Reading History.db

[npoenn]

I was looking at putting something together so that I could generate my own reports based on the AV logs.

Unlike Clam, Immunet uses a SQLite database instead of a text-based log file.

It's pretty easy to open, but I was hoping someone could provide some information about a few of the fields.

The main things I was looking at are the 'type' and 'disposition' fields.

Type appears to be an ID for the event type. Would it be possible to provide me with a list of the type IDs?

[ritchie58]

Immunet's history & event logs do use .db files which are inacessable while Immunet is running for self protection/security reasons. If Immunet is disabled you would still have to use a .db file to text converter software package to view/copy the logs to a text format. As far as I know there is no freeware that can do this. There are paid software solutions that are geared toward IT/Development expert usage that can convert .db files but they tend to be a bit on the expensive side and the GUI's are not novice/average/intermediate or even advanced user friendly. I do believe newer versions of Microsoft Office can convert .db files to text though.

 

Be aware that anytime a third-party software has access to these files there is no guarantee that the .db files will remain uncorrupted. That's why they are protected!

 

Accessing "all" logged events is rather easy using the GUI as you're already aware of it seems. So you're really just a few clicks away to see what Immunet has been up to at any given time.

 

The idea of being able to Copy & Paste the logs have been brought up before in the Ideas section which I still think would be a great addition for a future build!

 

Cheers, Ritchie...

[npoenn]

The files are write-protected by Immunet, but it is possible to access the history.db in read-only mode. There is no risk of corruption as long as you connect to the database file in this way, and it can be done while Immunet is running. I have no problems accessing it, as it is a standard SQLite database. I'm a software developer so I've already written a small utility that can open and read the events without issue.

My main question here was if I could get a list (or enumeration) of the ID, Type, Flags, and Disposition fields, so that I can better read the information.

 

Here is a sample of the data I can extract: http://pastebin.com/9X0CBsHV

 

It appears that ID:24 is a completed scan, and ID:7 is a malware detection, but it would be great to actually get a proper definition of the fields.

 

Here is some c# sample code for what I am doing:

string path = @"C:\Program Files\Immunet\history.db";
	    DataTable table = new DataTable();
	    using (SQLiteConnection conn = new SQLiteConnection())
	    {
		    conn.ConnectionString = "Data Source=" + path + ";Version=3;New=False;Compress=True;Read Only=True;";
		    conn.Open();
		    using (SQLiteCommand cmd = new SQLiteCommand("SELECT * FROM History", conn))
		    {
			    using (SQLiteDataAdapter da = new SQLiteDataAdapter(cmd)) { da.Fill(table); da.Dispose(); }
		    }
		    conn.Close();
		    conn.Dispose();
	    }

[ritchie58]

Since I don't have access to the information you're seeking may I suggest you contact Support directly at this address. support@immunet.com Besides the information you're interested in also mention you started this forum Support Documentation topic in your email.

 

Best wishes, Ritchie...