Relatório Semanal U&M - InvestLinux –...

Relatório Semanal U&M - InvestLinux – 01/10/2012

Uptime / Last OK

Espaço em Disco OK

Dmesg OK

Logs OK

Dat Anti-Vírus OK

Top - Memória / Processos / Carga OK

Processos OK

Portas Tcp Udp Abertas OK

MRTG - Tráfego OK

MRTG - Processador OK

Ipaudit Diário OK

Ipaudit Semanal OK

Squid Reports - TopSites OK

Squid Reports - TopUsers OK

Nagios - Disponibilidade HTTP 100,00%

Nagios - Disponibilidade SMTP 100,00%

Uptime / LastUptime (Tempo Online do Servidor) Last (Conexões remotas)

[root@uem-gw]# uptime 09:39:20 up 7 days, 1:11, 1 user, load average: 0.62, 0.47, 0.39

[root@uem-gw]# last | sort -k 3 | morewtmp begins Mon Oct 1 09:39:15 2012il-adm pts/0 vps.investlinux. Mon Oct 1 09:39 still logged in

Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 25G 12G 69% /varrun 1014M 252K 1014M 1% /var/runvarlock 1014M 0 1014M 0% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 19G 29G 40% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 16G 4,3G 79% /ftp/Pessoal//192.168.0.105/Public 200G 162G 39G 81% /ftp/Public//192.168.0.105/Restrito 200G 162G 39G 81% /home/Restrito//192.168.0.100/CorporeRM 47G 20G 27G 43% /home/ponto//192.168.0.105/BKP-linux 30G 16G 15G 52% /backup-remoto

Dmesg

Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -

Logs

Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )

Dat Anti-Vírus

[root@uem-gw]# freshclamClamAV update process started at Mon Oct 1 09:42:09 2012WARNING: Your ClamAV installation is OUTDATED!WARNING: Local version: 0.97.5 Recommended version: 0.97.6DON'T PANIC! Read http://www.clamav.net/support/faqmain.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)daily.cld is up to date (version: 15420, sigs: 275602, f-level: 63, builder: guitar)bytecode.cld is up to date (version: 190, sigs: 36, f-level: 63, builder: neo)

Semana Anterior:ClamAV update process started at Mon Sep 24 13:58:26 2012 main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) daily.cld is up to date (version: 15397, sigs: 268228, f-level: 63, builder: neo) bytecode.cld is up to date (version: 190, sigs: 36, f-level: 63, builder: neo)

Top - Memória / Processos / Carga- Sem informações relevantes -

Processos- Sem informações relevantes -

Portas Tcp Udp Abertas[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6846/postgrey.pid -tcp 0 0 *:10050 *:* LISTEN 9156/zabbix_agentdtcp 0 0 192.168.0.1:5666 *:* LISTEN 7229/nrpe tcp 0 0 *:rsync *:* LISTEN 7421/rsync tcp 0 0 localhost:mysql *:* LISTEN 6726/mysqld tcp 0 0 *:webmin *:* LISTEN 9186/perl tcp 0 0 *:81 *:* LISTEN 7739/apache2 tcp 0 0 *:ftp *:* LISTEN 10433/proftpd: (acctcp 0 0 10.0.0.29:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.27:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.25:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.23:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.21:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.19:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.17:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.15:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.13:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.11:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.9:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.7:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.3:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.5:domain *:* LISTEN 6250/named tcp 0 0 10.0.0.1:domain *:* LISTEN 6250/named tcp 0 0 200.199.9.234:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.28:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.29:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.12:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.50:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.11:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.10:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.9:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.8:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.7:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.6:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.4:domain *:* LISTEN 6250/named tcp 0 0 200.243.57.3:domain *:* LISTEN 6250/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 6250/named

tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 6250/named tcp 0 0 192.168.0.2:domain *:* LISTEN 6250/named tcp 0 0 192.168.0.1:domain *:* LISTEN 6250/named tcp 0 0 localhost:domain *:* LISTEN 6250/named tcp 0 0 *:ssh *:* LISTEN 6566/sshd tcp 0 0 *:3128 *:* LISTEN 32458/(squid) tcp 0 0 *:smtp *:* LISTEN 7400/master tcp 0 0 localhost:953 *:* LISTEN 6250/named tcp 0 0 *:1723 *:* LISTEN 7408/pptpd tcp 0 0 *:smtp *:* LISTEN 7400/master tcp 0 0 localhost:953 *:* LISTEN 6250/named tcp 0 0 *:1723 *:* LISTEN 7408/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7421/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 6250/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6566/sshd tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 6250/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.

