|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /usr/share/logwatch/scripts/services/ |
Upload File : |
##########################################################################
# $Id: mailscanner,v 1.21 2006/02/22 19:52:10 mike Exp $
##########################################################################
########################################################
# This was written and is maintained by:
# Mike Tremaine <mgt \@\ stellarcore.net>
#
# Sophos Support and other improvments by Mark W. Nienberg
# MailScan_Spam_Act contributed by Kev Green
#
# Some more clean up rules based on extensive use of some MailScanner
# settings and F-Prot and ClamAV as dual scanners by Hugo van der Kooij
#
# More F-Prot code from John Wilcock
#
########################################################
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my $phishing_detail = $ENV{'mailscanner_phishing_detail'} || 0;
my $mailscanner_phishingthreshold = $ENV{'$mailscanner_phishingthreshold'} || 1;
#Inits
my $MailScan_bytes = 0;
my $MailScan_Content = 0;
my $MailScan_Delivered = 0;
my $MailScan_Other = 0;
my $MailScan_Received = 0;
my $MailScan_Spam = 0;
my $MailScan_Unscanned = 0;
my $MailScan_Virus = 0;
my $SA_timeout = 0;
my $MailScan_ScannerTimeout = 0;
while (defined($ThisLine = <STDIN>)) {
#($QueueID) = ($ThisLine =~ m/^([a-zA-Z0-9]+): / );
$ThisLine =~ s/^[a-zA-Z0-9]+: //;
if ( ( $ThisLine =~ m/^Saved infected/ ) or
( $ThisLine =~ m/^Expanding TNEF archive/ ) or
( $ThisLine =~ m/^Warned about/ ) or
( $ThisLine =~ m/^Sender Warnings:/ ) or
( $ThisLine =~ m/X-Spam/ ) or
( $ThisLine =~ m/Using locktype = (flock|posix)/ ) or
( $ThisLine =~ m/Creating hardcoded struct_flock subroutine for linux/ ) or
( $ThisLine =~ m/New Batch: Found/ ) or
( $ThisLine =~ m/Attempting to disinfect/ ) or
( $ThisLine =~ m/Rescan found/ ) or
( $ThisLine =~ m/Virus Re-scanning:/ ) or
( $ThisLine =~ m/Content Checks: Fixed awkward MIME boundary for Cyrus IMAP/ ) or
( $ThisLine =~ m/Delete bayes lockfile/ ) or
( $ThisLine =~ m/MailScanner E-Mail Virus Scanner version/ ) or
( $ThisLine =~ m/MailScanner child dying of old age/ ) or
( $ThisLine =~ m/MailScanner child caught a SIGHUP/ ) or
( $ThisLine =~ m/Virus and Content Scanning/ ) or
( $ThisLine =~ m/Virus Scanning: [\w]+ found/ ) or
( $ThisLine =~ m/Virus Scanning: ClamAV Module found [\d]+ infections/ ) or
( $ThisLine =~ m/^ClamAV virus database has been updated/ ) or
( $ThisLine =~ m/^ClamAV update of/ ) or
( $ThisLine =~ m/^ClamAV scanner using unrar command / ) or
( $ThisLine =~ m/Saved entire message to/ ) or
( $ThisLine =~ m/Spam Checks: Starting/ ) or
( $ThisLine =~ m/SophosSAVI .+ recognizing [0-9]+ viruses/ ) or
( $ThisLine =~ m/SophosSAVI using [0-9]+ IDE files/ ) or
( $ThisLine =~ m/Sophos SAVI library has been updated/ ) or
( $ThisLine =~ m/Sophos.*update.* detected, resetting SAVI/ ) or
