Installation F-Prot Free Antivirus to scan attachements

[ovizii]

figured it out, edit reports.php and add:
$filter->AddReport("virus-stats.php", "Virus Statistics");

[nicola.piazzi]

there is a line to add in the menu of mailwatch

[pdwalker]

Thank you!

With a few changes, I've adapted it for my needs.

[tbuchanan]

Nicola, I would like to implement this report on my EFA gateways but do not get any lines on my report, only headings. I have copied your code to /var/www/html/mailscanner/virus-stats.php and changed Data to Date and Totala to Totals (US English) as well as translated some of the description using Google translate. I added the line $filter->AddReport("virus-stats.php", "Virus Statistics"); to reports.php. The page comes up from the menu but no supporting data. When I check Virus Report from the menu, it shows viruses are being caught. Can you suggest what I might look at to see why this is not working. Sorry, I am a user, not much of a coder or database person. Thank you.

[ovizii]

changed Data to Date and Totala to Totals

When you change those words, make sure you search and replace them inside the whole file! From the description of your problem I assume you only changed them in the header of those columns. I suggest copying that code into a new file and do a new search and replace or rather, without replacing anything see if it works. If it works as is, clearly you made a mistake when replacing them Good luck.

[tbuchanan]

Thanks for the reply. Did a fresh copy of the code and placed it in /var/www/html/mailscanner/virus-stats.php with same result. Headers show but no data. This is a pretty stock EFA install (originally 3.0.0.7 upgraded in single version steps all the way to 3.0.2.2) I'll have to wait until I understand what is going on behind the scenes to get it working. Thanks.

[pdwalker]

I had the same or similar problem, but it was easily fixed.

Now, let me try to remember what the change was...

[pdwalker]

The heck with it. I made a number of changes, mostly cosmetic:

Code: Select all

<?php

/*
MailWatch for MailScanner
Copyright (C) 2003-2011 Steve Freegard (steve@freegard.name)
Copyright (C) 2011 Garrod Alwood (garrod.alwood@lorodoes.com)
Copyright (C) 2014-2015 MailWatch Team (https://github.com/orgs/mailwatch/teams/team-stable)

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

In addition, as a special exception, the copyright holder gives permission to link the code of this program
with those files in the PEAR library that are licensed under the PHP License (or with modified versions of those
files that use the same license as those files), and distribute linked combinations including the two.
You must obey the GNU General Public License in all respects for all of the code used other than those files in the
PEAR library that are licensed under the PHP License. If you modify this program, you may extend this exception to
your version of the program, but you are not obligated to do so.
If you do not wish to do so, delete this exception statement from your version.

As a special exception, you have permission to link this program with the JpGraph library and
distribute executables, as long as you follow the requirements of the GNU GPL in regard to all of the software
in the executable aside from JpGraph.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/


// Include of necessary functions
/* require_once("./functions.php"); */
/* require_once("./filter.inc"); */
require_once(__DIR__ . '/functions.php');
require_once(__DIR__ . '/filter.inc.php');

// Authentication checking
require(__DIR__ . '/login.function.php');


// add the header information such as the logo, search, menu, ....
$filter = html_start("Antivirus Engine Analysis", 0, false, true);

echo "<h2 style='text-align:center;'>Virus Detection by AV Engine</h2>";

/*$sql = "
SELECT date AS Data,
COUNT(*) AS Totale,
SUM(IF(report LIKE '%Sophos%', 1, 0)) AS Sophos,
SUM(IF(report LIKE '%Sophos%' AND report NOT LIKE '%Clamd%' AND report NOT LIKE '%F-Prot%', 1, 0)) AS SophosOnly,
SUM(IF(report LIKE '%Clamd%', 1, 0)) AS Clam,
SUM(IF(report LIKE '%Clamd%' AND report NOT LIKE '%Sophos%' AND report NOT LIKE '%F-Prot%', 1, 0)) AS ClamOnly,
SUM(IF(report LIKE '%F-Prot%', 1, 0)) AS FProt,
SUM(IF(report LIKE '%F-Prot%' AND report NOT LIKE '%Sophos%' AND report NOT LIKE '%Clamd%' , 1, 0)) AS FProtOnly
FROM maillog WHERE virusinfected > 0
AND report NOT LIKE '%EICAR%' GROUP BY date DESC;
";*/
$sql = "
    SELECT 
        date AS Data,
        COUNT(*) AS Totale,
        SUM(IF(report LIKE '%Sophos%', 1, 0)) AS Sophos,
        SUM(IF(report LIKE '%Sophos%' AND report NOT LIKE '%Clamd%', 1, 0)) AS SophosOnly,
        SUM(IF(report LIKE '%Clamd%', 1, 0)) AS Clam,
        SUM(IF(report LIKE '%Clamd%' AND report NOT LIKE '%Sophos%', 1, 0)) AS ClamOnly
    FROM 
        maillog 
    WHERE 
        virusinfected > 0
    GROUP BY 
        date DESC;
";

