#!/usr/bin/perl -w
###############################################
# This script should be called with a parameter
# of a maillog file, for example:
#   my-virus-report.pl /var/log/maillog

#  This script outputs a simple report showing the results of
#  ClamAV virus scans of e-mail attachments as performed by
#  amavisd-new.

#  amavisd-new loglevels 0-2 only generates a log entry when a virus
#  infected e-mail is found.  loglevels 3-5 report each scan
#  performed on every mail part.  This report shows # of viruses
#  found and lists the virus types for loglevels 0-2 and adds
#  scans performed for loglevels 3-5.

my (@Viruses);

$j = 0;
$ScanCount = 0;

while(<>) {
    next unless ($_ =~ /amavis/);  # Skip lines that don't contain "amavis"

   if ($_ =~ /-clamd result|clamscan status=/) {
      # Count virus scans performed for loglevel 3-5
      $ScanCount++;
   } elsif ($_ =~ /\) INFECTED \(/) {
      ($Viruses[$j]{Type}) = /INFECTED\s+\((\S+)., /;
#if (! defined $Viruses[$j]{Type})  { print "Line: $_\n"; }
#print "debug: $Viruses[$j]{Type}\n";
      $j++;
   }
}


#############################################
## Print out virus report
#############################################
print <<EOL;
-----------------------------------------------------------------------
Virus Filter Report
-----------------------------------------------------------------------

Summary

$j  Viruses blocked
EOL

if ($ScanCount ne 0) {
   print "$ScanCount  Virus scans performed\n";
}
print "\n";



#############################################
## Count number of viruses by type (name)
#############################################
@SortedViruses = sort ( { $$a{Type} cmp $$b{Type} } @Viruses ); 

$previous = 'itshouldneverequalthis';
$i = 0;
$count = 1;
@Viruses = ();
for my $row (@SortedViruses) {
    if ($$row{Type} eq $previous) {
        ($Viruses[$i-1]{Type}, $Viruses[$i-1]{Count}) = ($$row{Type}, ++$count);
    } else {
        ($Viruses[$i]{Type}, $Viruses[$i]{Count}) = ($$row{Type}, 1);
        $i++;
        $count = 1;
    }
    $previous = $$row{Type};
}

@Viruses = reverse sort ( { $$a{Count} <=> $$b{Count} } @Viruses );


#############################################
## Print out virus distribution by type (name)
#############################################
print <<EOL;

Viruses Blocked - Top 50
    #     Virus name 
    -------------------------------------------------------------------
EOL

$numberofdomains = 0;
for my $row(@Viruses) {
  if ($numberofdomains < 50)  # only print this many lines
  {
    print <<EOL;
    $$row{Count}     $$row{Type}
EOL
  }
  $NumberOfTypes++;
}



#############################################
## Print out Grand Totals
#############################################
print <<EOL;

$NumberOfTypes  Virus types detected
EOL