( $ThisLine =~ m/RBL checks: .+ found in RFC-IGNORANT-POSTMASTER/ ) or
( $ThisLine =~ m/F-Prot found/ ) or
( $ThisLine =~ m/SpamAssassin Bayes database rebuild starting|preparing|completed/ ) or
( $ThisLine =~ m/Rebuilding SpamAssassin Bayes database/ ) or
( $ThisLine =~ m/Skipping SpamAssassin while waiting for Bayes/ ) or
( $ThisLine =~ m/Enabling SpamAssassin auto-whitelist functionality/ ) or
( $ThisLine =~ m/Bayes database rebuild is due/ ) or
( $ThisLine =~ m/Content Checks: Detected and will convert|disarm HTML/ ) or
( $ThisLine =~ m/Content Checks: Detected and have disarmed HTML message/ ) or
( $ThisLine =~ m/Content Checks: Found [0-9]+ problems/ ) or
( $ThisLine =~ m/Read [0-9]+ hostnames from the phishing whitelist/ ) or
( $ThisLine =~ m/completed at [0-9]+ bytes per second/ ) or
( $ThisLine =~ m/Message .+ from .+ to .+ is/ ) or
( $ThisLine =~ m/^[A-F0-9]+\.[A-F0-9]{5} to/ ) or #for postfix Requeue:
( $ThisLine =~ m/^calling custom .* function/ ) or
( $ThisLine =~ m/^Initialising database connection/ ) or
( $ThisLine =~ m/^Finished initialising database connection/ ) or
( $ThisLine =~ m/^Disconnected from the database/ ) or
( $ThisLine =~ m/^<A> tag found in message/ ) or
( $ThisLine =~ m/^Viruses marked as silent:/ ) or
( $ThisLine =~ m/^Saved archive copies of/ ) or
( $ThisLine =~ m/^Logging message .+ to SQL/ ) or
( $ThisLine =~ m/^Started SQL Logging child/ ) or
( $ThisLine =~ m/^Starting up SQL Whitelist|Blacklist/ ) or
( $ThisLine =~ m/^Read .+ whitelist|blacklist entries/ ) or
( $ThisLine =~ m/^Closing down by-domain spam whitelist|blacklist/ ) or
( $ThisLine =~ m/^Connected to SpamAssassin cache database/ ) or
( $ThisLine =~ m/^Using SpamAssassin results cache/ ) or
( $ThisLine =~ m/^Expired .+ records from the SpamAssassin cache/ ) or
( $ThisLine =~ m/^Batch processed in .+ seconds/ ) or
( $ThisLine =~ m/^\"Always Looked Up Last\" took .+ seconds/ ) or
( $ThisLine =~ m/^MailScanner child dying after Bayes rebuild/ ) or
( $ThisLine =~ m/^Files hidden in very deeply nested archive/ ) or
#This for Kaspersky I guess it is duplicated by Content checks, remove if not -mgt
( $ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+SUSPICION/ )
) {
# We don't care about these
} elsif ( $ThisLine =~ m/New Batch: Scanning ([0-9]+) messages, ([0-9]+) bytes/i) {
$MailScan_Received = $MailScan_Received + $1;
$MailScan_bytes = $MailScan_bytes + $2;
} elsif ( $ThisLine =~ m/New Batch: Forwarding ([0-9]+) unscanned messages, ([0-9]+) bytes/i) {
$MailScan_Received = $MailScan_Received + $1;
$MailScan_Unscanned = $MailScan_Unscanned + $1;
$MailScan_bytes = $MailScan_bytes + $2;
} elsif ( $ThisLine =~ m/Delivered ([0-9]+)( cleaned)? messages/) {
$MailScan_Delivered = $MailScan_Delivered + $1;
} elsif ( $ThisLine =~ m/Spam Checks: Found ([0-9]+) spam messages/) {
$MailScan_Spam = $MailScan_Spam + $1;