root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6846/postgrey.pid -tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 9156/zabbix_agentdtcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 7229/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7421/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6726/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 9186/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 7739/apache2 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 10433/proftpd: (acctcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.199.9.234:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.28:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.29:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.12:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 192.168.0.2:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6250/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6566/sshd tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 32458/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7400/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6250/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7408/pptpd tcp6 0 0 :::873 :::* LISTEN 7421/rsync tcp6 0 0 :::53 :::* LISTEN 6250/named tcp6 0 0 :::22 :::* LISTEN 6566/sshd tcp6 0 0 ::1:953 :::* LISTEN 6250/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.

MRTG - Tráfego*

Internet – eth1

Roteador Embratel

Link Oi – eth2

VPN Yamana – tun1

VPN Juruti

VPN Rio Capim – tun4

VPN Zâmbia – tun6

VPN Carajás – tun7

Roteador Jangada – 189.52.77.26

UeM ADM – CPU Utilization

UeM ADM – Load

UeM GW – CPU Utilization

UeM GW – Load

*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.

Ipaudit Diário

- Sem informações relevantes -

Ipaudit Semanal (Top 10)

IP Host Name Incoming(bytes)

Outgoing(bytes)

Total(bytes)

200.243.057.005 uemnotes.uem.com.br 7,830,873,525 22,787,465,628 30,618,339,153

200.243.057.002 correio.uem.com.br 17,710,066,530 1,914,075,153 19,624,141,683

200.243.057.008 - 8,443,170,702 2,074,712,306 10,517,883,008

192.168.000.001 - 1,000,285,523 7,404,427,355 8,404,712,878

200.243.057.011 - 4,438,911,785 2,447,343,355 6,886,255,140

192.168.000.103 uemnotes.uem.com.br 1,849,508,783 4,111,362,315 5,960,871,098

192.168.000.107 uemantspam.uem.com.br 1,945,185,966 610,656,338 2,555,842,304

192.168.000.172 uemmbb45.uem.com.br 1,732,639,100 510,344,510 2,242,983,610

192.168.000.161 - 1,070,284,902 39,867,372 1,110,152,274

192.168.000.011 uemmbb53.uem.com.br 842,792,808 156,638,387 999,431,195

Squid Reports Semanal – 23/09/2012 a 30/09/2012

Squid Reports – TopSites

NUM ACCESSED SITE CONNECT BYTES TIME

1 s.glbimg.com 298.46K 1.03G 62.67M

2 s2.glbimg.com 215.63K 841.63M 64.19M

3 osce80-en.url.trendmicro.com 185.86K 126.49M 72.77M

4 au.download.windowsupdate.com 81.22K 4.22G 208.51M

5 mail.yimg.com 67.48K 161.93M 4.81M

6 www.google-analytics.com 63.48K 53.58M 6.25M

7 download.windowsupdate.com 52.63K 1.08G 59.54M

8 ads.img.globo.com 46.90K 208.82M 25.27M

9 www.google.com.br 44.96K 592.95M 58.40M

10 clients1.google.com.br 42.31K 32.59M 8.51M

11 ads.globo.com 37.22K 34.08M 2.60M

12 p2.trrsf.com.br 30.82K 52.17M 2.48M

