X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=amavis-logwatch;h=912839ec2a38ec44ff50454be125bae5511963cd;hb=822ed375520babc7c58f37af075ff65bb2cc16ad;hp=deb91463c8025db4c6f6d70648321fdaf95d5f12;hpb=a8dac25fe398e42abdb89b85b1435d52386827b4;p=amavis-logwatch.git diff --git a/amavis-logwatch b/amavis-logwatch index deb9146..912839e 100644 --- a/amavis-logwatch +++ b/amavis-logwatch @@ -1,18 +1,11 @@ #!/usr/bin/perl -T ########################################################################## -# Amavis-logwatch: written and maintained by: -# -# Mike "MrC" Cappella -# http://logreporters.sourceforge.net/ +# Amavis-logwatch: written by Mike Cappella, and maintained by Michael +# Orlitzky . # # Please send all comments, suggestions, bug reports regarding this -# program/module to the email address above. I will respond as quickly -# as possible. [MrC] -# -# Questions regarding the logwatch program itself should be directed to -# the logwatch project at: -# http://sourceforge.net/projects/logwatch/support +# program/module to the email address above. # ####################################################### ### All work since Dec 12, 2006 (logwatch CVS revision 1.28) @@ -27,21 +20,9 @@ ### under your own copyright or a different license this ### must be explicitly stated in the contribution an the ### Logwatch project reserves the right to not accept such -### contributions. If you have made significant -### contributions to this script and want to claim -### copyright please contact logwatch-devel@lists.sourceforge.net. +### contributions. ########################################################## -########################################################################## -# The original amavis logwatch filter was written by -# Jim O'Halloran , and has had many contributors over -# the years. -# -# CVS log removed: see Changes file for amavis-logwatch at -# http://logreporters.sourceforge.net/ -# or included with the standalone amavis-logwatch distribution -########################################################################## - package Logreporters; use 5.008; use strict; @@ -49,7 +30,7 @@ use warnings; no warnings "uninitialized"; use re 'taint'; -our $Version = '1.51.03'; +our $Version = '1.51.04'; our $progname_prefix = 'amavis'; # Specifies the default configuration file for use in standalone mode. @@ -1799,6 +1780,7 @@ my %ccatmajor_to_sectkey = ( 'INFECTED' => 'malware', 'BANNED' => 'bannedname', 'UNCHECKED' => 'unchecked', + 'UNCHECKED-ENCRYPTED' => 'unchecked', 'SPAM' => 'spam', 'SPAMMY' => 'spammy', 'BAD-HEADER' => 'badheader', @@ -1957,6 +1939,7 @@ sub create_ignore_list() { push @ignore_list_final, qr/^fish_out_ip_from_received: /; push @ignore_list_final, qr/^Waiting for the process \S+ to terminate/; push @ignore_list_final, qr/^Valid PID file \(younger than sys uptime/; + push @ignore_list_final, qr/^no \$pid_file configured, not checking it/; push @ignore_list_final, qr/^Sending SIG\S+ to amavisd/; push @ignore_list_final, qr/^Can't send SIG\S+ to process/; push @ignore_list_final, qr/^killing process/; @@ -2027,11 +2010,12 @@ sub create_ignore_list() { push @ignore_list_final, qr/^address modified \(/; push @ignore_list_final, qr/^Request: AM\.PDP /; push @ignore_list_final, qr/^DSPAM result: /; - push @ignore_list_final, qr/^bind to \//; + push @ignore_list_final, qr/^(will )?bind to \//; push @ignore_list_final, qr/^ZMQ enabled: /; push @ignore_list_final, qr/^Inserting header field: X-Amavis-Hold: /; push @ignore_list_final, qr/^Decoding of .* failed, leaving it unpacked: /; + push @ignore_list_final, qr/^File::LibMagic::describe_filename failed on p\d+: /; # various forms of "Using ..." # more specific, interesting variants already captured: search "Using" @@ -2045,7 +2029,16 @@ sub create_ignore_list() { push @ignore_list_final, qr/\bRUSAGE\b/; push @ignore_list_final, qr/: Sending .* to UNIX socket/; - push @ignore_list_final, qr/sd_notify \(no socket\): STATUS=Starting child process\(es\), ready for work./ + # Lines beginning with "sd_notify:" or "sd_notify (no socket):" + # describe what is being sent to the systemd notification socket, + # if one exists. + push @ignore_list_final, qr/^sd_notify( \(no socket\))?:/; + + # In amavisd-new-2.11.0-rc1 and later, amavis will replace any null + # bytes that it finds in the body of a message with a "modified + # UTF-8" encoded null. The number of times it does this is then + # logged with the following message. + push @ignore_list_final, qr/^smtp forwarding: SANITIZED (\d+) NULL byte\(s\)/; } # Notes: @@ -2295,7 +2288,7 @@ while (<>) { #XXX elsif (($action, $key, $ip, $from, $to) = ( $p1 =~ /^(?:Virus found - quarantined|(?:(Passed|Blocked) )?INFECTED) \(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o )) # the first IP is the envelope sender. - if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) { + if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|UNCHECKED-ENCRYPTED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) { inc_unmatched('passblock'); next; } @@ -2805,6 +2798,7 @@ while (<>) { ($p1 =~ /^TROUBLE/) or ($p1 =~ /Can't (?:connect to UNIX|send to) socket/) or ($p1 =~ /: Empty result from /) or + ($p1 =~ /: Select failed: Interrupted system call/) or ($p1 =~ /: Error reading from socket: Connection reset by peer/) or ($p1 =~ /open\(.*\): Permission denied/) or ($p1 =~ /^_?WARN: /) or