} elsif ( $ThisLine =~ m/Virus Scanning: Found ([0-9]+) viruses/) {
$MailScan_Virus = $MailScan_Virus + $1;
} elsif ( $ThisLine =~ m/infected message .+ came from (.*)/i) {
$MailScan_VirualHost = $MailScan_VirualHost + 1;
$Hostlist{$1}++;
} elsif ( $ThisLine =~ m/Other Checks: Found ([0-9]+) problems/) {
$MailScan_Other = $MailScan_Other + $1;
} elsif ($ThisLine =~ m/Contains signature of the worm (.+)/) {
$VirusType_Antivir{$1}++;
$MailScan_Virus_Antivir++;
} elsif ($ThisLine =~ m/:infected: (.+)/i) {
#without the leading : this would match Fprot so error on the side of matching to much -mgt
$VirusType_BitDefender{$1}++;
$MailScan_Virus_BitDefender++;
} elsif ($ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+: ([\w\_\-\.\/]+) FOUND/i) {
$VirusType_ClamAv{$1}++;
$MailScan_Virus_ClamAv++;
} elsif ($ThisLine =~ m/ClamAVModule::INFECTED:: (.+)::/) {
$VirusType_ClamAVModule{$1}++;
$MailScan_Virus_ClamAVModule++;
} elsif ($ThisLine =~ m/\/.+ Infection: (.+)/i) {
$VirusType_Fprot{$1}++;
$MailScan_Virus_Fprot++;
} elsif ($ThisLine =~ m/\/.+ is a security risk named (.+)/i) {
$VirusType_Fprot{$1}++;
$MailScan_Virus_Fprot++;
} elsif ($ThisLine =~ m/\/.+ is a dropper for (.+)/i) {
$VirusType_Fprot{$1}++;
$MailScan_Virus_Fprot++;
} elsif ($ThisLine =~ m/\/.+ contains (.+)/i) {
$VirusType_Fprot{$1}++;
$MailScan_Virus_Fprot++;
} elsif ($ThisLine =~ m/\/.+ could be/i) {
$MailScan_Virus_Fprot++;
} elsif ($ThisLine =~ m/Found the (.+) virus !!!/) {
$VirusType_McAfee{$1}++;
$MailScan_Virus_McAfee++;
} elsif ($ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+INFECTED\s+([\w\_\-\.\/]+)/i) {
$VirusType_Kaspersky{$1}++;
$MailScan_Virus_Kaspersky++;
} elsif ($ThisLine =~ m/infected:\s+([\w\_\-\.\/]+)\^M/i) {
$VirusType_Kaspersky{$1}++;
$MailScan_Virus_Kaspersky++;
} elsif ($ThisLine =~ m/>>> Virus \'(.+)\' found/) {
$VirusType_Sophos{$1}++;
$MailScan_Virus_Sophos++;
} elsif ($ThisLine =~ m/SophosSAVI::INFECTED:: (.+)::/) {
$VirusType_SophosSavi{$1}++;
$MailScan_Virus_SophosSavi++;
} elsif ($ThisLine =~ m/Commercial scanner (.+) timed out!/){
$VirusScannerTimeout{$1}++;
$MailScan_ScannerTimeout++;
} elsif ($ThisLine =~ m/Content Checks: Detected and have disarmed (.+) in HTML message in [\w]+/i) {
$ContentType{$1}++;
$MailScan_Content++;
} elsif ($ThisLine =~ m/Content Checks: Detected (.+) in [\w]+/i) {
$ContentType{$1}++;
$MailScan_Content++;
} elsif ($ThisLine =~ m/Filename Checks: Allowing (.+)/i) {
if ($ThisLine =~ m/Allowing.*msg\-[0-9]*\-[0-9]*\.[txt|dat|html]/) {
# we don't care about these, regular messages
} else {
#filter sendmail or postfix tag and "(no rule matched)"
my $temp_fc = $1;
$temp_fc =~ s/[a-z0-9]{14}\s//i;
$temp_fc =~ s/[a-z0-9]{9,12}\.[a-z0-9]{5}\s//i;
$temp_fc =~ s/\(no rule matched\)//i;
$FilenameAllow{$temp_fc}++;
$MailScan_FilenameAllow++;
}
} elsif ($ThisLine =~ m/Filename Checks: (.+)/i) {