13 h.imguol.com 28.81K 76.28M 4.88M

14 pagead2.googlesyndication.com 27.53K 281.95M 32.49M

15 api.globo.com 25.52K 25.71M 2.04M

16 googleads.g.doubleclick.net 25.04K 65.58M 7.21M

17 ads.imguol.com 24.27K 11.05M 830.91K

18 www.livehelpnow.net 23.46K 30.96M 7.69M

19 imgcdn.ptvcdn.net 22.80K 33.97M 33.97M

20 oss-content.securestudies.com 22.60K 6.46M 10.21M

Squid Reports – TopUsers

Squid Reports – Tentativas de acesso a Sites Indevidos

LOCAL ACESSADO IP

www.2girlsteachsex.com 192.168.12.141www.acompanhantesgyn.com.br 192.168.13.184www.assistatvonline.com 192.168.10.230www.assistirtv.tv 192.168.16.103www.assistirtvonlinegratis.tv 192.168.10.230www.ebuddy.com 192.168.0.17www.famosas-nuas.net 192.168.8.172www.gatasemgoiania.com.br 192.168.0.67 192.168.10.203 192.168.16.109www.livrequente.com 192.168.13.150www.nudeandhairy.com 192.168.8.183www.nudevista.com 192.168.13.150www.prettyhotandsexy.com 192.168.8.145www.sexbh.com.br 192.168.16.103www.sexbiffen.dk 192.168.13.150www.sexo.com 192.168.13.155www.sexolandia.org 192.168.13.109www.sexolicious.com 192.168.10.242www.sexybuttpics.com 192.168.12.184www.socialsex.biz 192.168.12.203

Obs1: Foi acrescentada a expressão “www.livrequente” ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.

Trend Micro - InterScan Messaging Security Suite

DADOS DO SISTEMA

NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.500.1005 9.500.1005 9.500.1005Virus pattern 9.433.00 9.433.00 9.419.00Spyware/grayware pattern 1.329.00 1.329.00 1.329.00IntelliTrap pattern 0.167.00 0.167.00 0.167.00IntelliTrap exceptions 0.805.00 0.805.00 0.803.00Anti-spam engine 6.800.1017 6.800.1017 6.800.1017Spam pattern 19226.001 19226.001 19208.001URL Filtering Engine 3.500.1047 3.000.1029 3.500.1047

GRÁFICOS – PERÍODO 23/09/2012 A 29/09/2012

Scanning ConditionsTotal Message % Incoming Outgoing

Total message count 102313 100.00 97308 5005

Virus or malicious code 7 0.01 7 0

Spyware/grayware 0 0.00 0 0

Spam 14366 14.04 14327 39

Phish 38 0.04 38 0

Suspicious URLs - Web Reputation 1 0.00 1 0

DKIM enforcement 0 0.00 0 0

Attachment 0 0.00 0 0

Size 103 0.10 82 21

Content 172 0.17 159 13

Compliance 0 0.00 0 0

Others 0 0.00 0 0

Scanning exceptions 1 0.00 0 1

Spam Tagged by Cloud Pre-Filter 0 0.00 0 0

IP Profiler 15 0.01 15 0

Email reputation 55092 53.85 55092 0

Clean email 32518 31.78 27587 4931

Trend Micro Email Encryption 0 0.00 0 0

Spam by Action

Spam ActionsDetections Message % Size (MB)

Total spam message count 69473 100.00 282.096

Quarantined 14366 20.68 282.096

Deleted 0 0.00 0.000

Tagged 14365 20.68 282.093

Other 0 0.00 0.000

Rejected by Email reputation 55092 79.30 N/A

Rejected by IP Profiler 15 0.02 N/A

Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %

1comercial@uem.com.br 557 315 56.55 5.268 9.632ricardo.xavier@uem.com.br 552 314 56.88 14.197 22.713rosenilson.henriques@uem.com.br 1034 301 29.11 6.494 15.374felipe.estevao@uem.com.br 458 292 63.76 7.966 23.465clovis@uem.com.br 364 255 70.05 4.808 21.116almeida@uem.com.br 276 250 90.58 4.944 88.117diretoria@uem.com.br 600 248 41.33 3.381 8.028luciana.neves@uem.com.br 435 230 52.87 4.686 13.209claudia.santos@uem.com.br 379 229 60.42 4.474 35.02

