########################################################################## # $Id: mailscanner,v 1.38 2009/11/16 17:37:22 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Mike Tremaine # # Sophos Support and other improvments by Mark W. Nienberg # MailScan_Spam_Act contributed by Kev Green # # Some more clean up rules based on extensive use of some MailScanner # settings and F-Prot and ClamAV as dual scanners by Hugo van der Kooij # # More F-Prot code from John Wilcock # ######################################################## ##################################################### ## Copyright (c) 2008 Mike Tremaine ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@logwatch.org. ######################################################### my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; my $phishing_detail = $ENV{'mailscanner_phishing_detail'} || 0; my $mailscanner_phishingthreshold = $ENV{'mailscanner_phishingthreshold'} || 0; #Inits my $MailScan_bytes = 0; my $MailScan_Content = 0; my $MailScan_Delivered = 0; my $MailScan_Other = 0; my $MailScan_RBL = 0; my $MailScan_Received = 0; my $MailScan_Spam = 0; my $MailScan_Unscanned = 0; my $MailScan_Virus = 0; my $SA_timeout = 0; my $MailScan_ScannerTimeout = 0; my $MailScan_GoodWatermark = 0; my $MailScan_BadWatermark = 0; my $MailScan_SkipWatermark = 0; my $SpamAssassin_Rule_Actions = 0; my $MailScan_Deleted_pdb = 0; my $MailScan_Found_pdb = 0; my $MailScan_Spam_Virus = 0; while (defined($ThisLine = )) { #($QueueID) = ($ThisLine =~ m/^([a-zA-Z0-9]+): / ); $ThisLine =~ s/^[a-zA-Z0-9]+: //; if ( ( $ThisLine =~ m/^Saved infected/ ) or ( $ThisLine =~ m/^Expanding TNEF archive/ ) or #TNEF Noise remove for now. IF anyone wants this counted just speak up -mgt ( $ThisLine =~ m/has had TNEF winmail.dat removed/ ) or ( $ThisLine =~ m/added TNEF contents/ ) or ( $ThisLine =~ m/^Warned about/ ) or ( $ThisLine =~ m/^Sender Warnings:/ ) or ( $ThisLine =~ m/X-Spam/ ) or ( $ThisLine =~ m/Using locktype = (flock|posix)/ ) or ( $ThisLine =~ m/Creating hardcoded struct_flock subroutine for / ) or ( $ThisLine =~ m/New Batch: Found/ ) or ( $ThisLine =~ m/Attempting to disinfect/ ) or ( $ThisLine =~ m/Rescan found/ ) or ( $ThisLine =~ m/Virus Re-scanning:/ ) or ( $ThisLine =~ m/Content Checks: Fixed awkward MIME boundary for Cyrus IMAP/ ) or ( $ThisLine =~ m/Delete bayes lockfile/ ) or ( $ThisLine =~ m/MailScanner E-Mail Virus Scanner version/ ) or ( $ThisLine =~ m/MailScanner child dying of old age/ ) or ( $ThisLine =~ m/MailScanner child caught a SIGHUP/ ) or ( $ThisLine =~ m/Virus and Content Scanning/ ) or ( $ThisLine =~ m/Virus Scanning: [\w]+ found/ ) or ( $ThisLine =~ m/Virus Scanning: ClamAV Module found [\d]+ infections/ ) or ( $ThisLine =~ m/^ClamAV virus database has been updated/ ) or ( $ThisLine =~ m/^ClamAV update of/ ) or ( $ThisLine =~ m/^ClamAV scanner using unrar command / ) or ( $ThisLine =~ m/Saved entire message to/ ) or ( $ThisLine =~ m/Spam Checks: Starting/ ) or ( $ThisLine =~ m/SophosSAVI .+ recognizing [0-9]+ viruses/ ) or ( $ThisLine =~ m/SophosSAVI using [0-9]+ IDE files/ ) or ( $ThisLine =~ m/Sophos SAVI library has been updated/ ) or ( $ThisLine =~ m/Sophos.