mailscanner converter - syntax errors

Mikael Kermorgant mikael.kermorgant at paris.iufm.fr
Thu Sep 22 11:24:23 CEST 2005 

Wytze van der Raay wrote:

> Hi Mikael,
> 
> 
> Interesting ... it looks like the mailing list archival software or
> display logic has corrupted the script: everywhere where there was
> an "@" (at sign) in the original script, it has been replaced by "(a)".
> Perl doesn't like that :-)
> 
> You can fix your copy of the script by making the reverse substitution:
> 	s/(a)/@/g
> For additional help, I've attached a fresh copy of the script to this
> e-mail (but I don't know what its fate will be after mailing list
> handling ...).
> 
> Regards,
> Wytze van der Raay

Thanks Wytze !
Alas, the converter is recognized but it does not generate any output.

I can live without it but if it interests somebody, here's some output 
of the lr_log2report process:
----------------------------------------------------------------------
# cat /logs/mail.log | su - lire -c "lr_log2report -o html mailscanner - 
mailscanner"
Parsing log file using mailscanner DLF Converter...
all all UNSET lr_log2report info Lire::Syslog: log seems from BSD syslog 
daemon
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 3991.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 14870.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 52093.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 56767.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 76234.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 80963.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 84910.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 90032.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 100948.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 108422.
lr_log2report: WARNING Use of uninitialized value in numeric gt (>) at 
(eval 156) line 211, <$fh> line 108455.
Extracted 6620 DLF records on 0 lines.
Encountered 0 errors and ignored 0 lines.
Running analysers...
Generating XML report...
Formatting report as html in mailscanner...
----------------------------------------------------------------------

For info, here's the log format of MailScanner

----------------------------------------------------------------------
Sep 20 00:00:11 host MailScanner[18437]: New Batch: Found 2 messages waiting
Sep 20 00:00:11 host MailScanner[18437]: New Batch: Scanning 1 messages, 
4726 bytes
Sep 20 00:00:12 host MailScanner[18412]: Requeue: C12771E4013.59ED6 to 
960501E401C
Sep 20 00:00:12 host MailScanner[18412]: Uninfected: Delivered 1 messages
Sep 20 00:00:12 host MailScanner[18412]: Logging message 
C12771E4013.59ED6 to SQL
Sep 20 00:00:17 host MailScanner[18437]: Virus and Content Scanning: 
Starting
Sep 20 00:00:19 host MailScanner[18437]: Requeue: 2DB801E4019.B764E to 
06D6B1E401C
Sep 20 00:00:19 host MailScanner[18437]: Uninfected: Delivered 1 messages
Sep 20 00:00:19 host MailScanner[18437]: Logging message 
2DB801E4019.B764E to SQL

Sep 20 00:00:24 host MailScanner[18412]: New Batch: Scanning 1 messages, 
1684 bytes
Sep 20 00:00:30 host MailScanner[18412]: Spam Checks: Found 1 spam messages
Sep 20 00:00:30 host MailScanner[18412]: Virus and Content Scanning: 
Starting
Sep 20 00:00:32 host MailScanner[18412]: Logging message 
3AB021E4013.389E6 to SQL

Sep 20 02:01:21 host MailScanner[13115]: New Batch: Scanning 1 messages, 
42930 bytes
Sep 20 02:01:23 host MailScanner[13068]: Spam Checks: Found 1 spam messages
Sep 20 02:01:23 host MailScanner[13068]: Virus and Content Scanning: 
Starting
Sep 20 02:01:24 host MailScanner[13068]: Logging message 
BD2D91E401C.6EEB1 to SQL
Sep 20 02:01:27 host MailScanner[13115]: Spam Checks: Found 1 spam messages
Sep 20 02:01:28 host MailScanner[13115]: Virus and Content Scanning: 
Starting
Sep 20 02:01:28 host MailScanner[13115]: 
/var/spool/MailScanner/incoming/13115/./3EC051E4019.26903/msg-13115-150.html: 
Exploit.HTML.IFrame FOUND
Sep 20 02:01:28 host MailScanner[13115]: 
/var/spool/MailScanner/incoming/13115/./3EC051E4019.26903/message.scr: 
Worm.SomeFool.P FOUND
Sep 20 02:01:28 host MailScanner[13115]: Virus Scanning: ClamAV found 2 
infections
Sep 20 02:01:29 host MailScanner[13115]: Infected message 
3EC051E4019.26903 came from 83.157.135.49
Sep 20 02:01:29 host MailScanner[13115]: Filename Checks: Possible virus 
hidden in a screensaver (3EC051E4019.26903 message.scr)
Sep 20 02:01:29 host MailScanner[13115]: Other Checks: Found 1 problems
Sep 20 02:01:29 host MailScanner[13115]: Logging message 
3EC051E4019.26903 to SQL

Sep 20 08:04:52 host MailScanner[24734]: New Batch: Scanning 2 messages, 
48156 bytes
Sep 20 08:04:59 host MailScanner[24734]: Spam Checks: Found 1 spam messages
Sep 20 08:04:59 host MailScanner[24734]: Virus and Content Scanning: 
Starting
Sep 20 08:05:00 host MailScanner[24734]: 
/var/spool/MailScanner/incoming/24734/./1D48E1E401F.8F50E/id04009_hapentrat.zip: 
Worm.SomeFool.P FOUND
Sep 20 08:05:00 host MailScanner[24734]: 
/var/spool/MailScanner/incoming/24734/./1D48E1E401F.8F50E/data.rtf 
.scr: Worm.SomeFool.P FOUND
Sep 20 08:05:00 host MailScanner[24734]: Virus Scanning: ClamAV found 2 
infections
Sep 20 08:05:00 host MailScanner[24734]: Infected message 
1D48E1E401F.8F50E came from 82.233.236.170
Sep 20 08:05:00 host MailScanner[24734]: Filename Checks: Possible virus 
hidden in a screensaver (1D48E1E401F.8F50E data.rtf
                                              .scr)
Sep 20 08:05:00 host MailScanner[24734]: Other Checks: Found 1 problems
Sep 20 08:05:00 host MailScanner[24734]: Requeue: 5591E1E4016.7129B to 
B9E011E4020
Sep 20 08:05:00 host MailScanner[24734]: Uninfected: Delivered 1 messages
----------------------------------------------------------------------

Best regards,
Mikael Kermorgant

-- 
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of 
"unsubscribe". Trouble? Send an email with subject "help" to 
questions-request at logreport.org

More information about the Questions mailing list