10ricardo@uem.com.br 406 212 52.22 4.989 43.67

Virus and Malicious Code Summary

Detections Message %

Total detections 7 100.00

Messages deleted 0 0.00

Messages quarantined 7 100.00

Attachments cleaned 0 0.00

Messages with attachments deleted 6 85.71

Messages blocked by IP Profiler 0 0.00

Top 10 Virus and Malicious Code Detections1Possible_Virus 62PAK_Generic.005 13N/A 04N/A 05N/A 06N/A 07N/A 08N/A 09N/A 0

10N/A 0

Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %

1cristiano@uem.com.br 72 1 1.39 0.076 4.152cristiano.coelho@uem.com.br 114 1 0.88 0.076 0.213deni.elvis@uem.com.br 68 1 1.47 0.076 0.714rui.francis@uem.com.br 48 1 2.08 0.076 1.265mariano.queiroz@uem.com.br 21 1 4.76 0.076 3.396rafael.felipe@uem.com.br 114 1 0.88 0.252 0.417sandro.almeida@uem.com.br 9 1 11.11 0.076 3.898N/A 0 0 0.00 0.000 0.009N/A 0 0 0.00 0.000 0.00

10N/A 0 0 0.00 0.000 0.00

CACTI – Gráficos

Período de 24/09/2012 a 01/10/2012

UEMFS

UEMICA

UEMNOTES

UEMPRD

UEMRMSA

Nagios

Disponibilidade – últimos 7 dias

Host Service % Time OK% Time Warning

% Time Unknown

% Time Critical

% Time Undetermined

internet_embratel Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

internet_oi Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

link-carajas Rede_Ping99.672% (99.672%)

0.049% (0.049%)

0.000% (0.000%)

0.279% (0.279%)

0.000%

link-ebt-jangada Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

link-jangada Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

link-juruti Rede_Ping99.613% (99.613%)

0.000% (0.000%)

0.000% (0.000%)

0.387% (0.387%)

0.000%

uem1_Rede_Ping99.869% (99.869%)

0.000% (0.000%)

0.000% (0.000%)

0.131% (0.131%)

0.000%

link-riocapim Rede_Ping99.808% (99.808%)

0.000% (0.000%)

0.000% (0.000%)

0.192% (0.192%)

0.000%

uem1_Rede_Ping99.919% (99.919%)

0.000% (0.000%)

0.000% (0.000%)

0.081% (0.081%)

0.000%

link-vlopes Rede_Ping99.215% (99.215%)

0.000% (0.000%)

0.000% (0.000%)

0.785% (0.785%)

0.000%

uem1_Rede_Ping99.610% (99.610%)

0.000% (0.000%)

0.000% (0.000%)

0.390% (0.390%)

0.000%

link-yamana Rede_Ping99.441% (99.441%)

0.000% (0.000%)

0.000% (0.000%)

0.559% (0.559%)

0.000%

uem1_Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

nagios_remoto Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

router_cisco Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Telnet100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

storage-119 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

storage-120 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

switch-3com-B Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

switch-3com-C Rede_Ping85.148% (85.148%)

0.000% (0.000%)

0.000% (0.000%)

14.852% (14.852%)

0.000%

switch-3com-D Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

switch-3com-E Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

switch-3com-F Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem-adm Local_Carga100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Processos100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Users100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Http:82100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SSH100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem-gw Local_Carga100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_backup100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_bkpremoto

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_pessoal

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_public

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_home_ponto

99.901% (99.901%)

0.000% (0.000%)

0.000% (0.000%)

0.099% (0.099%)

0.000%

Local_Disk_home_restrito

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Processos100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Users100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Dns100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ftp100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Http:81100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SSH100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Squid:3128100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Local_Disk_ftp_public

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Local_Disk_home_ponto

99.901% (99.901%)

0.000% (0.000%)

0.000% (0.000%)

0.099% (0.099%)

0.000%

uemantspam-imss Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SSH100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemap-aplicacao Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembdcRede_Active Directory

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Active Directory

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembes-blackberry Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_LotusDomino100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping99.901% (99.901%)

0.099% (0.099%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemdev Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemfs-fileserver Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_NetBios100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_NetBios100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemica-metaframe Rede_Http99.908% (99.908%)

0.000% (0.000%)

0.000% (0.000%)

0.092% (0.092%)

0.000%

Rede_Metaframe99.950% (99.950%)