#filter sendmail or postfix tag
my $temp_fc = lc($1);
$temp_fc =~ s/\([a-z0-9]{14}\s/\(/i;
$temp_fc =~ s/\([a-z0-9]{9,12}\.[a-z0-9]{5}\s/\(/i;
$temp_fc =~ s/\s{10,}/ -space- /;
$FilenameType{$temp_fc}++;
$MailScan_FilenameBanned++;
} elsif ($ThisLine =~ m/Filetype Checks: Allowing (.+)/i) {
if ($ThisLine =~ m/Allowing.*msg\-[0-9]*\-[0-9]*\.[txt|dat|html]/) {
# we don't care about these, regular messages
} else {
#filter sendmail or postfix tag and "(no match found)"
my $temp_fc = $1;
$temp_fc =~ s/[a-z0-9]{14}\s//i;
$temp_fc =~ s/[a-z0-9]{9,12}\.[a-z0-9]{5}\s//i;
$temp_fc =~ s/\(no match found\)//i;
$FiletypeAllow{$temp_fc}++;
$MailScan_FiletypeAllow++;
}
} elsif ($ThisLine =~ m/Filetype Checks: (.+)/i) {
#filter sendmail or postfix tag
my $temp_fc = lc($1);
$temp_fc =~ s/\([a-z0-9]{14}\s/\(/i;
$temp_fc =~ s/\([a-z0-9]{9,12}\.[a-z0-9]{5}\s/\(/i;
$temp_fc =~ s/\s{10,}/ -space- /;
$FiletypeType{$temp_fc}++;
$MailScan_FiletypeBanned++;
} elsif ($ThisLine =~ m/(Password\-protected archive \(.+\)) in \w+/i) {
$MailScan_Other = $MailScan_Other + 1;
$FilenameType{$1}++;
} elsif ($ThisLine =~ /Spam Actions: .+ actions are (.*)/) {
$MailScan_Spam_Act{$1}++;
} elsif ($ThisLine =~ /SpamAssassin timed out and was killed/) {
$SA_timeout++;
} elsif ( $ThisLine =~ m/Message .+ from (.+ \(.+\)) is whitelisted/ ) {
$MailScan_Whitelisted++;
$Whitelisted_Host{$1}++;
} elsif ( $ThisLine =~ m/Message .+ from (.+ \(.+\)) to .+ is spam \(blacklisted\)/ ) {
$MailScan_Blacklisted++;
$Blacklisted_Host{$1}++;
} elsif ($ThisLine =~ m/^Found phishing fraud from (.+) claiming to be (.+) in (.+)/) {
$MailScan_Phishing++;
$PhishingSource{$1}++;
#Detailed phishing output set in mailscanner.conf
#With variable mailscanner_phishing_detail = 1
if ($phishing_detail) {
$PhishingSourceDest{"$1 claiming to be $2 in $3"}++;
} else {
$PhishingSourceDest{"$1 claiming to be $2"}++;
}
} elsif ($ThisLine =~ m/^Found ip-based phishing fraud from (.+) in/) {
$MailScan_Phishing++;
$PhishingSource{$1}++;
} elsif ($ThisLine =~ m/^HTML-Form tag found in message .+ from (.+)/) {
$MailScan_FormTag++;
$FormTagSource{$1}++;
} elsif ($ThisLine =~ m/^HTML-Script tag found in message .+ from (.+)/) {
$MailScan_ScriptTag++;
$ScriptTagSource{$1}++;
} elsif ($ThisLine =~ m/^HTML-IFrame tag found in message .+ from (.+)/) {
$MailScan_IframeTag++;
$IframeTagSource{$1}++;
} elsif ($ThisLine =~ m/^HTML-Object tag found in message .+ from (.+)/) {
$MailScan_ObjectTag++;
$ObjectTagSource{$1}++;
} elsif ($ThisLine =~ m/^HTML Img tag found in message .+ from (.+)/) {
$MailScan_ImgTag++;
$ImgTagSource{$1}++;
} elsif ($ThisLine =~ m/Logged to MailWatch SQL/) {
$MailWatchSQL++;
} elsif ($ThisLine =~ m/Quarantining modified message for/) {
$DisarmedQuarantined++;
} elsif ($ThisLine =~ m/SpamAssassin cache hit for message/) {
$SACacheHit++;
} else {
chomp($ThisLine);
