************************************************ Virus Log Analyzer ver 3.0.1 Written by Steven Slater ŠJune 2005 ************************************************ ************************************************************************************************** IMPORTANT NOTE: The LOGLEVEL in the Declude virus.cfg file must be set to "MID" to produce a log file that will contain the necessary info for which this program scans. ************************************************************************************************** Synopsis ---------------------------------------- This program is provided free of charge with absolutely no guarantees either explicit or implied. This is provided as tool as thanks for the helpful free stuff others have provided. 1. User Notes ---------------------------------- This program was developed based on log files created using Declude (www.declude.com) anti-virus log files in conjunction with Frisk's (www.f-prot.com) F-Prot anti-virus software. There is no association with Declude (www.declude.com) anti-virus or Frisk's F-Prot anti-virus software other than the reading of the log files created. This program is not supported by Declude (www.declude.com) or Frisk (www.f-prot.com). So don't e-mail them for support. Questions about this program can be posted to the Declude anti-virus mailing list. Information on how to sign up for this list can be found at http://www.declude.com/support.htm This program can be run from a workstation assuming that workstation has access to the Declude Virus log files. To produce a report: Click on the button to select the Source (virus log files) you wish to analyze. In the "File Source Window" Select the file type (*.log, *.ini, *.txt, all) of your virus log file. Select the Drive and Directory containing the log files. ** You may need open and close the network window by clicking on the NETWORK button to get the mapped drives to show up. ** The "Read only" check box when checked opens the files in read only mode to prevent accidental overwriting of the files. There should be no reason to uncheck this. Select the log files you wish to analyze Click OK You will see the file list in the Source File box. Click the button to select the Output file. Select the location for the output file. Select a file type (*.log, *.ini, *.txt, all) to list if needed Enter the output file name Click OK You will see the Output file name in the Output File box Select to Skip the counting of lines to be processed if desired. This does not affect the operation of the program. This is just an option to see the progress of log file(s) being analyzed. Select the report sort option. By virus count By virus name Click Analyze. You will see the programs progress in the line count box (if selected) and the lines processed box. When the analyzing of the log file(s) is complete click View to display the report. This program uses notepad to display the report file. 2. Program requirements ------------------------ Copy the program to its own folder and run it. If your system lacks the minimum requirements, you can run the Setup program to install the necessary files. (see below) 3. Installation Notes -------------------------- A Setup program is available if you need to install the necessary files used by this program. This Setup program may prompt you to update your "out of date" system files. This has to do with the VB Automation files and is specific to the Setup program, NOT the Virus Analyzer program. This may cause concern. If there is any question or concern about installing newer components, do not proceed. NEW for VERSION 2.22 **************************** - Report Types - The report has been modified to display the tracking of Inbound and Outbound viruses. If the program cannot identify a virus as Inbound or Outbound the report will list this count as unknown. You would see this if you ran this version on a log file created with a version of Declude before version 1.50. The Inbound + Outbound + Unknown (if any) count will equal the total virus count. The report also now lists the number of e-mails logged with the Outlook Vulnerabilities These are counted separately and are not included in the total virus count. - Three sort options - Count produces a report with the viruses sorted by count Name produce a report with the viruses listed by name. Count&Name includes a list by count and list by name on the same report. ** NOTE ** You must be running Declude Virus 1.50 for the Inbound and Outbound logging to report. Our many thanks to Scott and those at Computerized Horizons for adding this indicator to the log file. ************************************************ NEW for VERSION 3.0.0 ************************** - Auto run feature - This program can be run in a Scheduling capacity at predetermined times. Checking the Auto run checkbox will show the Auto run controls. The following will need to be set: - Hour, Minute, and AM/PM This is the time that the program will perform its report function. - The Drive and Directory in which the Log files are contained. - The "Wildcarded" file name on which to be reported. The file name should be created in the following form: *. For example, if your Log files are in the form VirLogMMDD.log (where MM=2-digit month, DD=2-digit day), then entering virlog*.log will search for the second-most recent file matching this name pattern. The second-most recent file is used by design to ensure that this program does not try to use a currently open file that is being written to. NOTE: The file name pattern is case-insensitive and the asterisk is optional but helps improve readability. - Email results The resulting report will be emailed to the specified email address through the specified SMTP server. Both must be valid and transport through the SMTP server must be allowed. By default, the report is deleted after emailing to ensure drive space is not consumed. This can be overridden by selecting the "Save Report File" checkbox. The report will be saved in the program's directory in the form of VLA_MMDDYYY.txt (where MM=2-digit month, DD=2-digit day, YYYY=4-digit year). - After enabling the Auto run feature, the program can be minimized. To enable, click the "Start" button. To disable, click the "Stop" button. ************************************************* VERSION 3.0.1 *********************************** - Upgrade for Visual Interface on XP systems - Modification of Output procedure to check for no Virus names detected *************************************************