Re: [AMaViS-user] amavis-stats-0.1.19 (manual log processing)

2005-12-17 Thread Dale Walsh 
Not at this time, you can run the daemon from the command line, and  
quit it after it has run (it runs at 0...5..10..15..55 of the  
hour so you may have to wait for it to execute).


It doesn't use much memory so leaving the daemon running shouldn't be  
a problem.


I'm considering some tools to do maintenance and what not but  
probably wont have anything concrete until I've completed the  
conversion to C.


The php script conversion to C is almost complete and aside from  
that, converting the daemon perl script to C is a first for me so if  
anyone has experience in area I'd appreciate the assistance.


If I could get the per script converted to source I could then go  
about removing the module dependancies.


My understanding of the conversion is that the modules must be  
separated to individual '.pm' files before conversion.


so this:
mustangrestomods:/temp2/amavis-stats-0.1.20 root# cat $(which amavis- 
stats) | grep ^package

package AmavisStats::Boot;
package AmavisStats::Conf;
package AmavisStats::Daemonize;
package AmavisStats::Lock;
package AmavisStats::Log;
package AmavisStats::Util;
package AmavisStats;
mustangrestomods:/temp2/amavis-stats-0.1.20 root#

would turn into:
AmavisStats.pm
AmavisStats/Boot.pm
AmavisStats/Conf.pm
AmavisStats/Daemonize.pm
AmavisStats/Lock.pm
AmavisStats/Log.pm
AmavisStats/Util.pm

before the actual conversion which should be fairly easy to achieve.


-- Dale

On Dec 17, 2005, at 03:24 , Lawrence Wong wrote:


Hi,

Does anyone know if there is a commandline tool
available for amavis-stats to manually generate data
from saved log files rather than via the auto
amavis-stats daemon.

TIA!


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through  
log files

for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD  
SPLUNK!

http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Bayes database

2005-12-17 Thread Gary V 
Jim wrote:

 Heute (17.12.2005/05:03 Uhr) schrieb Gary V ([EMAIL PROTECTED]),

 Is there a tutorial for someone like me to start using mysql w/Amavis
 and SA?

 This should help you with SpamAssassin:
 http://www200.pair.com/mecham/spam/debian-spamassassin-sql.html

 and I would read the README.sql for amavisd-new:
 http://www.ijs.si/software/amavisd/README.sql.txt

 To get you started, I copied the database scheme from the README for
 the users, mailaddr, wblist and policy tables to a website that you
 can wget. On my system I add a user 'amavis' that can only read data,
 and a user 'amavisu' that can maintain the data, you should
 change the 'passwd':

 cd /usr/local/src
 wget http://www200.pair.com/mecham/spam/basic_users_v1.sql

 mysql -u root -p

 CREATE DATABASE amavisd;
 USE amavisd;  
 SOURCE basic_users_v1.sql;
 GRANT SELECT ON amavisd.* TO [EMAIL PROTECTED] IDENTIFIED BY 'passwd';

 GRANT CREATE, DROP, ALTER, SELECT, INSERT, UPDATE, DELETE ON
 amavisd.* TO [EMAIL PROTECTED] IDENTIFIED BY 'passwd';

 FLUSH PRIVILEGES;
 use amavisd;
 show tables;
 describe policy;

 In amavisd.conf, I added:
 @lookup_sql_dsn = ( ['DBI:mysql:amavisd:localhost', 'amavis', 'passwd'] );

 Also take a look at:
 http://infocenter.guardiandigital.com/archive/amavis/2004/Dec/0316.html

 I also started to make some personal notes that I can share (I don't
 really know if they are accurate however):
 ###
 The purpose of the policy_id field will be apparent when we add some data to 
 the
 policy table, but what is the 'priority' field used for? If you were to read
 README.lookups, you would see that recipient lookups in hash tables
 are performed starting with the most specific data (the full email address)
 and end with the most general data (a catchall). Here is the example of the 
 order
 of lookups performed when using a hash table:

 [EMAIL PROTECTED]
 [EMAIL PROTECTED]
 user+foo@
 user@
 sub.example.com
 .sub.example.com
 .example.com
 .com
 .

 For SQL, the structure of what is looked up is a little different, but we 
 still
 want the lookups performed in the same 'specific' to 'general' order, for 
 example:

 [EMAIL PROTECTED]
 [EMAIL PROTECTED]
 user+foo
 user
 @example.com
 @.example.com
 @.com
 @.