# Report any unmatched entries...
$OtherList{$ThisLine}++;
}
}
if ($MailScan_Received > 0) {
print "\nMailScanner Status:";
print "\n\t" . $MailScan_Received . ' messages Scanned by MailScanner';
my $size_total = 1 ;
if ($MailScan_bytes < 1024) {
$size_total = $MailScan_bytes . ' Total Bytes';
} elsif ($MailScan_bytes < 1048576) {
$size_total = sprintf("%.1f", ($MailScan_bytes / 1024)) . ' Total KB';
} else {
$size_total = sprintf("%.1f", ($MailScan_bytes / 1048576)) . ' Total MB';
}
print "\n\t" . $size_total ;
}
if ($MailScan_Spam > 0) {
print "\n\t" . $MailScan_Spam . ' Spam messages detected by MailScanner';
}
if (keys %MailScan_Spam_Act) {
foreach $ThisOne (sort keys %MailScan_Spam_Act) {
if ($MailScan_Spam_Act{$ThisOne} > 0) {
print "\n\t\t" . $MailScan_Spam_Act{$ThisOne} . ' Spam messages with action(s) ' .$ThisOne ;
}
}
}
if ($SACacheHit > 0) {
print "\n\t\t" . $SACacheHit . ' hits from MailScanner SpamAssassin cache';
}
if ($MailScan_Unscanned > 0) {
print "\n\t" . $MailScan_Unscanned . ' Messages forwarded unscanned by MailScanner';
}
if ($MailScan_Virus > 0) {
print "\n\t" . $MailScan_Virus . ' Viruses found by MailScanner';
}
if ($MailScan_Other > 0) {
print "\n\t" . $MailScan_Other . ' Banned attachments found by MailScanner';
}
if ($MailScan_Content > 0) {
print "\n\t" . $MailScan_Content . ' Content Problems found by MailScanner';
}
if ($MailScan_Delivered > 0) {
print "\n\t" . $MailScan_Delivered . " Messages delivered by MailScanner\n";
}
if ($MailWatchSQL > 0) {
print "\n\t" . $MailWatchSQL . " Messages logged to MailWatch database\n";
}
if ($SA_timeout > 0) {
print "\n\t" . $SA_timeout . " SpamAssassin timeout(s)\n";
}
if (keys %VirusScannerTimeout) {
print "\n\t" . $MailScan_ScannerTimeout . " virus scanner timeout(s)\n";
foreach $ThisOne (sort keys %VirusScannerTimeout) {
print "\t " . $ThisOne . ": " . $VirusScannerTimeout{$ThisOne} . " Time(s)\n";
}
}
if (keys %VirusType_Antivir) {
print "\nAntivir Virus Report: (Total Seen = $MailScan_Virus_Antivir)\n";
foreach $ThisOne (sort keys %VirusType_Antivir) {
print ' ' . $ThisOne . ': ' . $VirusType_Antivir{$ThisOne} . " Times(s)\n";
}
}
if (keys %VirusType_BitDefender) {
print "\nBitDefender Virus Report: (Total Seen = $MailScan_Virus_BitDefender)\n";
foreach $ThisOne (sort keys %VirusType_BitDefender) {
print ' ' . $ThisOne . ': ' . $VirusType_BitDefender{$ThisOne} . " Times(s)\n";
}
}
if (keys %VirusType_ClamAv) {
print "\nClamAV Virus Report: (Total Seen = $MailScan_Virus_ClamAv)\n";
foreach $ThisOne (sort keys %VirusType_ClamAv) {
print ' ' . $ThisOne . ': ' . $VirusType_ClamAv{$ThisOne} . " Time(s)\n";
}
}
if (keys %VirusType_ClamAVModule) {
print "\nClamAVModule Virus Report: (Total Seen = $MailScan_Virus_ClamAVModule)\n";
