Declude Virus Log File Analyzer
Declude Virus and Jukmail Mail Archive Links: Declude Virus
Declude Junk Mail
This program is freeware and has no association with
Declude (Computerized Horizons) or IPSwitch. It is provided as is without any warranty,
liability or official support. Questions may be asked on the Declude Virus Mailing List
and we will try and answer back as quick as soon as possible.
We have used many free utilities provided by others many times. Providing this program is our way his our way of saying thanks for all the nifty utilities we have made use of.
There are two files located here. The first is the program exe file. This is for those that may have VB already on their system or have previously run the install program. The second is the complete install program. This was created with Microsoft's VB setup program so it may generate messages saying it is replacing files. Some, understandably, may be uncomfortable with this. To date we have not encountered problems with Microsoft's set up program. If you are uncomfortable with this you may wish to install the program on a test workstation first.
This program was designed to be run from a workstation, not the IMail server, that has access to the Declude Virus Log files.
Current Version
3.0.1
Special Note: While this is in the readme file it is often missed.
You must have the log level set to MID ( LOGLEVEL MID ) in the Declude
virus.cfg file for the log file to contain the information needed by the Virus Log File
Analyzer.
For those that have already installed the program or have VB on their systems here is the
program exe only and read me file
http://www.csonline.net/imailstuff/VirusLogAnalyzer301.exe
http://www.csonline.net/imailstuff/readme.txt
For those that may need the complete install
download and run the setup for version 2.2.2. This will install the necessary VB
runtime files on your system. Then download the version 3.0.1 exe file and copy
it to the directory selected during the version 2.2.2 setup and create a short
cur to the new version 3.0.1 exe file.
http://www.csonline.net/imailstuff/VirusLogAnalyzer222_Setup.zip
Viruslog Analyzer 3.0.1
(requires Declude Virus 1.66 or higher for IP
reporting)
Minor changes to better indicate the
status of some error messages
Viruslog Analyzer 3.0
(requires Declude Virus 1.66 or higher for IP
reporting)
Fixes to report header and cosmetic issues
Viruslog Analyzer 3.0beta (requires Declude Virus 1.66 or higher for IP reporting)
This new version adds two items:
1) Reporting of viruses by sending IP address is now included in
the virus report.
2) The ability to schedule the virus report to run at a
set time. The program must be running or minimized as this is not
command line yet - Sorry
http://www.csonline.net/imailstuff/VirusLogAnalyzer30beta.exe
NOTE: This is the "exe" only. It you have not
previously installed the virus analyzer or do not have vb you may need to download and
install the version 2.22 setup then download the beta 30 exe file in to the same
directory.
The program operates the same as the prior version however
you will see 3 new check boxes. They are listed at this time as:
"Do IP Detail" Checking
this box will change the IP tally in the report from just a count of viruses from an
IP address to
include the "from:" information for each email from the ip address the
virus are from an IP.
See the Exclude list below to exclude forging viruses.
"Exclude List" This
provides the ability for each admin to exclude any virus names from the IP tally. This is
so forging
viruses can be excluded as the "from:" email information is of little use. Using
this feature will not affect the
first part of the report for the virus count by name. Since each virus scanner may use a
different name this
will allow for adjustment by virus scanner reporting.
The exclude list can be created by going to "File" and selecting "Virus
Exclude List"
"Auto Run"
This feature will allow your to schedule the
report to run at a set time and emai the report to an address.
Autorun create at a report file and email a report to the email address configured.
Important Special Autorun Notes:
At this time for the * wild card feature it assumes for its search that the
virus log file to be scanned
has been copied out of the virus directory on the Imail Server If run on the
virus directory on the Imail
server the wild card feature will pick up the current daily log file that is constantly
updated and not
the previous days log file. The ability to deal with the archived log files
being in the same directory
as the current updating log is being worked on.
At this time for testing reasons the report is hardcoded to "VLA_mmddyyyy.txt"
and saved in the
same directory as the virus log analyzer exe file. We plan to make this configurable.
We also we know there is an issue with the the formatting email headers which will trigger
probably
the helobogus and badheaders test. So you may need to adjust your settings accordingly if
trying
this portion of the test.
The formatting of the e-mail message is not right when received in OE and we are working
on this.
How to set up Autorun:
When this box is checked it will expand to include the auto run settings. There are 4 part
to the settings
(Be sure the program is set to run after the completion and movement of the previous
days virus log file)
1) The time to run is set under "Run Time" at the top by selecting the time in
the boxes
2) The directory where the log files are located is selected under "Source
Directory"
3) The log file name to use can be specific "logfile.txt" or you may use
*.extension.
When using *.extension the program will search for the newest logfile matching the wild
card for the
extension used. If using this directly on the log files saved on the Imail server we know
this may not
use the previous days log file as intended and we are working on changing this.
4) Checking the email box and entering your email settings.
We are working on correcting the header and OTHER auto
run issues issues however some internal projects may delay this.
Because others have asked for the IP reporting we decided to put this beta version
up so the IP reporting at feature can be used by those that would like it.
NOTE:
A new setup program which includes version 2.22 will be up shortly. For those that
need the install.
Simply run the version 1.2 setup and the download the version 2.22 exe. Copy it
into the director and adjust the properties for the short cut to reference
VirusLogAnalyzer22.exe
New in Version 2.22
Fix - Corrected and issue where a space in the directory path
when creating new output file would not allow the file to be created.
New in Version 2.21
The addition of Inbound and Outbound virus counts on the
report for each virus.
New in Version 2.2
The report will now indicate the number of inbound and outbound viruses
You must be running Declude Virus 1.50 for the log
files to have the needed indicator
The count of Virus lines that do
not have the Inbound or Outbound indicator will be listed as unknown.
You would normally get this if you ran version 2.2 against a
virus log file created before Declude version 1.50 since these log
files did not include the indicator.
The count of Virus lines that do not have the
Inbound or Outbound indicator will be listed as unknown. You would
normally get this if you ran version 2.2 against a virus log file
created before Declude version 1.50 since they did not
include the indicator.
Thanks to Scott and everyone at
Computerized Horizons for adding an indicator in the log file
Hopefully your number of inbound viruses caught will greatly
exceed those caught going outbound :)
The Outlook vulnerabilities caught are now reported in a
separate listing. This is a single total for both vulnerabilities.
These are not counted in the total virus count
Three report sort options exist.
Count produces a report with the viruses sorted by count
Name produce a report with the viruses listed by name.
Count&Name includes a list by count and by name on the same
report.
Declude Virus and Jukmail Mail Archive Links: Declude Virus
Declude
Junk Mail
Declude Virus
http://www.mail-archive.com/declude.virus%40declude.com/
Declude Junk Mail
http://www.mail-archive.com/declude.junkmail%40declude.com/