I just killed an older CentOS4 box with Gamera and installed CentOS5 as a virtual machine on a VMWARE ESXi Server and see that there are some new types of entrys in the maillog, like virus_found_in_sent_message that I havn't seen in the old version.
I put togheter a little PHP script that scans trough the maillog to get some stats on how many SPAM/HAM/VIRUS gamera has handled.
Question is, what entries should I look for and how to calculate them to got the right numbers. Would the following three cover all types of actions taken by qmail-scanner/spamssassin?
$string_spam = "SPAM-DELETED";
$string_ham = "Clear:RC";
$string_clamd_virus = "virus_found_in_sent_message";
Using only the first two would cover 100% of all emails beeing hadled? However, I've seen that Clear:RC is often followed by a "virus_found_in_sent_message"...
I should mention that all mails with a score over X is deleted, no subject rewrite in use.
Also, what does Gamera do with emails where a virus is found? Does it only delete the attahced file and send the email over for spamssassin for SPAM-check (or reverse order)? Latest log has ~44000 virus_found_in_sent_message of a total of ~200.000 mails triggering either SPAM-DELETED or Clear:RC...
What entrys should I look for in the Gamera maillog?
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
This is what I look for in atomic scanner:
Code: Select all
if (preg_match("/.*Process/", $result[2])) {
$total++;
$data[]=$date."\tProcessed";
} else if (preg_match("/.*here be a virus/", $result[2])) {
$virus++;
$data_virus[]=$date."\tvirus";
} else if (preg_match("/.*SA: yup, this smells /", $result[2])) {
$spam++;
$data_spam[]=$date."\tspam";
} else if (preg_match("/.*q_s: Policy BLOCK/", $result[2])) {
$policy++;
$data_policy[]=$date."\tpolicy";
}
Thanks. I'll look into that next week.
What about viruses? Does clamd just clean out the infected file and sends the email itself onto spamd or to the email server, or does it delete the whole mail if an virus is found?
Just to know how I should calculate the stats found in maillog and know how many mails that enters the Gamera box and how many that leaves it and are beeing sent onto the PLESK boxes...
Thanks.
What about viruses? Does clamd just clean out the infected file and sends the email itself onto spamd or to the email server, or does it delete the whole mail if an virus is found?
Just to know how I should calculate the stats found in maillog and know how many mails that enters the Gamera box and how many that leaves it and are beeing sent onto the PLESK boxes...
Thanks.
-
breun
- Long Time Forum Regular
- Posts: 2813
- Joined: Sat Aug 20, 2005 9:30 am
- Location: The Netherlands
There is a log-report.sh script available in the qmail-scanner package that you can run on qmail-queue logs:
Code: Select all
/usr/share/qmail-scanner/log-report.sh /var/spool/qscan/qmail-queue.logLemonbit Internet Dedicated Server Management