*update.* detected, resetting SAVI/ ) or #( $ThisLine =~ m/RBL checks: .+ found in RFC-IGNORANT-POSTMASTER/ ) or ( $ThisLine =~ m/F-Prot found/ ) or ( $ThisLine =~ m/SpamAssassin Bayes database rebuild starting|preparing|completed/ ) or ( $ThisLine =~ m/Rebuilding SpamAssassin Bayes database/ ) or ( $ThisLine =~ m/Skipping SpamAssassin while waiting for Bayes/ ) or ( $ThisLine =~ m/Enabling SpamAssassin auto-whitelist functionality/ ) or ( $ThisLine =~ m/Bayes database rebuild is due/ ) or ( $ThisLine =~ m/Content Checks: Detected and will convert|disarm HTML/ ) or ( $ThisLine =~ m/Content Checks: Detected and have disarmed HTML message/ ) or ( $ThisLine =~ m/Content Checks: Found [0-9]+ problems/ ) or ( $ThisLine =~ m/Read [0-9]+ hostnames from the phishing whitelist/ ) or ( $ThisLine =~ m/completed at [0-9]+ bytes per second/ ) or ( $ThisLine =~ m/Message .+ from .+ to .+ is/ ) or ( $ThisLine =~ m/^[A-F0-9]+\.[A-F0-9]{5} to/ ) or #for postfix Requeue: ( $ThisLine =~ m/^calling custom .* function/ ) or ( $ThisLine =~ m/^Initialising database connection/ ) or ( $ThisLine =~ m/^Finished initialising database connection/ ) or ( $ThisLine =~ m/^Disconnected from the database/ ) or ( $ThisLine =~ m/^ tag found in message/ ) or ( $ThisLine =~ m/^Viruses marked as silent:/ ) or ( $ThisLine =~ m/^Saved archive copies of/ ) or ( $ThisLine =~ m/^Logging message .+ to SQL/ ) or ( $ThisLine =~ m/^Started SQL Logging child/ ) or ( $ThisLine =~ m/^Starting up SQL Whitelist|Blacklist/ ) or ( $ThisLine =~ m/^Read .+ whitelist|blacklist entries/ ) or ( $ThisLine =~ m/^Closing down by-domain spam whitelist|blacklist/ ) or ( $ThisLine =~ m/^Connected to SpamAssassin cache database/ ) or ( $ThisLine =~ m/^Using SpamAssassin results cache/ ) or ( $ThisLine =~ m/^Expired .+ records from the SpamAssassin cache/ ) or ( $ThisLine =~ m/^Batch (\([0-9]+ messages?\) )?processed in .+ seconds/ ) or ( $ThisLine =~ m/^\"Always Looked Up Last\" took .+ seconds/ ) or ( $ThisLine =~ m/^MailScanner child dying after Bayes rebuild/ ) or ( $ThisLine =~ m/^Files hidden in very deeply nested archive/ ) or #IPBlocking -mgt ( $ThisLine =~ m/^Initialising IP blocking/ ) or ( $ThisLine =~ m/^Closing down IP blocking/ ) or ( $ThisLine =~ m/Whitelist refresh time reached/ ) or ( $ThisLine =~ m/Skipping sender of precedence list/ ) or ( $ThisLine =~ m/^Read \d+ IP blocking entries from/ ) or #This for Kaspersky I guess it is duplicated by Content checks, remove if not -mgt ( $ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+SUSPICION/ ) or # New processing database ( $ThisLine =~ m/Connected to [Pp]rocessing(?:-messages| Attempts) [Dd]atabase/ ) or ( $ThisLine =~ m/Found 0 messages in the [Pp]rocessing(?:-messages| Attempts) [Dd]atabase/ ) or ( $ThisLine =~ m/Reading configuration file/ ) or ( $ThisLine =~ m/^SpamAssassin temporary working directory is/ ) or ( $ThisLine =~ m/ignored whitelist, had .