$result = dbquery($sql);
if ($result->num_rows <= 0) {
    die(__('diemysql99') . "\n");
}

while ($row = $result->fetch_object()) {
    $data[] = $row->Data;
    $data2[] = $row->Totale;
    $data3[] = $row->Sophos;
    $data4[] = $row->SophosOnly;
    $data5[] = $row->Clam;
    $data6[] = $row->ClamOnly;
}

echo "<TABLE BORDER='0' CELLPADDING='10' CELLSPACING='0' WIDTH='100%'>";
echo "<TR'>";
echo "<TD ALIGN='CENTER'>";
echo "<TABLE border=0 cellspacing=1 cellpadding=4 class='reporthover'>";

echo "<TR>";
echo "<TH rowspan=2 BGCOLOR=FFAD33>Date</TH>";
echo "<TH rowspan=2 BGCOLOR=ADAD85>Totals</TH>";
echo "<th colspan=2 BGCOLOR=ADAD85>Sophos AV</th>";
echo "<th colspan=2 BGCOLOR=ADAD85>Clam AV</th>";
echo "</TR>";

echo "<TR>";
echo "<TH BGCOLOR=ADAD85>sophos</TH>";
echo "<TH BGCOLOR=ADAD85>only</TH>";
echo "<TH BGCOLOR=ADAD85>clam</TH>";
echo "<TH BGCOLOR=ADAD85>only</TH>";
echo "</TR>";

for ($i = 0; $i < count($data); $i++) {
    $totalV = $totalV + $data2[$i];
    $totalS = $totalS + $data3[$i];
    $totalSO = $totalSO + $data4[$i];
    $totalC = $totalC + $data5[$i];
    $totalCO = $totalCO + $data6[$i];
    echo "<TR>
    <TD BGCOLOR=FFD699 align='center'><b>$data[$i]</b></TD>
    <TD BGCOLOR=D6D6C2 align='center'><b>$data2[$i]</b></TD>
    <TD BGCOLOR=D6D6C2 align='center'><b>$data3[$i]</b></TD>
    <TD BGCOLOR=D6D6C2 align='center'>$data4[$i]</TD>
    <TD BGCOLOR=D6D6C2 align='center'><b>$data5[$i]</b></TD>
    <TD BGCOLOR=D6D6C2 align='center'>$data6[$i]</TD>
    </TR>\n";
}
echo "<tr>";
echo "<th BGCOLOR=FFAD33>Totals</th>";
echo "<th BGCOLOR=ADAD85>$totalV</th>";
echo "<th BGCOLOR=ADAD85>$totalS</th>";
echo "<th BGCOLOR=ADAD85>$totalSO</th>";
echo "<th BGCOLOR=ADAD85>$totalC</th>";
echo "<th BGCOLOR=ADAD85>$totalCO</th>";
echo "</tr>";

echo "</TABLE> </TD> </TR> </TABLE>";


// Add footer
html_end();
// Close any open db connections
dbclose();

What did I change?

• I'm not using fprot, so I didn't need to report on it, so I removed those two columns and removed it from the sql query (compare lines 52-63 vs 64-78)
• changed the colors using hard coded color attributes rather than doing it properly in css (sorry, didn't originally plan to share as i figured it was a one off thing)
• removed the session_start as it didn't appear to be necessary from what I could see from the other reports.
• kept the EICAR virus in the count
• line 85 used

  Code: Select all

  while ($row = $result->fetch_object()) { 

  instead of

  Code: Select all

  while ($row = mysql_fetch_object($result)) {

  I think this was the one line causing the data not to appear. It looks like the convention for pulling data from the database has changed recently.

Hope that helps.

[tbuchanan]

pdwalker, it was, in fact, your line 85 (different line number in mine) that was not allowing data to show. Thank you very much for sharing your information. This is a helpful report for me.

[pdwalker]

The real secret is looking at the stuff that works, and then working out the differences. Otherwise I'd have had no idea why line 85 wasn't working.

You're welcome.

[ovizii]

I just upgraded to EFA 3.0.2.3 and neither nicola's version nor pdwalker's are working anymore. pdwalker's shows: no rows were fetched or similar and nicola's version simply shows the headers but no results.

also I noticed that none of the other virus reports which were baked in show anything anymore. Have you guys tried the Top Viruses and the virus report?

oh, and if I go to "Total Messages by Date" I don't see any viruses either its like I've never caught one

[pdwalker]

let me update my copy and see if mine behaves. otherwise, I'll debug it and tell you how to fix it.

[edit: updating now]

[pdwalker]

Ok, I updated to 3.0.2.3, no hitches

from the /var/EFA/backup/3.0.2.3/mailscanner/ directory, I:
- copied my changes from filter.inc.php
- copied rep_virus_by_avengine.php
- copied my changes from reports.php

into /var/www/html/mailscanner/

Then I ran the report. It worked perfectly first time.

So Ovizii, without knowing exactly what you did and what you have, I don't know where you are going wrong.

Try running the sql query directly, and see if you get any results. You should.

- Paul

[ovizii]

Thanks pdwalker, I'm not going to put energy into fixing this, I'm about to go on holiday and I have had like 5-10 viruses a month max so I don't really need this report. I guess I'll give it another try once I'm back but thanks for confirming yours worked fine after the update.