#!/usr/bin/perl
# (c) Dinko Korunic 'kreator', 2003.
# PL Virii statistics v1.0

use Socket;
use Sys::Hostname;

$web_style = 1;
$host = hostname();
@long_mon = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul',
             'Aug', 'Sep', 'Oct', 'Nov', 'Dec');
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst)
  = localtime(time);
$date = sprintf("%3s %02d", $long_mon[$mon], $mday);
%domains = ();
%viruses = ();

while (<STDIN>)
{ 
  if (/$date .+ $host amavis.+ INFECTED \((\S+)\), <(\S+)>/)
  {
    $viruses{$1}++;
    @hostarry = split(/[@,.]/, $2);
    $tld = $hostarry[$#hostarry];
    $domains{$tld}++;
    ++$viruslines;
  }
  ++$lines;
}

@sorted_viruses = sort { $viruses{$b} <=> $viruses{$a} ||
  $b cmp $a } keys %viruses;
@sorted_domains = sort { $domains{$b} <=> $domains{$a} ||
  $b cmp $a } keys %domains;

$max_viruses = $viruses{$sorted_viruses[0]};
$max_domains = $domains{$sorted_domains[0]};

$fix_viruses = $max_viruses / 50;
$fix_domains = $max_domains / 50;

printf "%s %d %02d:%02d]\n\n", "Virii report at [$date",
  $year + 1900, $hour, $min;
if (!$viruslines)
{
  print "No viruses.";
  exit;
}

print "Total $viruslines lines parsed of total $lines lines in maillog\n";
print "Max per virus: $max_viruses, max virii per TLD: $max_domains\n";

print "\nScoring by virii\n";
for $record (@sorted_viruses)
{
  printf "%3d. %20s = %-10d", $counter1++, "[$record]",
    $viruses{$record}; 
  if ($web_style)
  {
    printf " %-s", '*'x($viruses{$record} / $fix_viruses);
  }
  print "\n";
}

print "\nScoring by TLDs\n";
for $record (@sorted_domains)
{
  printf "%3d. %5s = %-10d", $counter2++, "[$record]",
    $domains{$record};
  if ($web_style)
  {
    printf " %-s", '*'x($domains{$record} / $fix_domains);
  }
  print "\n";
}