4;
                        $recipient = $5;
                        $subject = $6;
                        $FoundNewRow = 1;

Value1 should be W32/Netsky.p at MM, no?  

Joe

-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of Jonas
Eckerman
Sent: Friday, May 14, 2004 5:09 PM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Graphdefang not graphing virus types

On Fri, 14 May 2004 10:54:43 -0400, Joe Arnstein wrote:

>  senders of viruses show up OK, but Graphdefang generates an empty
>  .png file for the list of virus types (daily/hourly/monthly

Check your mimedefang event file (usually "event/mimedefang.pl/general"
i graphdefang's dir) and compare it's regexp matching to the log lines.

Do you get correct value1-data for other events?

/Jonas
-- 
Jonas Eckerman, jonas_lists at frukt.org
http://www.fsdb.org/


_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list