Some encrypted mail can pass through the system with a log line like,
(01495-17) Passed UNCHECKED-ENCRYPTED {RelayedTaggedInbound}, ...
These were unmatched, because the "-ENCRYPTED" suffix is new. One
regular expression and a dictionary have been updated to catch those
lines and dump them into the "unchecked" bin with the rest of the
UNCHECKED lines.
'INFECTED' => 'malware',
'BANNED' => 'bannedname',
'UNCHECKED' => 'unchecked',
'INFECTED' => 'malware',
'BANNED' => 'bannedname',
'UNCHECKED' => 'unchecked',
+ 'UNCHECKED-ENCRYPTED' => 'unchecked',
'SPAM' => 'spam',
'SPAMMY' => 'spammy',
'BAD-HEADER' => 'badheader',
'SPAM' => 'spam',
'SPAMMY' => 'spammy',
'BAD-HEADER' => 'badheader',
#XXX elsif (($action, $key, $ip, $from, $to) = ( $p1 =~ /^(?:Virus found - quarantined|(?:(Passed|Blocked) )?INFECTED) \(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o ))
# the first IP is the envelope sender.
#XXX elsif (($action, $key, $ip, $from, $to) = ( $p1 =~ /^(?:Virus found - quarantined|(?:(Passed|Blocked) )?INFECTED) \(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o ))
# the first IP is the envelope sender.
- if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
+ if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|UNCHECKED-ENCRYPTED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
inc_unmatched('passblock');
next;
}
inc_unmatched('passblock');
next;
}
projects / amavis-logwatch.git / commitdiff