 The key is that the SQL SELECT statement used in the program uses the 
 priority field
 to create this order (in descending order):

From the amavisd source code:
 # The SQL select clause to fetch per-recipient policy settings
 # The %k will be replaced by a comma-separated list of query addresses
 # (e.g. full address, domain only, catchall).  Use ORDER if there
 # is a chance that multiple records will match - the first match wins
 # If field names are not unique (e.g. 'id'), the later field overwrites the
 # earlier in a hash returned by lookup, which is why we use '*,users.id'.
 $sql_select_policy =
   'SELECT *,users.id FROM users LEFT JOIN policy ON 
 users.policy_id=policy.id'.
   ' WHERE users.email IN (%k) ORDER BY users.priority DESC';

 So, given a recipient address of '[EMAIL PROTECTED]', the SQL SELECT 
 statement that
 determines the policy for a given recipient would end up looking like this:

 SELECT *,users.id FROM users LEFT JOIN policy ON users.policy_id=policy.id
  WHERE users.email IN ([EMAIL PROTECTED], [EMAIL PROTECTED],
  user4+spam, user4, @example.com, @.example.com, @.com, @.)
   ORDER BY users.priority DESC;

 ###

 This is just a start (but a usable one) for amavisd-new tables.

 Great tutorial. :) And very simply explained. Thank you, Gary

Thanks Jim.

If the example data is studied in the README it becomes apparent what
form the data needs to be in. I should also mention once you have your
data entered, and need to change something, of course you should
begin studying SQL, but to cheat:

UPDATE users SET policy_id=6 WHERE email='[EMAIL PROTECTED]';

Here we change the policy for [EMAIL PROTECTED]

In addition to studying:
http://www.ijs.si/software/amavisd/README.lookups.txt

this link may be useful:
http://marc.theaimsgroup.com/?l=amavis-userm=113320135827485w=2


I have not started to play with the wblist, but along with README.sql
I think these links could help with understanding wblist.
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#wblist
http://marc.theaimsgroup.com/?l=amavis-userm=113173915721641w=2


Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3

RE: [AMaViS-user] Logwatch script

2005-12-17 Thread amavis 
 I'm using amavisd-new 2.3.2 on a CentOS-4 box (with postfix, 
 SA and ClamAV). Trying to get summaries of amavis logs with 
 Logwatch. The logwatch version is 5.2.2. Both amavisd and 
 logwatch are the original Redhat rpms.
 
 In the logwatch report clean messages are correctly reported, 
 but all other messages get chucked under **Unmatched 
 Entries**.  In other works none of the spam, virus, or banned 
 log entries are recognized by the logwatch script. (I saw 
 this issue discussed about a year ago on the list, but no resolution)
 
 Does anyone have an updated script for logwatch that matches 
 the format of the amavid log files.?
 


Yes, but this requires you to update logwatch.  This version is you have is
very dated, and much of logwatch has changed significantly, so the amavisd
filter script will not work with your 5.2.2 version.

Update from http://www2.logwatch.org:8080/tabs/download/ and grab the 7.1
RPM.

-Mike




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Feature request: milter interface

2005-12-17 Thread Attila Nagy 

Hello,

I would like to ask your opinion about the following...

Many commercial virus and spam filtering solution has a milter interface 
and it is obviously much more efficient than the good old command line 
scanning, or the smtp in, smtp out method.


It would be a clear win (at least this is what I think) for the virus 
scanners and an even more interesting stuff for doing spam filtering.


ps: there is a perl interface to milter:
http://search.cpan.org/~mglee/Net-Milter-0.08/Milter.pm

Thanks,

--
Attila Nagy   e-mail: [EMAIL PROTECTED]
Free Software Network (FSN.HU) phone: +3630 306 6758
ISOs: http://www.fsn.hu/?f=download


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Bayes database

2005-12-17 Thread Gary V 
Jim wrote:

 Heute (17.12.2005/16:57 Uhr) schrieb Gary V ([EMAIL PROTECTED]),

 In addition to studying:
 http://www.ijs.si/software/amavisd/README.lookups.txt

 this link may be useful:
 http://marc.theaimsgroup.com/?l=amavis-userm=113320135827485w=2


 I have not started to play with the wblist, but along with README.sql
 I think these links could help with understanding wblist.
 http://www.ijs.si/software/amavisd/amavisd-new-docs.html#wblist
 http://marc.theaimsgroup.com/?l=amavis-userm=113173915721641w=2


 Thanks again, but what I don`t understand at all is the part

 http://www.ijs.si/software/amavisd/amavisd-new-docs.html#score_sender

 I`ve try this (for example):

 rid sid wb
 2   1   W -5

 (see the whitespace, I`ve tried with and without)

 and gets the following errors.

