X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=amavis-logwatch;h=4c9b59f69aae4127c113f637d0165c093b6bc31f;hb=869fa9d8b2113f50c3a97ef9f4a1f95171702be4;hp=deb91463c8025db4c6f6d70648321fdaf95d5f12;hpb=a8dac25fe398e42abdb89b85b1435d52386827b4;p=amavis-logwatch.git diff --git a/amavis-logwatch b/amavis-logwatch index deb9146..4c9b59f 100644 --- a/amavis-logwatch +++ b/amavis-logwatch @@ -1799,6 +1799,7 @@ my %ccatmajor_to_sectkey = ( 'INFECTED' => 'malware', 'BANNED' => 'bannedname', 'UNCHECKED' => 'unchecked', + 'UNCHECKED-ENCRYPTED' => 'unchecked', 'SPAM' => 'spam', 'SPAMMY' => 'spammy', 'BAD-HEADER' => 'badheader', @@ -1957,6 +1958,7 @@ sub create_ignore_list() { push @ignore_list_final, qr/^fish_out_ip_from_received: /; push @ignore_list_final, qr/^Waiting for the process \S+ to terminate/; push @ignore_list_final, qr/^Valid PID file \(younger than sys uptime/; + push @ignore_list_final, qr/^no \$pid_file configured, not checking it/; push @ignore_list_final, qr/^Sending SIG\S+ to amavisd/; push @ignore_list_final, qr/^Can't send SIG\S+ to process/; push @ignore_list_final, qr/^killing process/; @@ -2027,11 +2029,12 @@ sub create_ignore_list() { push @ignore_list_final, qr/^address modified \(/; push @ignore_list_final, qr/^Request: AM\.PDP /; push @ignore_list_final, qr/^DSPAM result: /; - push @ignore_list_final, qr/^bind to \//; + push @ignore_list_final, qr/^(will )?bind to \//; push @ignore_list_final, qr/^ZMQ enabled: /; push @ignore_list_final, qr/^Inserting header field: X-Amavis-Hold: /; push @ignore_list_final, qr/^Decoding of .* failed, leaving it unpacked: /; + push @ignore_list_final, qr/^File::LibMagic::describe_filename failed on p\d+: /; # various forms of "Using ..." # more specific, interesting variants already captured: search "Using" @@ -2045,7 +2048,16 @@ sub create_ignore_list() { push @ignore_list_final, qr/\bRUSAGE\b/; push @ignore_list_final, qr/: Sending .* to UNIX socket/; - push @ignore_list_final, qr/sd_notify \(no socket\): STATUS=Starting child process\(es\), ready for work./ + # Lines beginning with "sd_notify:" or "sd_notify (no socket):" + # describe what is being sent to the systemd notification socket, + # if one exists. + push @ignore_list_final, qr/^sd_notify( \(no socket\))?:/; + + # In amavisd-new-2.11.0-rc1 and later, amavis will replace any null + # bytes that it finds in the body of a message with a "modified + # UTF-8" encoded null. The number of times it does this is then + # logged with the following message. + push @ignore_list_final, qr/^smtp forwarding: SANITIZED (\d+) NULL byte\(s\)/; } # Notes: @@ -2295,7 +2307,7 @@ while (<>) { #XXX elsif (($action, $key, $ip, $from, $to) = ( $p1 =~ /^(?:Virus found - quarantined|(?:(Passed|Blocked) )?INFECTED) \(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o )) # the first IP is the envelope sender. - if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) { + if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|UNCHECKED-ENCRYPTED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) { inc_unmatched('passblock'); next; } @@ -2805,6 +2817,7 @@ while (<>) { ($p1 =~ /^TROUBLE/) or ($p1 =~ /Can't (?:connect to UNIX|send to) socket/) or ($p1 =~ /: Empty result from /) or + ($p1 =~ /: Select failed: Interrupted system call/) or ($p1 =~ /: Error reading from socket: Connection reset by peer/) or ($p1 =~ /open\(.*\): Permission denied/) or ($p1 =~ /^_?WARN: /) or