Package: logcheck-database
Version: 1.2.57
Severity: normal
Tags: patch
Logcheck is now reporting lines like this:
Jul 31 10:20:59 protempore amavis[6399]: (06399-02) Passed CLEAN,
[64.147.162.140] [64.147.162.138] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,
Message-ID: <[EMAIL PROTECTED]>, mail_id: NdXYfYxZEllU, Hits: -0.853,
queued_as: 3FCCF38060A, 7910 ms
and this:
Jul 31 10:27:13 protempore amavis[6351]: (06351-03) Passed CLEAN,
[66.94.237.40] [69.105.72.133] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,
Message-ID: <[EMAIL PROTECTED]>, mail_id: 8FgJcG5eo5MY, Hits: -2.598-3,
queued_as: 0F1C638060A, 4705 ms
There are two bugs in the RE for ignore.d.server/amavisd-new, "hits"
had just a dash following it. Please note both lines, as you can see,
hits can be a single number, or, sometimes, amavisd-new will put out
two numbers (second example).
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (650, 'testing'), (600, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.13 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information excluded
--- /etc/logcheck/ignore.d.server/amavisd-new 2007-07-14 04:11:10.000000000
-0700
+++ /tmp/b 2007-07-31 11:39:48.000000000 -0700
@@ -1,5 +1,5 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){1,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \(added by[^)]+\))?,(
Resent-Message-ID: [^[:space:]]*,)? mail_id: [-+[:alnum:]]+, Hits: -,
queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed INFECTED \([-._[:alnum:]]+\),( \[[.:[:xdigit:]]+\]){2}
<[^>]*> -> <[^>]*>, quarantine: virus-[-+[:alnum:]]+, Message-ID:
[^[:space:]]*, mail_id: [-+[:alnum:]]+, Hits: -, queued_as: [[:xdigit:]]+,
[[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){1,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \(added by[^)]+\))?,(
Resent-Message-ID: [^[:space:]]*,)? mail_id: [-+[:alnum:]]+, Hits:
[.[:digit:]-]+, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed INFECTED \([-._[:alnum:]]+\),( \[[.:[:xdigit:]]+\]){2}
<[^>]*> -> <[^>]*>, quarantine: virus-[-+[:alnum:]]+, Message-ID:
[^[:space:]]*, mail_id: [-+[:alnum:]]+, Hits: [.[:digit:]-]+, queued_as:
[[:xdigit:]]+, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) NOTICE: Not sending DSN in response to bulk mail from <[^.]*>
containing [[:upper:] ]+, mail intentionally dropped$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) INFO: unfolded [[:digit:]]+ illegal all-whitespace
continuation lines$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) WARN: address modified \((sender|recipient)\): <[^>]+> ->
<[^>]+>$