foreach $ThisOne (sort keys %VirusType_ClamAVModule) {
print ' ' . $ThisOne . ': ' . $VirusType_ClamAVModule{$ThisOne} . " Time(s)\n";
}
}
if (keys %VirusType_Fprot) {
print "\nF-Prot Virus Report: (Total Seen = $MailScan_Virus_Fprot)\n";
foreach $ThisOne (sort keys %VirusType_Fprot) {
print ' ' . $ThisOne . ': ' . $VirusType_Fprot{$ThisOne} . " Time(s)\n";
}
}
if (keys %VirusType_Kaspersky) {
print "\nKaspersky Virus Report: (Total Seen = $MailScan_Virus_Kaspersky)\n";
foreach $ThisOne (sort keys %VirusType_Kaspersky) {
print ' ' . $ThisOne . ': ' . $VirusType_Kaspersky{$ThisOne} . " Time(s)\n";
}
}
if (keys %VirusType_McAfee) {
print "\nMcAfee Virus Report: (Total Seen = $MailScan_Virus_McAfee)\n";
foreach $ThisOne (sort keys %VirusType_McAfee) {
print ' ' . $ThisOne . ': ' . $VirusType_McAfee{$ThisOne} . " Time(s)\n";
}
}
if (keys %VirusType_Sophos) {
print "\nSophos Virus Report: (Total Seen = $MailScan_Virus_Sophos)\n";
foreach $ThisOne (sort keys %VirusType_Sophos) {
print ' ' . $ThisOne . ': ' . $VirusType_Sophos{$ThisOne} . " Time(s)\n";
}
}
if (keys %VirusType_SophosSavi) {
print "\nSophosSavi Virus Report: (Total Seen = $MailScan_Virus_SophosSavi)\n";
foreach $ThisOne (sort keys %VirusType_SophosSavi) {
print ' ' . $ThisOne . ': ' . $VirusType_SophosSavi{$ThisOne} . " Time(s)\n";
}
}
if (keys %Hostlist) {
print "\nVirus Sender Report: (Total Seen = $MailScan_VirualHost)\n";
foreach $ThisOne (sort keys %Hostlist) {
print ' ' . $ThisOne . ': ' . $Hostlist{$ThisOne} . " Time(s)\n";
}
}
if (keys %Whitelisted_Host) {
print "\nSpam Whitelisted Host Report: (Total Seen = $MailScan_Whitelisted)\n";
foreach $ThisOne (sort keys %Whitelisted_Host) {
print ' ' . $ThisOne . ': ' . $Whitelisted_Host{$ThisOne} . " Time(s)\n";
}
}
if (keys %Blacklisted_Host) {
print "\nSpam Blacklisted Host Report: (Total Seen = $MailScan_Blacklisted)\n";
foreach $ThisOne (sort keys %Blacklisted_Host) {
print ' ' . $ThisOne . ': ' . $Blacklisted_Host{$ThisOne} . " Time(s)\n";
}
}
if (keys %ContentType) {
print "\nContent Report: (Total Seen = $MailScan_Content)";
if ($DisarmedQuarantined > 0) { print " (Quarantined = $DisarmedQuarantined)"; }
print "\n";
foreach $ThisOne (sort keys %ContentType) {
print ' ' . $ThisOne . ': ' . $ContentType{$ThisOne} . " Time(s)\n";
}
}
if (keys %FilenameAllow) {
print "\nAllowed Filename Report: (Total Seen = $MailScan_FilenameAllow)\n";
if ($Detail >= 10) {
foreach $ThisOne (sort keys %FilenameAllow) {
print ' ' . $ThisOne . ': ' . $FilenameAllow{$ThisOne} . " Time(s)\n";
}
} else {
print ' ' . "Details Suppressed at level $Detail. Level 10 required.\n";
}
}
if (keys %FilenameType) {
print "\nBanned Filename Report: (Total Seen = $MailScan_FilenameBanned)\n";