+ recipients/ ) ) { # We don't care about these } elsif ( $ThisLine =~ m/New Batch: Scanning ([0-9]+) messages, ([0-9]+) bytes/i) { $MailScan_Received = $MailScan_Received + $1; $MailScan_bytes = $MailScan_bytes + $2; } elsif ( $ThisLine =~ m/New Batch: Forwarding ([0-9]+) unscanned messages, ([0-9]+) bytes/i) { $MailScan_Received = $MailScan_Received + $1; $MailScan_Unscanned = $MailScan_Unscanned + $1; $MailScan_bytes = $MailScan_bytes + $2; } elsif ( $ThisLine =~ m/Delivered ([0-9]+)( cleaned)? messages/) { $MailScan_Delivered = $MailScan_Delivered + $1; } elsif ( $ThisLine =~ m/Spam Checks: Found ([0-9]+) spam messages/) { $MailScan_Spam = $MailScan_Spam + $1; } elsif ( $ThisLine =~ m/Virus Scanning: Found ([0-9]+) viruses/) { $MailScan_Virus = $MailScan_Virus + $1; } elsif ( $ThisLine =~ m/Found spam-virus (\S+) in/i) { $MailScan_Spam_Virus++; $Spam_Virus_Found{$1}++; } elsif ( $ThisLine =~ m/infected message .+ came from (.*)/i) { $MailScan_VirualHost = $MailScan_VirualHost + 1; $Hostlist{$1}++; } elsif ( $ThisLine =~ m/Other Checks: Found ([0-9]+) problems/) { $MailScan_Other = $MailScan_Other + $1; } elsif ($ThisLine =~ m/Contains signature of the worm (.+)/) { $VirusType_Antivir{$1}++; $MailScan_Virus_Antivir++; } elsif ($ThisLine =~ m/:infected: (.+)/i) { #without the leading : this would match Fprot so error on the side of matching to much -mgt $VirusType_BitDefender{$1}++; $MailScan_Virus_BitDefender++; } elsif ( ($ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+: ([\w\_\-\.\/]+) FOUND/i) or ($ThisLine =~ m/Clamd::INFECTED:: (\S+) ::/i) ) { $VirusType_ClamAv{$1}++; $MailScan_Virus_ClamAv++; } elsif ($ThisLine =~ m/ClamAVModule::INFECTED:: (.+)::/) { $VirusType_ClamAVModule{$1}++; $MailScan_Virus_ClamAVModule++; } elsif ($ThisLine =~ m/INFECTED:: (.+) (FOUND )?::/) { $VirusType_Clamd{$1}++; $MailScan_Virus_Clamd++; } elsif ($ThisLine =~ m/\/.+ Infection: (.+)/i) { $VirusType_Fprot{$1}++; $MailScan_Virus_Fprot++; } elsif ($ThisLine =~ m/\/.+ is a security risk named (.+)/i) { $VirusType_Fprot{$1}++; $MailScan_Virus_Fprot++; } elsif ($ThisLine =~ m/\/.+ is a dropper for (.+)/i) { $VirusType_Fprot{$1}++; $MailScan_Virus_Fprot++; } elsif ($ThisLine =~ m/\/.+ contains (.+)/i) { $VirusType_Fprot{$1}++; $MailScan_Virus_Fprot++; } elsif ($ThisLine =~ m/\/.+ could be/i) { $MailScan_Virus_Fprot++; } elsif ($ThisLine =~ m/Found the (.+) virus !!!/) { $VirusType_McAfee{$1}++; $MailScan_Virus_McAfee++; } elsif ($ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+INFECTED\s+([\w\_\-\.\/]+)/i) { $VirusType_Kaspersky{$1}++; $MailScan_Virus_Kaspersky++; } elsif ($ThisLine =~ m/infected:\s+([\w\_\-\.\/]+)\^M/i) { $VirusType_Kaspersky{$1}++; $MailScan_Virus_Kaspersky++; } elsif ($ThisLine =~ m/>>> Virus \'(.+)\' found/) { $VirusType_Sophos{$1}++; $MailScan_Virus_Sophos++; } elsif ($ThisLine =~ m/SophosSAVI::INFECTED:: (.+)::/) { $VirusType_SophosSavi{$1}++; $MailScan_Virus_SophosSavi++; } elsif ($ThisLine =~ m/Commercial scanner (.+) timed out!/){ $VirusScannerTimeout{$1}++; $MailScan_ScannerTimeout++; } elsif ($ThisLine =~ m/Content Checks: Detected and have disarmed (.+) in HTML message in [\w]+/i) { $ContentType{$1}++; $MailScan_Content++; } elsif ($ThisLine =~ m/Content Checks: Detected (.+) in [\w]+/i) { $ContentType{$1}++; $MailScan_Content++; } elsif ($ThisLine =~ m/Filename Checks: Allowing (.