#!/usr/bin/perl -T
##########################################################################
-# Amavis-logwatch: written and maintained by:
-#
-# Mike "MrC" Cappella <mike (at) cappella (dot) us>
-# http://logreporters.sourceforge.net/
+# Amavis-logwatch: written by Mike Cappella, and maintained by Michael
+# Orlitzky <michael@orlitzky.com>.
#
# Please send all comments, suggestions, bug reports regarding this
-# program/module to the email address above. I will respond as quickly
-# as possible. [MrC]
-#
-# Questions regarding the logwatch program itself should be directed to
-# the logwatch project at:
-# http://sourceforge.net/projects/logwatch/support
+# program/module to the email address above.
#
#######################################################
### All work since Dec 12, 2006 (logwatch CVS revision 1.28)
### under your own copyright or a different license this
### must be explicitly stated in the contribution an the
### Logwatch project reserves the right to not accept such
-### contributions. If you have made significant
-### contributions to this script and want to claim
-### copyright please contact logwatch-devel@lists.sourceforge.net.
+### contributions.
##########################################################
-##########################################################################
-# The original amavis logwatch filter was written by
-# Jim O'Halloran <jim @ kendle.com.au>, and has had many contributors over
-# the years.
-#
-# CVS log removed: see Changes file for amavis-logwatch at
-# http://logreporters.sourceforge.net/
-# or included with the standalone amavis-logwatch distribution
-##########################################################################
-
package Logreporters;
use 5.008;
use strict;
no warnings "uninitialized";
use re 'taint';
-our $Version = '1.51.03';
+our $Version = '1.51.04';
our $progname_prefix = 'amavis';
# Specifies the default configuration file for use in standalone mode.
'INFECTED' => 'malware',
'BANNED' => 'bannedname',
'UNCHECKED' => 'unchecked',
+ 'UNCHECKED-ENCRYPTED' => 'unchecked',
'SPAM' => 'spam',
'SPAMMY' => 'spammy',
'BAD-HEADER' => 'badheader',
push @ignore_list_final, qr/^fish_out_ip_from_received: /;
push @ignore_list_final, qr/^Waiting for the process \S+ to terminate/;
push @ignore_list_final, qr/^Valid PID file \(younger than sys uptime/;
+ push @ignore_list_final, qr/^no \$pid_file configured, not checking it/;
push @ignore_list_final, qr/^Sending SIG\S+ to amavisd/;
push @ignore_list_final, qr/^Can't send SIG\S+ to process/;
push @ignore_list_final, qr/^killing process/;
push @ignore_list_final, qr/^address modified \(/;
push @ignore_list_final, qr/^Request: AM\.PDP /;
push @ignore_list_final, qr/^DSPAM result: /;
- push @ignore_list_final, qr/^bind to \//;
+ push @ignore_list_final, qr/^(will )?bind to \//;
push @ignore_list_final, qr/^ZMQ enabled: /;
push @ignore_list_final, qr/^Inserting header field: X-Amavis-Hold: /;
push @ignore_list_final, qr/^Decoding of .* failed, leaving it unpacked: /;
+ push @ignore_list_final, qr/^File::LibMagic::describe_filename failed on p\d+: /;
# various forms of "Using ..."
# more specific, interesting variants already captured: search "Using"
# unanchored
push @ignore_list_final, qr/\bRUSAGE\b/;
push @ignore_list_final, qr/: Sending .* to UNIX socket/;
+
+ # Lines beginning with "sd_notify:" or "sd_notify (no socket):"
+ # describe what is being sent to the systemd notification socket,
+ # if one exists.
+ push @ignore_list_final, qr/^sd_notify( \(no socket\))?:/;
+
+ # In amavisd-new-2.11.0-rc1 and later, amavis will replace any null
+ # bytes that it finds in the body of a message with a "modified
+ # UTF-8" encoded null. The number of times it does this is then
+ # logged with the following message.
+ push @ignore_list_final, qr/^smtp forwarding: SANITIZED (\d+) NULL byte\(s\)/;
}
# Notes:
or ($p1 =~ /^SpamControl/)
or ($p1 =~ /^Perl/)
or ($p1 =~ /^ESMTP/)
+ or ($p1 =~ /^UTF8SMTP/)
or ($p1 =~ /^(?:\(!+\))?(\S+ )?(?:FWD|SEND) from /) # log level 4
or ($p1 =~ /^(?:\(!+\))?(\S+ )?(?:ESMTP|FWD|SEND) via /) # log level 4
or ($p1 =~ /^tempdir being removed/)
#XXX elsif (($action, $key, $ip, $from, $to) = ( $p1 =~ /^(?:Virus found - quarantined|(?:(Passed|Blocked) )?INFECTED) \(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o ))
# the first IP is the envelope sender.
- if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
+ if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|UNCHECKED-ENCRYPTED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
inc_unmatched('passblock');
next;
}
($p1 =~ /^TROUBLE/) or
($p1 =~ /Can't (?:connect to UNIX|send to) socket/) or
($p1 =~ /: Empty result from /) or
+ ($p1 =~ /: Select failed: Interrupted system call/) or
($p1 =~ /: Error reading from socket: Connection reset by peer/) or
($p1 =~ /open\(.*\): Permission denied/) or
($p1 =~ /^_?WARN: /) or
$StartInfo{'Code'}{'Not found'}{$code} = $location;
- } elsif ( $p1 =~ /^starting\.\s+(.+) at \S+ (?:amavisd-new-|Maia Mailguard )([^,]+),/) {
+ } elsif ( $p1 =~ /^starting\.(?: \(warm\))?\s+(.+) at \S+ (?:amavis-|amavisd-new-|Maia Mailguard )([^,]+),/) {
#TD starting. /usr/local/sbin/amavisd at mailhost.example.com amavisd-new-2.5.0 (20070423), Unicode aware, LANG="C"
#TD starting. /usr/sbin/amavisd-maia at vwsw02.eon.no Maia Mailguard 1.0.2, Unicode aware, LANG=en_US.UTF-8
+ #TD starting. (warm) /usr/sbin/amavisd at mx1.example.com amavis-2.12.0 (20190725), Unicode aware, LANG="C.utf8"
next unless ($Opts{'startinfo'});
%StartInfo = () if !exists $StartInfo{'Logging'};
$StartInfo{'ampath'} = $1;