#!/usr/bin/perl 
##########################################################################
# $Id: mailscanner,v 1.2 2004/02/03 04:10:21 kirk Exp $
##########################################################################

########################################################
# This was written and is maintained by:
#    Mike Tremaine <mgt \@\ stellarcore.net>
########################################################

while (defined($ThisLine = <STDIN>)) {
   ($QueueID) = ($ThisLine =~ m/^([a-zA-Z0-9]+): / );
   $ThisLine =~ s/^[a-zA-Z0-9]+: //;
   if ( ( $ThisLine =~ m/^Saved infected/ ) or
         ( $ThisLine =~ m/^Expanding TNEF archive/ ) or
         ( $ThisLine =~ m/^Warned about/ ) or
         ( $ThisLine =~ m/^Sender Warnings:/ ) or
         ( $ThisLine =~ m/X-Spam/ ) or
         ( $ThisLine =~ m/Using locktype = flock/ ) or
         ( $ThisLine =~ m/SpamAssassin timed out and was killed/ ) or
         ( $ThisLine =~ m/New Batch: Found/ ) or
         ( $ThisLine =~ m/Attempting to disinfect/ ) or
         ( $ThisLine =~ m/Rescan found/ ) or
         ( $ThisLine =~ m/Virus Re-scanning:/ ) or
         ( $ThisLine =~ m/Delete bayes lockfile/ ) or
         ( $ThisLine =~ m/MailScanner E-Mail Virus Scanner version/ ) or
         ( $ThisLine =~ m/MailScanner child dying of old age/ ) or
         ( $ThisLine =~ m/MailScanner child caught a SIGHUP/ ) or
         ( $ThisLine =~ m/Virus and Content Scanning/ ) or
         ( $ThisLine =~ m/Virus Scanning: [\w]+ found/ ) ) {
      # We don't care about these
   } elsif ( $ThisLine =~ m/New Batch: Scanning ([0-9]+) messages, ([0-9]+) bytes/i) {
      $MailScan_Received = $MailScan_Received + $1;
      $MailScan_bytes = $MailScan_bytes + $2;
   } elsif ( $ThisLine =~ m/Delivered ([0-9]+)( cleaned)? messages/) {
      $MailScan_Delivered = $MailScan_Delivered + $1;
   } elsif ( $ThisLine =~ m/Spam Checks: Found ([0-9]+) spam messages/) {
      $MailScan_Spam = $MailScan_Spam + $1;
   } elsif ( $ThisLine =~ m/Virus Scanning: Found ([0-9]+) viruses/) {
      $MailScan_Virus = $MailScan_Virus + $1;
   } elsif ( $ThisLine =~ m/infected message .+ came from (.*)/i) {
      $MailScan_VirualHost = $MailScan_VirualHost + 1;
      $Hostlist{$1}++;
   } elsif ( $ThisLine =~ m/Content Checks: Found ([0-9]+) problems/) {
      $MailScan_Content = $MailScan_Content + $1;
   } elsif ( $ThisLine =~ m/Other Checks: Found ([0-9]+) problems/) {
      $MailScan_Other = $MailScan_Other + $1;
   } elsif ($ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+: ([\w\_\-\.\/]+) FOUND/i) {
      $VirusType{$1}++;
   } elsif ($ThisLine =~ m/Content Checks: Detected (.+) in [\w]+/i) {
      $ContentType{$1}++;
   } elsif ($ThisLine =~ m/Filename Checks: (.+)/i) {
      $FilenameType{$1}++;
   } else {
      chomp($ThisLine);
      # Report any unmatched entries...
      $OtherList{$ThisLine}++; 
   }
}

if ($MailScan_Received > 0) {
   print "\nMailScanner Status:";
   print "\n\t" . $MailScan_Received . ' messages Scanned by MailScanner';
   print "\n\t" . $MailScan_bytes . ' Total Bytes';
}
if ($MailScan_Spam > 0) {
   print "\n\t" . $MailScan_Spam . ' messages Tagged as Spam by MailScanner';
}

if ($MailScan_Virus > 0) {
   print "\n\t" . $MailScan_Virus . ' Viruses found by MailScanner';
}

if ($MailScan_Other > 0) {
   print "\n\t" . $MailScan_Other . ' Banned attachments found by MailScanner';
}

if ($MailScan_Content > 0) {
   print "\n\t" . $MailScan_Content . ' Content Problems found by MailScanner';
}

if ($MailScan_Delivered > 0) {
   print "\n\t" . $MailScan_Delivered . " messages Delivered by MailScanner\n";
}

if (keys %VirusType) {
   print "\nVirus Report: (Total Seen = $MailScan_Virus )\n";
   foreach $ThisOne (sort keys %VirusType) {
      print '    ' . $ThisOne . ': ' . $VirusType{$ThisOne} . " Times(s)\n";
   }
}

if (keys %Hostlist) {
   print "\nHost Report: (Total Seen = $MailScan_ViralHost )\n";
   foreach $ThisOne (sort keys %Hostlist) {
      print '    ' . $ThisOne . ': ' . $Hostlist{$ThisOne} . " Times(s)\n";
   }
}

if (keys %ContentType) {
   print "\nContent Report: (Total Seen = $MailScan_Content )\n";
   foreach $ThisOne (sort keys %ContentType) {
      print '    ' . $ThisOne . ': ' . $ContentType{$ThisOne} . " Times(s)\n";
   }
}

if (keys %FilenameType) {
   print "\nFilename Report: (Total Seen = $MailScan_Other )\n";
   foreach $ThisOne (sort keys %FilenameType) {
      print '    ' . $ThisOne . ': ' . $FilenameType{$ThisOne} . " Times(s)\n";
   }
}

if (keys %OtherList) {
   print "\n**Unmatched Entries**\n";
   foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
      print "   $line: $OtherList{$line} Time(s)\n";
   }
}

exit(0);

# vi: shiftwidth=3 tabstop=3 et

