X-Git-Url: http://gitweb.michael.orlitzky.com/?p=amavis-logwatch.git;a=blobdiff_plain;f=amavis-logwatch;h=ca3e0aac0986e5a4f49cd25ec45ad9f2ec36db7d;hp=deb91463c8025db4c6f6d70648321fdaf95d5f12;hb=HEAD;hpb=a8dac25fe398e42abdb89b85b1435d52386827b4

diff --git a/amavis-logwatch b/amavis-logwatch
index deb9146..ca3e0aa 100644
--- a/amavis-logwatch
+++ b/amavis-logwatch
@@ -1,18 +1,11 @@
 #!/usr/bin/perl -T
 
 ##########################################################################
-# Amavis-logwatch: written and maintained by:
-#
-#    Mike "MrC" Cappella <mike (at) cappella (dot) us>
-#      http://logreporters.sourceforge.net/
+# Amavis-logwatch: written by Mike Cappella, and maintained by Michael
+# Orlitzky <michael@orlitzky.com>.
 #
 # Please send all comments, suggestions, bug reports regarding this
-# program/module to the email address above.  I will respond as quickly
-# as possible. [MrC]
-#
-# Questions regarding the logwatch program itself should be directed to
-# the logwatch project at:
-#   http://sourceforge.net/projects/logwatch/support
+# program/module to the email address above.
 #
 #######################################################
 ### All work since Dec 12, 2006 (logwatch CVS revision 1.28)
@@ -27,21 +20,9 @@
 ### under your own copyright or a different license this
 ### must be explicitly stated in the contribution an the
 ### Logwatch project reserves the right to not accept such
-### contributions.  If you have made significant
-### contributions to this script and want to claim
-### copyright please contact logwatch-devel@lists.sourceforge.net.
+### contributions.
 ##########################################################
 
-##########################################################################
-# The original amavis logwatch filter was written by
-# Jim O'Halloran <jim @ kendle.com.au>, and has had many contributors over
-# the years.
-#
-# CVS log removed: see Changes file for amavis-logwatch at
-#    http://logreporters.sourceforge.net/
-# or included with the standalone amavis-logwatch distribution
-##########################################################################
-
 package Logreporters;
 use 5.008;
 use strict;
@@ -49,7 +30,7 @@ use warnings;
 no warnings "uninitialized";
 use re 'taint';
 
-our $Version         = '1.51.03';
+our $Version         = '1.51.04';
 our $progname_prefix = 'amavis';
 
 # Specifies the default configuration file for use in standalone mode.
@@ -1799,6 +1780,7 @@ my %ccatmajor_to_sectkey = (
    'INFECTED'    => 'malware',
    'BANNED'      => 'bannedname',
    'UNCHECKED'   => 'unchecked',
+   'UNCHECKED-ENCRYPTED' => 'unchecked',
    'SPAM'        => 'spam',
    'SPAMMY'      => 'spammy',
    'BAD-HEADER'  => 'badheader',
@@ -1957,6 +1939,7 @@ sub create_ignore_list() {
    push @ignore_list_final, qr/^fish_out_ip_from_received: /;
    push @ignore_list_final, qr/^Waiting for the process \S+ to terminate/;
    push @ignore_list_final, qr/^Valid PID file \(younger than sys uptime/;
+   push @ignore_list_final, qr/^no \$pid_file configured, not checking it/;
    push @ignore_list_final, qr/^Sending SIG\S+ to amavisd/;
    push @ignore_list_final, qr/^Can't send SIG\S+ to process/;
    push @ignore_list_final, qr/^killing process/;
@@ -2027,11 +2010,12 @@ sub create_ignore_list() {
    push @ignore_list_final, qr/^address modified \(/;
    push @ignore_list_final, qr/^Request: AM\.PDP /;
    push @ignore_list_final, qr/^DSPAM result: /;
-   push @ignore_list_final, qr/^bind to \//;
+   push @ignore_list_final, qr/^(will )?bind to \//;
    push @ignore_list_final, qr/^ZMQ enabled: /;
 
    push @ignore_list_final, qr/^Inserting header field: X-Amavis-Hold: /;
    push @ignore_list_final, qr/^Decoding of .* failed, leaving it unpacked: /;
+   push @ignore_list_final, qr/^File::LibMagic::describe_filename failed on p\d+: /;
 
       # various forms of "Using ..."
       # more specific, interesting variants already captured: search "Using"
@@ -2045,7 +2029,16 @@ sub create_ignore_list() {
    push @ignore_list_final, qr/\bRUSAGE\b/;
    push @ignore_list_final, qr/: Sending .* to UNIX socket/;
 
-   push @ignore_list_final, qr/sd_notify \(no socket\): STATUS=Starting child process\(es\), ready for work./
+   # Lines beginning with "sd_notify:" or "sd_notify (no socket):"
+   # describe what is being sent to the systemd notification socket,
+   # if one exists.
+   push @ignore_list_final, qr/^sd_notify( \(no socket\))?:/;
+
+   # In amavisd-new-2.11.0-rc1 and later, amavis will replace any null
+   # bytes that it finds in the body of a message with a "modified
+   # UTF-8" encoded null. The number of times it does this is then
+   # logged with the following message.
+   push @ignore_list_final, qr/^smtp forwarding: SANITIZED (\d+) NULL byte\(s\)/;
 }
 
 # Notes:
@@ -2295,7 +2288,7 @@ while (<>) {
       #XXX elsif (($action, $key, $ip, $from, $to) = ( $p1 =~ /^(?:Virus found - quarantined|(?:(Passed|Blocked) )?INFECTED) \(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o ))
 
       # the first IP is the envelope sender.
-      if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
+      if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|UNCHECKED-ENCRYPTED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
          inc_unmatched('passblock');
          next;
       }
@@ -2805,6 +2798,7 @@ while (<>) {
           ($p1 =~ /^TROUBLE/) or
           ($p1 =~ /Can't (?:connect to UNIX|send to) socket/) or
           ($p1 =~ /: Empty result from /) or
+          ($p1 =~ /: Select failed: Interrupted system call/) or
           ($p1 =~ /: Error reading from socket: Connection reset by peer/) or
           ($p1 =~ /open\(.*\): Permission denied/) or
           ($p1 =~ /^_?WARN: /) or
@@ -3200,9 +3194,10 @@ while (<>) {
       $StartInfo{'Code'}{'Not found'}{$code} = $location;
 
 
-   } elsif ( $p1 =~ /^starting\.\s+(.+) at \S+ (?:amavisd-new-|Maia Mailguard )([^,]+),/) {
+   } elsif ( $p1 =~ /^starting\.(?: \(warm\))?\s+(.+) at \S+ (?:amavis-|amavisd-new-|Maia Mailguard )([^,]+),/) {
       #TD starting.  /usr/local/sbin/amavisd at mailhost.example.com amavisd-new-2.5.0 (20070423), Unicode aware, LANG="C"
       #TD starting.  /usr/sbin/amavisd-maia at vwsw02.eon.no Maia Mailguard 1.0.2, Unicode aware, LANG=en_US.UTF-8
+      #TD starting. (warm) /usr/sbin/amavisd at mx1.example.com amavis-2.12.0 (20190725), Unicode aware, LANG="C.utf8"
       next unless ($Opts{'startinfo'});
       %StartInfo = ()  if !exists $StartInfo{'Logging'};
       $StartInfo{'ampath'}    = $1;