0.000% (0.000%)

0.000% (0.000%)

0.050% (0.050%)

0.000%

Rede_Ping99.950% (99.950%)

0.000% (0.000%)

0.000% (0.000%)

0.050% (0.050%)

0.000%

Rede_TS99.908% (99.908%)

0.000% (0.000%)

0.000% (0.000%)

0.092% (0.092%)

0.000%

uem1_Rede_Metaframe

99.950% (99.950%)

0.000% (0.000%)

0.000% (0.000%)

0.050% (0.050%)

0.000%

uem1_Rede_TS99.950% (99.950%)

0.000% (0.000%)

0.000% (0.000%)

0.050% (0.050%)

0.000%

uemmine-database Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Sql100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Sql100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemnotes-correio Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Https100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ldap100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Smtp100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Https100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Smtp100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemprd Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_SAP100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemrmsa-database Rede_Oracle99.901% (99.901%)

0.000% (0.000%)

0.000% (0.000%)

0.099% (0.099%)

0.000%

Rede_Ping99.866% (99.866%)

0.000% (0.000%)

0.000% (0.000%)

0.134% (0.134%)

0.000%

uem1_Rede_Oracle99.902% (99.902%)

0.000% (0.000%)

0.000% (0.000%)

0.098% (0.098%)

0.000%

uemvm-vmware Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

vm-isodoc Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Postgresql100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Postgresql

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

vpn-server-mk-lan Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

vpn-server-mk-wan Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uem1_Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Average99.813% (99.813%)

0.001% (0.001%)

0.000% (0.000%)

0.186% (0.186%)

0.000%

Trend Micro - Office Scan

Update Status for Networked Computers

* itens marcados com a cor amarela possuem a mesma versão da semana anterior

Top 10 Security Risk Statistics for Networked Computers

Virus/Malware Statistics:

Virus/Malware

Name Infections

TSC_GENCLEAN 1770

TSPY_ZBOT.SKA 924

TROJ_SPNR.19G412 639

TROJ_SIREFEF.EM 375

RTKT_ZACESS.SM11 341

TROJ_SIREFEF.DD 301

TROJ_SIREFEF.QA 277

PTCH_SIREFEF.L 213

TROJ_SIREFEF.SD 207

TROJ_ZEROA.SM2 206

Last reset:22/5/2012 16:11:20

Infected Computers

Name Detections Log

UEMMBB151 3285 View

UEM-WAREHOUSE 2268 View

USER-HP 969 View

UEMFS 349 View

UEM-SAFETY 318 View

HP24565236893 273 View

UEMOP509 132 View

UEMOP709 123 View

UEMOP804 100 View

UEMZMMNT10 98 View

Last reset:22/5/2012 16:11:49

Infection Source

Name Detections

HP-DISPATCH2\ADMINISTRATOR 1210

HP33671896628\EDWIN SIKAKENA 349

HP33671896628\OLIVER CHILESHE 105

HP33671896628\GILLY NYIRENDA 98

192.168.9.242\ADMINISTRADOR 70

HP33671896628\LOMBE CHOMBA 64

U-92CFD590AD0D4\MAINTENANCE 45

192.168.4.12\KEILLA REGINA 35

192.168.9.38\ADMINISTRADOR 34

UEMOP856\LUCIANO RODRIGUES 30

Spyware/Grayware Statistics:

Spyware/Grayware

Name Infections

HKTL_KEYGEN 32

CRCK_KEYGEN 29

HKTL_CRACKCF 10

HKTL_USURF 8

ADW_SCANNER 6

CRCK_PATCH 6

ADW_BHO 6

CRCK_CRACK 5

CRCK_PATCHER 5

HKTL_HIDEWIN 3

Last reset:22/5/2012 16:11:57

Infected Computers

Name Detections Log

UEMOP423 31 View

UEMOP982 21 View

UEMOP928 12 View

UEMOP932 11 View

UEMOP954 7 View

UEMMBB262 4 View

UEMOP979 2 View

PC07VP 2 View

UEMMBB245 2 View

UEMMBB205 2 View

Last reset:22/5/2012 16:12:04