no warnings "uninitialized";
use re 'taint';
-our $Version = '1.51.03';
+our $Version = '1.51.04';
our $progname_prefix = 'amavis';
# Specifies the default configuration file for use in standalone mode.
'INFECTED' => 'malware',
'BANNED' => 'bannedname',
'UNCHECKED' => 'unchecked',
+ 'UNCHECKED-ENCRYPTED' => 'unchecked',
'SPAM' => 'spam',
'SPAMMY' => 'spammy',
'BAD-HEADER' => 'badheader',
push @ignore_list_final, qr/^fish_out_ip_from_received: /;
push @ignore_list_final, qr/^Waiting for the process \S+ to terminate/;
push @ignore_list_final, qr/^Valid PID file \(younger than sys uptime/;
+ push @ignore_list_final, qr/^no \$pid_file configured, not checking it/;
push @ignore_list_final, qr/^Sending SIG\S+ to amavisd/;
push @ignore_list_final, qr/^Can't send SIG\S+ to process/;
push @ignore_list_final, qr/^killing process/;
push @ignore_list_final, qr/^address modified \(/;
push @ignore_list_final, qr/^Request: AM\.PDP /;
push @ignore_list_final, qr/^DSPAM result: /;
- push @ignore_list_final, qr/^bind to \//;
+ push @ignore_list_final, qr/^(will )?bind to \//;
push @ignore_list_final, qr/^ZMQ enabled: /;
push @ignore_list_final, qr/^Inserting header field: X-Amavis-Hold: /;
push @ignore_list_final, qr/^Decoding of .* failed, leaving it unpacked: /;
+ push @ignore_list_final, qr/^File::LibMagic::describe_filename failed on p\d+: /;
# various forms of "Using ..."
# more specific, interesting variants already captured: search "Using"
push @ignore_list_final, qr/\bRUSAGE\b/;
push @ignore_list_final, qr/: Sending .* to UNIX socket/;
- push @ignore_list_final, qr/sd_notify \(no socket\): STATUS=Starting child process\(es\), ready for work./
+ # Lines beginning with "sd_notify:" or "sd_notify (no socket):"
+ # describe what is being sent to the systemd notification socket,
+ # if one exists.
+ push @ignore_list_final, qr/^sd_notify( \(no socket\))?:/;
+
+ # In amavisd-new-2.11.0-rc1 and later, amavis will replace any null
+ # bytes that it finds in the body of a message with a "modified
+ # UTF-8" encoded null. The number of times it does this is then
+ # logged with the following message.
+ push @ignore_list_final, qr/^smtp forwarding: SANITIZED (\d+) NULL byte\(s\)/;
}
# Notes:
#XXX elsif (($action, $key, $ip, $from, $to) = ( $p1 =~ /^(?:Virus found - quarantined|(?:(Passed|Blocked) )?INFECTED) \(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o ))
# the first IP is the envelope sender.
- if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
+ if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|UNCHECKED-ENCRYPTED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
inc_unmatched('passblock');
next;
}
($p1 =~ /^TROUBLE/) or
($p1 =~ /Can't (?:connect to UNIX|send to) socket/) or
($p1 =~ /: Empty result from /) or
+ ($p1 =~ /: Select failed: Interrupted system call/) or
($p1 =~ /: Error reading from socket: Connection reset by peer/) or
($p1 =~ /open\(.*\): Permission denied/) or
($p1 =~ /^_?WARN: /) or
projects / amavis-logwatch.git / blobdiff