+)/i) { if ($ThisLine =~ m/Allowing.*msg\-[0-9]*\-[0-9]*\.[txt|dat|html]/) { # we don't care about these, regular messages } else { #filter sendmail or postfix tag and "(no rule matched)" my $temp_fc = $1; $temp_fc =~ s/[a-z0-9]{14}\s//i; $temp_fc =~ s/[a-z0-9]{9,12}\.[a-z0-9]{5}\s//i; $temp_fc =~ s/\(no rule matched\)//i; $FilenameAllow{$temp_fc}++; $MailScan_FilenameAllow++; } } elsif ($ThisLine =~ m/Filename Checks: (.+)/i) { #filter sendmail or postfix tag my $temp_fc = lc($1); $temp_fc =~ s/\([a-z0-9]{14}\s/\(/i; $temp_fc =~ s/\([a-z0-9]{9,12}\.[a-z0-9]{5}\s/\(/i; $temp_fc =~ s/\s{10,}/ -space- /; $FilenameType{$temp_fc}++; $MailScan_FilenameBanned++; } elsif ($ThisLine =~ m/Filetype Checks: Allowing (.+)/i) { if ($ThisLine =~ m/Allowing.*msg\-[0-9]*\-[0-9]*\.[txt|dat|html]/) { # we don't care about these, regular messages } else { #filter sendmail or postfix tag and "(no match found)" my $temp_fc = $1; $temp_fc =~ s/[a-z0-9]{14}\s//i; $temp_fc =~ s/[a-z0-9]{9,12}\.[a-z0-9]{5}\s//i; $temp_fc =~ s/\(no match found\)//i; $FiletypeAllow{$temp_fc}++; $MailScan_FiletypeAllow++; } } elsif ($ThisLine =~ m/Filetype Checks: (.+)/i) { #filter sendmail or postfix tag my $temp_fc = lc($1); $temp_fc =~ s/\([a-z0-9]{14}\s/\(/i; $temp_fc =~ s/\([a-z0-9]{9,12}\.[a-z0-9]{5}\s/\(/i; $temp_fc =~ s/\s{10,}/ -space- /; $FiletypeType{$temp_fc}++; $MailScan_FiletypeBanned++; } elsif ($ThisLine =~ m/(Password\-protected archive \(.+\)) in \w+/i) { $MailScan_Other = $MailScan_Other + 1; $FilenameType{$1}++; $MailScan_FilenameBanned++; } elsif ($ThisLine =~ /Spam Actions: .+ actions are (.*)/) { $MailScan_Spam_Act{$1}++; } elsif ($ThisLine =~ /SpamAssassin timed out and was killed/) { $SA_timeout++; } elsif ( $ThisLine =~ m/Message .+ from (.+ \(.+\)) is whitelisted/ ) { $MailScan_Whitelisted++; $Whitelisted_Host{$1}++; } elsif ( $ThisLine =~ m/Message .+ from (.+ \(.+\)) to .+ is spam \(blacklisted\)/ ) { $MailScan_Blacklisted++; $Blacklisted_Host{$1}++; } elsif ($ThisLine =~ m/^Found phishing fraud from (.+) claiming to be (.+) in (.+)/) { $MailScan_Phishing++; #Detailed phishing output set in mailscanner.conf #With variable mailscanner_phishing_detail = 1 if ($phishing_detail) { $PhishingSourceDest{"$1 claiming to be $2 in $3"}++; } else { $PhishingSourceDest{"$1 claiming to be $2"}++; } my $temp_ph = $1; if ($temp_ph =~ m/^https?:\/\/([^\/\? ]+)/i) { $PhishingSource{$1}++; } else { $PhishingSource{$temp_ph}++; } } elsif ($ThisLine =~ m/^Found ip-based phishing fraud from (.+) in/) { $MailScan_Phishing++; my $temp_ph = $1; if ($temp_ph =~ m/^https?:\/\/([\d\.]+)/i) { $PhishingSource{$1}++; } else { $PhishingSource{$temp_ph}++; } $PhishingSource{$1}++; } elsif ($ThisLine =~ m/^Found definite phishing fraud from (.+) in/) { $MailScan_Phishing++; my $temp_ph = $1; if ($temp_ph =~ m/^https?:\/\/([^\/\? ]+)/i) { $PhishingSource{$1}++; } else { $PhishingSource{$temp_ph}++; } } elsif ($ThisLine =~ m/^HTML-Form tag found in message .+ from (.+)/) { $MailScan_FormTag++; $FormTagSource{$1}++; } elsif ($ThisLine =~ m/^HTML-Script tag found in message .+ from (.+)/) { $MailScan_ScriptTag++; $ScriptTagSource{$1}++; } elsif ($ThisLine =~ m/^HTML-IFrame tag found in message .