[clamav-users] How many viruses/malware is clamav protecting us from?
Sylvain Robitaille
syl at encs.concordia.ca
Mon Dec 19 21:46:10 UTC 2022
On Thu, 15 Dec 2022, Michael Kyriacou wrote:
> Hello, is there a way to see how viruses/malware clamav current
> protects us from. Additionally, is there a way to see the amount of
> added virus definitions/signatures per update if clamav?
I know that this isn't what was being asked for, but I suspect that it
may be more useful to know how many messages that clamav has matched
against which virus / malware signature. In other words, how many
viruses and other malware did clamav protect *our* (users') systems
from today? To that end, I use the following (admittedly simple)
script, run nightly on each mail relay server, and I get a daily
report that I can point to, to show what is being protected against.
#!/bin/sh
#
# @(#)maillog_report_clamav_matches 2022-11-25 Sylvain Robitaille
#
# report on which clamav signatures have matched, and how many times
# each have matched from the latest maillog file (or the file(s) named
# as argument(s).
PATH=/usr/local/bin:/usr/bin:/bin
# <space><tab><newline>
IFS="
"
export PATH;
export IFS;
umask 022
# if we have no arguments, we'll default to the current maillog file;
# else the arguments are the list;
if [ "$*" ]; then
MAILLOG=$*
else
MAILLOG="/var/log/maillog"
fi
# That's it ...
grep -w FOUND ${MAILLOG} |\
awk '{print $(NF-1)}' |\
sort -h |\
uniq -c |\
sort -rh |\
awk '{total+=$1; print} END {if (NR > 1) print "total:", total}'
I'm hoping that this can help, or it might perhaps inspire a script
that's more relevant to your own situation.
--
----------------------------------------------------------------------
Sylvain Robitaille syl at encs.concordia.ca
Systems analyst / Postmaster / AITS Concordia University
Faculty of Engineering and Computer Science Montreal, Quebec, Canada
----------------------------------------------------------------------
More information about the clamav-users
mailing list