#!/bin/sh
#
# Copyright (C) 2004 Sergey Y. Afonin <asy@kraft-s.ru>
# License: none
# You can use, redistribute and modify it without any limitations
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY.
#
# clamav-milter specific (based on sendmail's log)
# cron string:
# 00      */1 * * *         root    /usr/local/bin/virusstat-perIP-PrevHour
#
# Known bugs:
# 1. last hour before logrotate isn't processed
#
# v 0.2 2004-12-??
# fix: add first "0" to 0-9 hours
#
# v 0.1 2004-10-02
# initial
#

PATH="/root/bin:/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin"

export PATH

CAT='cat'
LOG='/var/log/mail/all'
SERVER='AV Server'
VIRADMINS='root@localhost,postmaster@localhost'

TIMEEND=`date +%k`
TIME=$[$TIMEEND-1]
[ $TIME = "-1" ] && TIME=23
[ $[ $TIME < 10 ] == 1 ] && TIME="0$TIME"

(echo Statistic by viruses per IP from $TIME:00 to $TIMEEND:00 names: && echo &&\
$CAT $LOG |grep 'Intercepted virus from'|egrep "^.*$TIME:[0-6][0-9]:[0-6][0-9]"|grep '\[.*\..*\]'|\
sed -e 's/^.*clamfi_eom:.*: \(.*\) .*\[\(.*\)\] .*/\1 \2/'|\
sort|uniq -c|sort -r &&\
echo && echo "Scanned by ClamAV Antivirus (http://www.clamav.net/)")|\
mail -s "Virus Statistic per IP (from $TIME:00 to $TIMEEND:00) on $SERVER" $VIRADMINS