+ from (.+)/) { $MailScan_IframeTag++; $IframeTagSource{$1}++; } elsif ($ThisLine =~ m/^HTML-Object tag found in message .+ from (.+)/) { $MailScan_ObjectTag++; $ObjectTagSource{$1}++; } elsif ($ThisLine =~ m/^HTML Img tag found in message .+ from (.+)/) { $MailScan_ImgTag++; $ImgTagSource{$1}++; } elsif ($ThisLine =~ m/Logged to MailWatch SQL/) { $MailWatchSQL++; } elsif ($ThisLine =~ m/Quarantining modified message for/) { $DisarmedQuarantined++; } elsif ($ThisLine =~ m/SpamAssassin cache hit for message/) { $SACacheHit++; } elsif ($ThisLine =~ m/RBL checks: .+ found in (.+)/i) { $RBLType{$1}++; $MailScan_RBL++; } elsif ($ThisLine =~ m/Valid Watermark HASH found in Message/) { $MailScan_Skipwatermark++; } elsif ($ThisLine =~ m/Message .+ from .+ has valid watermark/) { $MailScan_GoodWatermark++; } elsif ( ($ThisLine =~ m/Message .+ had bad watermark/) || ($ThisLine =~ m/Message .+ from .+ has no \(or invalid\) watermark or sender address/) ) { $MailScan_BadWatermark++; } elsif ($ThisLine =~ m/SpamAssassin Rule Actions: rule ([^ ]*) caused action ([^ ]*) .*in message ([0-9a-f.]*)/i) { $SpamAssassin_Rule_Actions++; $SpamAssassin_Rule{$1}++; $SpamAssassin_Action{$2}++; $SpamAssassin_Message{$3}++; } elsif ($ThisLine =~ m/Deleted (\d+) messages from processing-database/) { $MailScan_Deleted_pdb += $1; } elsif ($ThisLine =~ m/Found (\d+) messages in the [Pp]rocessing(?:-messages| Attempts) [Dd]atabase/) { $MailScan_Found_pdb += $1; } else { chomp($ThisLine); # Report any unmatched entries... $OtherList{$ThisLine}++; } } if ($MailScan_Received > 0) { print "\nMailScanner Status:"; print "\n\t" . $MailScan_Received . ' messages Scanned by MailScanner'; my $size_total = 1 ; if ($MailScan_bytes < 1024) { $size_total = $MailScan_bytes . ' Total Bytes'; } elsif ($MailScan_bytes < 1048576) { $size_total = sprintf("%.1f", ($MailScan_bytes / 1024)) . ' Total KB'; } else { $size_total = sprintf("%.1f", ($MailScan_bytes / 1048576)) . ' Total MB'; } print "\n\t" . $size_total ; } if ($MailScan_Spam > 0) { print "\n\t" . $MailScan_Spam . ' Spam messages detected by MailScanner'; } if (keys %MailScan_Spam_Act) { foreach $ThisOne (sort keys %MailScan_Spam_Act) { if ($MailScan_Spam_Act{$ThisOne} > 0) { print "\n\t\t" . $MailScan_Spam_Act{$ThisOne} . ' Spam messages with action(s) ' .$ThisOne ; } } } if ($SACacheHit > 0) { print "\n\t\t" . $SACacheHit . ' hits from MailScanner SpamAssassin cache'; } #if ($MailScan_Spam_Virus > 0) { # print "\n\t" . $MailScan_Spam_Virus . ' Spam messages detected by Virus signatures'; #} if ($MailScan_Unscanned > 0) { print "\n\t" . $MailScan_Unscanned . ' Messages forwarded unscanned by MailScanner'; } if ($MailScan_Virus > 0) { print "\n\t" . $MailScan_Virus . ' Viruses found by MailScanner'; } if ($MailScan_Other > 0) { print "\n\t" . $MailScan_Other . ' Banned attachments found by MailScanner'; } if ($MailScan_Content > 0) { print "\n\t" . $MailScan_Content . ' Content Problems found by MailScanner'; } if ($MailScan_Deleted_pdb > 0) { print "\n\t" . $MailScan_Deleted_pdb . " Messages deleted from processing-database"; } if ($MailScan_Found_pdb > 0) { print "\n\t" . $MailScan_Found_pdb . " Messages found in processing-database"; } if ($MailScan_Delivered > 0) { print "\n\t" . $MailScan_Delivered . " Messages delivered by MailScanner\n"; } if ($MailWatchSQL > 0) { print "\n\t" . $MailWatchSQL . " Messages logged to MailWatch database\n"; } if ($SA_timeout > 0) { print "\n\t" . $SA_timeout . " SpamAssassin timeout(s)\n"; } if (keys %VirusScannerTimeout) { print "\n\t" . $MailScan_ScannerTimeout . " virus scanner timeout(s)\n"; foreach $ThisOne (sort keys %VirusScannerTimeout) { print "\t " . $ThisOne . ": " . $VirusScannerTimeout{$ThisOne} . " Time(s)\n"; } } if (keys %VirusType_Antivir) { print "\nAntivir Virus Report: (Total Seen = $MailScan_Virus_Antivir)\n"; foreach $ThisOne (sort keys %VirusType_Antivir) { print ' ' . $ThisOne . ': ' . $VirusType_Antivir{$ThisOne} . " Times(s)\n"; } } if (keys %VirusType_BitDefender) { print "\nBitDefender Virus Report: (Total Seen = $MailScan_Virus_BitDefender)\n"; foreach $ThisOne (sort keys %VirusType_BitDefender) { print ' ' . $ThisOne . ': ' . $VirusType_BitDefender{$ThisOne} . " Times(s)\n"; } } if (keys %VirusType_ClamAv) { print "\nClamAV Virus Report: (Total Seen = $MailScan_Virus_ClamAv)\n"; foreach $ThisOne (sort keys %VirusType_ClamAv) { print ' ' . $ThisOne . ': ' . $VirusType_ClamAv{$ThisOne} . " Time(s)\n"; } } if (keys %VirusType_ClamAVModule) { print "\nClamAVModule Virus Report: (Total Seen = $MailScan_Virus_ClamAVModule)\n"; foreach $ThisOne (sort keys %VirusType_ClamAVModule) { print ' ' . $ThisOne . ': ' . $VirusType_ClamAVModule{$ThisOne} . " Time(s)\n"; } } if (keys %VirusType_Clamd) { print "\nClamd Virus Report: (Total Seen = $MailScan_Virus_Clamd)\n"; foreach $ThisOne (sort keys %VirusType_Clamd) { print ' ' . $ThisOne . ': ' . $VirusType_Clamd{$ThisOne} . " Time(s)\n"; } } if (keys %VirusType_Fprot) { print "\nF-Prot Virus Report: (Total Seen = $MailScan_Virus_Fprot)\n"; foreach $ThisOne (sort keys %VirusType_Fprot) { print ' ' . $ThisOne . ': ' . $VirusType_Fprot{$ThisOne} . " Time(s)\n"; } } if (keys %VirusType_Kaspersky) { print "\nKaspersky Virus Report: (Total Seen = $MailScan_Virus_Kaspersky)\n"; foreach $ThisOne (sort keys %VirusType_Kaspersky) { print ' ' . $ThisOne . ': ' . $VirusType_Kaspersky{$ThisOne} . " Time(s)\n"; } } if (keys %VirusType_McAfee) { print "\nMcAfee Virus Report: (Total Seen = $MailScan_Virus_McAfee)\n"; foreach $ThisOne (sort keys %VirusType_McAfee) { print ' ' . $ThisOne . ': ' . $VirusType_McAfee{$ThisOne} . " Time(s)\n"; } } if (keys %VirusType_Sophos) { print "\nSophos Virus Report: (Total Seen = $MailScan_Virus_Sophos)\n"; foreach $ThisOne (sort keys %VirusType_Sophos) { print ' ' . $ThisOne . ': ' . $VirusType_Sophos{$ThisOne} . " Time(s)\n"; } } if (keys %VirusType_SophosSavi) { print "\nSophosSavi Virus Report: (Total Seen = $MailScan_Virus_SophosSavi)\n"; foreach $ThisOne (sort keys %VirusType_SophosSavi) { print ' ' . $ThisOne . ': ' . $VirusType_SophosSavi{$ThisOne} . " Time(s)\n"; } } if (keys %Spam_Virus_Found) { print "\nSpam Virus Report: (Total Seen = $MailScan_Spam_Virus)\n"; foreach $ThisOne (sort keys %Spam_Virus_Found) { print ' ' . $ThisOne . ': ' . $Spam_Virus_Found{$ThisOne} . " Time(s)\n"; } } if (keys %Hostlist) { print "\nVirus Sender Report: (Total Seen = $MailScan_VirualHost)\n"; foreach $ThisOne (sort keys %Hostlist) { print ' ' . $ThisOne . ': ' . $Hostlist{$ThisOne} . " Time(s)\n"; } } if (keys %Whitelisted_Host) { print "\nSpam Whitelisted Host Report: (Total Seen = $MailScan_Whitelisted)\n"; foreach $ThisOne (sort keys %Whitelisted_Host) { print ' ' . $ThisOne . ': ' . $Whitelisted_Host{$ThisOne} . " Time(s)\n"; } } if (keys %Blacklisted_Host) { print "\nSpam Blacklisted Host Report: (Total Seen = $MailScan_Blacklisted)\n"; foreach $ThisOne (sort keys %Blacklisted_Host) { print ' ' . $ThisOne . ': ' . $Blacklisted_Host{$ThisOne} . " Time(s)\n"; } } if (keys %RBLType) { print "\nRBL Report: (Total Seen = $MailScan_RBL)\n"; foreach $ThisOne (sort keys %RBLType) { print ' ' . $ThisOne . ': ' . $RBLType{$ThisOne} . " Time(s)\n"; } } if (keys %ContentType) { print "\nContent Report: (Total Seen = $MailScan_Content)"; if ($DisarmedQuarantined > 0) { print " (Quarantined = $DisarmedQuarantined)"; } print "\n"; foreach $ThisOne (sort keys %ContentType) { print ' ' . $ThisOne . ': ' . $ContentType{$ThisOne} . " Time(s)\n"; } } if (keys %FilenameAllow) { print "\nAllowed Filename Report: (Total Seen = $MailScan_FilenameAllow)\n"; if ($Detail >= 10) { foreach $ThisOne (sort keys %FilenameAllow) { print ' ' . $ThisOne . ': ' . $FilenameAllow{$ThisOne} . " Time(s)\n"; } } else { print ' ' . "Details Suppressed at level $Detail. Level 10 required.\n"; } } if (keys %FilenameType) { print "\nBanned Filename Report: (Total Seen = $MailScan_FilenameBanned)\n"; foreach $ThisOne (sort keys %FilenameType) { print ' ' . $ThisOne . ': ' . $FilenameType{$ThisOne} . " Time(s)\n"; } } if (keys %FiletypeAllow) { print "\nAllowed Filetype Report: (Total Seen = $MailScan_FiletypeAllow)\n"; if ($Detail >= 10) { foreach $ThisOne (sort keys %FiletypeAllow) { print ' ' . $ThisOne . ': ' . $FiletypeAllow{$ThisOne} . " Time(s)\n"; } } else { print ' ' . "Details Suppressed at level $Detail. Level 10 required.\n"; } } if (keys %FiletypeType) { print "\nBanned Filetype Report: (Total Seen = $MailScan_FiletypeBanned)\n"; foreach $ThisOne (sort keys %FiletypeType) { print ' ' . $ThisOne . ': ' . $FiletypeType{$ThisOne} . " Time(s)\n"; } } if ( (keys %PhishingSource) && ($mailscanner_phishingthreshold > 0) ) { print "\nPhishing Report: (Total Seen = $MailScan_Phishing)\n"; foreach $ThisOne (sort keys %PhishingSource) { if ( $PhishingSource{$ThisOne} >= $mailscanner_phishingthreshold ) { print ' ' . $ThisOne . ': ' . $PhishingSource{$ThisOne} . " Time(s)\n"; } }; if ($Detail >= 10) { print "\n Detail:\n"; foreach $ThisOne (sort keys %PhishingSourceDest) { if ( $PhishingSourceDest{$ThisOne} >= $mailscanner_phishingthreshold ) { print ' ' . $ThisOne . ': ' . $PhishingSourceDest{$ThisOne} . " Time(s)\n"; } } } } if (keys %FormTagSource) { print "\nHTML
tag report: (Total Seen = $MailScan_FormTag)\n"; foreach $ThisOne (sort keys %FormTagSource) { print ' ' . $ThisOne . ': ' . $FormTagSource{$ThisOne} . " Time(s)\n"; } } if (keys %ScriptTagSource) { print "\nHTML