Package: logcheck-database
Version: 1.3.17
(This is also present in the current git version
f005f31cd54a907adc8cb61888987d2ab3ab2480.)
The following regex on line 149 of
rulefiles/linux/ignore.d.server/postfix looks incorrect:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: numeric result [[[:xdigit:].:]{3,39}]+ in address->name lookup for
[^[:space:]]+$
Specifically the part [[[:xdigit:].:]{3,39}]+ does not seem to match
anything useful, though technically it appears to be a valid POSIX
regular expression. GNU grep -E thinks it matches e.g. the strings
[444]] and 444]]], that is it has a character class that includes [
repeated 3-39 times and then a ] character one or more times.
I don't know which log messages this rule is supposed to match. Looking
at the expressions in the surrounding lines of that rule file, perhaps
the suspicious part should match an IPv4/IPv6 address, in which case the
outermost [ and ]+ should not be there. That is, perhaps the rule should
be:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: numeric result [[:xdigit:].:]{3,39} in address->name lookup for
[^[:space:]]+$
On the other hand, codesearch.debian.net seems to find only this rule
when searching for "address->name lookup for" and only comments when
searching for "numeric result package:postfix". So maybe the log message
isn't there at all anymore?
