Your message dated Fri, 03 Sep 2010 08:48:27 +0000 with message-id <e1orrwh-0005go...@franck.debian.org> and subject line Bug#594605: fixed in logcheck 1.3.13 has caused the Debian Bug report #594605, regarding logcheck-database: some enhancements to amavisd-new rules for IPv6 support and some other allowed values in the log to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 594605: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594605 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: logcheck-database Version: 1.3.12 Severity: normal Hi, I had to create some customized rules for amavisd-new, so that the logcheck mail is not full of uninteresting log lines. I added the following changes to the rules: * IPv6 support for IP addresses * allows PASSED SPAM in log (if amavisd-new is configured to forward spam to the user without discarding/bouncing it) * optional minus sign (same as #592786, but they probably should be optional) * optional quarantine in log line (if amavisd-new is configured to not quarantine a mail with a virus or a bad header) * optional Message-ID (sometimes this header is missing) Here are the changed rules: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (CLEAN|SPAM),( LOCAL)?( \[(IPv6:)?[[[:xdigit:].:]{3,39}\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*,( Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,)?( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: ((-)?[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (INFECTED \([-._[:alnum:]]+\)|BAD-HEADER),( \[(IPv6:)?[[[:xdigit:].:]{3,39}\]){1,2} <[^>]*> -> <[^>]*>,( quarantine: (virus|badh)-[-+[:alnum:]]+,)? Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: ((-)?[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ I hope, that these changes are helpful and will be incorporated into the current rules. Here are some examples, that are filtered by the changed rules: IPv6 example: Aug 23 12:21:02 mail amavis[17286]: (17286-10) Passed CLEAN, [IPv6:2001:41b8:202:deb:213:21ff:fe20:1426] [89.163.160.227] <bounce-debian-security-announce=christian+lists.debian.security-announce=draugr...@lists.debian.org> -> <christ...@draugr.de>, Message-ID: <20100823101246.ga6...@sd6-casa.iuculano.it>, Resent-Message-ID: <mguz-15aqq.a.tg.1mk...@liszt>, mail_id: 0Wrgflf-fVBG, Hits: -2.208, size: 11783, queued_as: 680E120E186, 56 ms Example without "quarantine": Aug 25 17:43:11 mail amavis[18950]: (18950-05) Passed BAD-HEADER, [91.189.94.204] [96.21.216.144] <ubuntu-security-announce-boun...@lists.ubuntu.com> -> <christ...@draugr.de>, Message-ID: <1282750872.2662.8.ca...@mdlinux>, mail_id: vgu7UmtJb569, Hits: -2.57, size: 9384, queued_as: A30F120E149, 664 ms Example without Message-ID: Aug 27 01:20:45 mail amavis[7739]: (07739-16) Passed CLEAN, LOCAL [88.198.60.116] [88.198.60.116] <r...@jabberd.draugr.de> -> <christ...@draugr.de>, mail_id: 4NHaobkpxB96, Hits: 0.295, size: 559, queued_as: 15A1220E146, 260 ms Best regards, Christian Dröge
--- End Message ---
--- Begin Message ---Source: logcheck Source-Version: 1.3.13 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.13_all.deb to main/l/logcheck/logcheck-database_1.3.13_all.deb logcheck_1.3.13.dsc to main/l/logcheck/logcheck_1.3.13.dsc logcheck_1.3.13.tar.gz to main/l/logcheck/logcheck_1.3.13.tar.gz logcheck_1.3.13_all.deb to main/l/logcheck/logcheck_1.3.13_all.deb logtail_1.3.13_all.deb to main/l/logcheck/logtail_1.3.13_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 594...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 03 Sep 2010 09:59:52 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.13 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read (deprecated) Closes: 593482 594605 Changes: logcheck (1.3.13) unstable; urgency=low . * ignore.d.server/pure-ftpd: - fixed user name pattern in logout message, thanks to Simon Breuss (LP: #619119) * violations.ignore.d/logcheck-sudo: - match COMMAND=list and TTY=console, thanks to Michel Messerschmidt for the patch (closes: #593482) * ignore.d.server/amavisd-new: - applied changes by Christian Dröge (closes: #594605): - IPv6 support for IP addresses - allow PASSED SPAM in log - optional minus sign after "Hits:" - optional quarantine in log line - optional Message-ID Checksums-Sha1: 15cb07891caa982e9bd43d39839ddf1cb9c99442 1296 logcheck_1.3.13.dsc 9cde00b5ecf296c65ccc3cd260989daf256d960b 162167 logcheck_1.3.13.tar.gz e9c59fe6f0431374cd2ef7bebe3da566c7e1f10d 77292 logcheck_1.3.13_all.deb 717bbb3cf0ce42ec3ee6425dee3ede6c86fd820e 119274 logcheck-database_1.3.13_all.deb e1ea36de77bd78eb29dba913a97c2ba2072acc62 59490 logtail_1.3.13_all.deb Checksums-Sha256: 6276cb5f2943729f4c2275e4f6d4070fad9741431861f6a666ea1ff98528396c 1296 logcheck_1.3.13.dsc 199e062eb98292eb5345b916689ec734d97b6c6c42d472a5cd4fb99dd5197f6b 162167 logcheck_1.3.13.tar.gz bb4450eedc28542c4eb3e398e483b241363f6908d04fbde7884de5e753babd78 77292 logcheck_1.3.13_all.deb 54e05551ccae85f7ae0c5aa88cdd2e78a7214511f7ed201cb3f338a1cb05c2ed 119274 logcheck-database_1.3.13_all.deb d5fbcce017346c2439e9b7c091468b37ab413db95015ad9df6a071d086d6fb56 59490 logtail_1.3.13_all.deb Files: eae2aa54206c7e00ccbcdd6791313704 1296 admin optional logcheck_1.3.13.dsc e2ff14f522bf2e30d5947c85fed44973 162167 admin optional logcheck_1.3.13.tar.gz 40dfb3bfc9a0783d1f39be660c485ea4 77292 admin optional logcheck_1.3.13_all.deb ebed4d4d5c444a4323a670d8f523b5c9 119274 admin optional logcheck-database_1.3.13_all.deb 0b70c4974f161f43f583a0a522635526 59490 admin optional logtail_1.3.13_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkyAsT4ACgkQiz0NKp2eEfWexQCgjOGy8tdUMswbjFdPhgGu+tQG iZQAoKDP5bgSZhgX9w0VKtLWb+x5YK4g =2Lsj -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
