Statistics

Here's some statistics  from sites using the Unofficial Phishing and Scam signatures:
 

Site 1 Site 2 Site 3 Site 4 Site 5 Site 6 Site 7 Site 8

       

Note: some of the above sites have removed Sanesecurity from the virus name

Stats

If you want to produce your own ClamAV stats, here's a perl script to run.

Usage: If you want a nice .html output use the below command line in an hourly cronjob:

 

/usr/local/bin/clamstats.pl –html > mystats.html


Comments:

comment out $startdate = "06 January 2009"; on line 28, so that the first log file line's date will be used instead.

remove the text "stream" from the regexp on line 158, so that it matches my "FOUND" log file lines.

 


Support for amavis:

 

 

— clamstats.pl 2009-01-25 18:07:30.000000000 -0800
+++ /usr/local/bin/clamstats.pl 2009-04-23 19:23:44.000000000 -0700
@@ -154,6 +154,9 @@
print "DEFANG: ID: $id, EXT: $ext, VIRUS: $virus\n";
addstats($date,$virus,$ext);

+ } elsif (($id,$virus) = ($log =~ m{amavis-(\w+).*:\s+(.+)
FOUND} )) {
+ #print "AMAVIS: ID: $id, VIRUS: $virus\n";
+ addstats($date,$virus,'N/A');
# } elsif (($virus) = ($log =~ /^stream(?: \d+)?: (.+)
FOUND/ )) {
} elsif (($virus) = ($log =~ /^stream[^:]+: (.+) FOUND/ ))
{
# Tue Feb 13 23:03:04 2007 -> stream:
Html.Phishing.Bank.Gen175.Sanesecurity.06032008 FOUND


Win32 changes:

 

Change lline :

} elsif (($virus) = ($log =~ /^[^:]+: (.+) FOUND/ )) {

to:

} elsif (($virus) = ($log =~ /^.+: (.+) FOUND/ )) {

Permanent link to this article: https://sanesecurity.co.uk/statistics/