 --snip
 Dec 14 07:28:37 server2 amavis[25393]: (25393-02) Passed CLEAN,
 [213.165.64.21] [213.165.64.21] [EMAIL PROTECTED] - [EMAIL PROTECTED]
.de, Message-ID: [EMAIL PROTECTED], mail_id:
 mcNbYBQdshCl, Hits: -2.7-5, 6728 ms

 Dec 14 07:28:37 server2 amavis[25393]: (25393-02) Passed CLEAN,
 [EMAIL PROTECTED] - [EMAIL PROTECTED], Hits: -2.7-5, tag=-.9,
 tag2=3.5, kill=4.5, L/Y/0/0
 
 Dec 14 07:28:37 server2 amavis[25393]: (25393-02) WARN
 save_info_final: sql execute: sts=, Insecure dependency in
 parameter 7 of DBI::st=HASH(0x94f9544)-execute method call while
 running with -T switch at (eval 39) line 127, GEN8 line 154. at
 (eval 39) line 131, GEN8 line 154.

 break = and so forth 5x

 Dec 14 07:28:45 server2 amavis[25393]: (25393-02) ERROR
 sql_storage: too many retries on storing final, info not saved

 Dec 14 07:28:45 server2 postfix/lmtp[25626]: C251BA95:
 to=[EMAIL PROTECTED], relay=127.0.0.1[127.0.0.1]:10024, delay=15,
 delays=0. 57/0.01/0.01/15, dsn=2.6.0, status=sent (250 2.6.0 Ok,
 id=25393-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
 76654 FE8)
 --snap

 How must one make that right? Or is it not really possible?
 A mistake in the instructions? Or whatever!?

So Jim, you made me get involved in wblist today. ;)

Are you talking about:

the field wblist.wb is numeric, representing score points, instead of
containing a character W or B or space;

The means your choices would be:
a positive number
a negative number
a W
a B
a space

I think you can choose only one.

BTW, I had:
$sql_select_white_black_list = undef;
in my amavisd.conf which of course made me scratch my head when trying
to get SQL wblist to function.

I don't know what to tell you about the 'Insecure dependency' (taint
problem) for save_info_final. Fix the wblist.wb and test again.

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Bayes database

2005-12-17 Thread Jim Knuth 
Heute (18.12.2005/01:10 Uhr) schrieb Gary V ([EMAIL PROTECTED]),

 Jim wrote:

 How must one make that right? Or is it not really possible?
 A mistake in the instructions? Or whatever!?

 So Jim, you made me get involved in wblist today. ;)

I`m so sorry for this. *gg*

 Are you talking about:

 the field wblist.wb is numeric, representing score points, instead of
 containing a character W or B or space;

 The means your choices would be:
 a positive number
 a negative number
 a W
 a B
 a space

 I think you can choose only one.

you mean I can only write -5 or +500 or W or B?  It`s logically
*uuh, i`m sooo stupid* ;) And then (for example -500) show by scanning
in the  header = 2-500 =  Endresult -498

 BTW, I had:
 $sql_select_white_black_list = undef;
 in my amavisd.conf which of course made me scratch my head when trying
 to get SQL wblist to function.

you mean, this a good way?

 I don't know what to tell you about the 'Insecure dependency' (taint
 problem) for save_info_final. Fix the wblist.wb and test again.

I`ll try this out.

 Gary V

-- 
Viele Grüße, Kind regards,
 Jim Knuth
 [EMAIL PROTECTED]
 ICQ #277289867 - VoIP: +49 (0) 322 212 044 67
 Key ID: 0x1F78066F
--
Zufalls-Zitat
--
Let's fetz! sprach der Frosch und sprang in den 
Ventilator.
--
Der Text hat nichts mit dem Empfänger der Mail zu tun
--
Virus free. Checked by NOD32 Version 1.1327 Build 6468  17.12.2005



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Logwatch script

2005-12-17 Thread Micha Silver 

[EMAIL PROTECTED] wrote:

I'm using amavisd-new 2.3.2 on a CentOS-4 box (with postfix, 
SA and ClamAV). Trying to get summaries of amavis logs with 
Logwatch. The logwatch version is 5.2.2. