Scripts for generating RBL and virus statistics with Exim and ClamAV


Firstly you will need a Linux/UNIX machine. Although these scripts are all written in Perl, they make use of the GD graphics library, which I'm not aware is available on Windows platforms (sadly).

I'm assuming that your machine has a relatively recent edition of Perl on it (5.6.x or 5.8.x) - most Linux distros & UNICES come with them these days. Then fire up CPAN and install GD::Graph. You can do this with the following command:

perl -MCPAN -e shell;

This should hopefully go off and install GD::Graph and all its pre-requisites for you. Next, pick the Perl you want from below:


Exim RBL Stats

This plots a pie chart with a breakdown of which RBLs blocked messages from being accepted. It also generates a HTML formatted list.


ClamAV Virus Pie Chart

This plots a pie chart with a breakdown of which viruses were blocked by ClamAV. It also generates a HTML formatted list.


ClamAV Virus History

This generates a histogram of number of viruses per day. It allows you to plot a trend of virus attacks stopped by ClamAV.

There are some basic things you need to fill in at the top of each script, such as the location of log files and such like; they're fairly self explanatory though. You will need to ensure that you're producing the log files in the correct format in the first place however:

Exim 4 should log which RBL was used, so look for the following sort of line in your main Exim log:

2003-11-17 21:26:52 H=(mg017014.user.veloxzone.com.br) [200.165.17.14] F=<ac1cvob@juno.com> rejected RCPT <a@b.com>: host is listed in list.dsbl.org

ClamAV does not log by default, so ensure that you uncomment the following line in your clamd.conf file:

LogFile /var/log/clamd/clamd.log

You can subscribe to an announcements mailing list regarding updates to these scripts by sending an email with the word "subscribe" in the body to eximscripts-request at purple dot alexlomas dot com. You will be asked to confirm you subscription by return of email. This is an exceptionally low volume list and will only be used to send announcements of new versions/updates.

You can also look at the archives of the mailing list.