foreach $ThisOne (sort keys %FilenameType) {
print ' ' . $ThisOne . ': ' . $FilenameType{$ThisOne} . " Time(s)\n";
}
}
if (keys %FiletypeAllow) {
print "\nAllowed Filetype Report: (Total Seen = $MailScan_FiletypeAllow)\n";
if ($Detail >= 10) {
foreach $ThisOne (sort keys %FiletypeAllow) {
print ' ' . $ThisOne . ': ' . $FiletypeAllow{$ThisOne} . " Time(s)\n";
}
} else {
print ' ' . "Details Suppressed at level $Detail. Level 10 required.\n";
}
}
if (keys %FiletypeType) {
print "\nBanned Filetype Report: (Total Seen = $MailScan_FiletypeBanned)\n";
foreach $ThisOne (sort keys %FiletypeType) {
print ' ' . $ThisOne . ': ' . $FiletypeType{$ThisOne} . " Time(s)\n";
}
}
if ( (keys %PhishingSource) && ($mailscanner_phishingthreshold > 0) ) {
print "\nPhishing Report: (Total Seen = $MailScan_Phishing)\n";
foreach $ThisOne (sort keys %PhishingSource) {
if ( $PhishingSource{$ThisOne} >= $mailscanner_phishingthreshold ) {
print ' ' . $ThisOne . ': ' . $PhishingSource{$ThisOne} . " Time(s)\n";
}
};
if ($Detail >= 10) {
print "\n Detail:\n";
foreach $ThisOne (sort keys %PhishingSourceDest) {
if ( $PhishingSourceDest{$ThisOne} >= $mailscanner_phishingthreshold ) {
print ' ' . $ThisOne . ': ' . $PhishingSourceDest{$ThisOne} . " Time(s)\n";
}
}
}
}
if (keys %FormTagSource) {
print "\nHTML <FORM> tag report: (Total Seen = $MailScan_FormTag)\n";
foreach $ThisOne (sort keys %FormTagSource) {
print ' ' . $ThisOne . ': ' . $FormTagSource{$ThisOne} . " Time(s)\n";
}
}
if (keys %ScriptTagSource) {
print "\nHTML <SCRIPT> tag report: (Total Seen = $MailScan_ScriptTag)\n";
foreach $ThisOne (sort keys %ScriptTagSource) {
print ' ' . $ThisOne . ': ' . $ScriptTagSource{$ThisOne} . " Time(s)\n";
}
}
if (keys %IframeTagSource) {
print "\nHTML <IFRAME> tag report: (Total Seen = $MailScan_IframeTag)\n";
foreach $ThisOne (sort keys %IframeTagSource) {
print ' ' . $ThisOne . ': ' . $IframeTagSource{$ThisOne} . " Time(s)\n";
}
}
if (keys %ObjectTagSource) {
print "\nHTML <OBJECT> tag report: (Total Seen = $MailScan_ObjectTag)\n";
foreach $ThisOne (sort keys %ObjectTagSource) {
print ' ' . $ThisOne . ': ' . $ObjectTagSource{$ThisOne} . " Time(s)\n";
}
}
if (keys %ImgTagSource) {
print "\nHTML <IMG> tag report: (Total Seen = $MailScan_ImgTag)\n";
if ($Detail >= 10) {
foreach $ThisOne (sort keys %ImgTagSource) {
print ' ' . $ThisOne . ': ' . $ImgTagSource{$ThisOne} . " Time(s)\n";
}
} else {
print ' ' . "Details Suppressed at level $Detail. Level 10 required.\n";
}
}
if (keys %OtherList) {
print "\n**Unmatched Entries**\n";
foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
print " $line: $OtherList{$line} Time(s)\n";
}
}
exit(0);
# vi: shiftwidth=3 tabstop=3 syntax=perl et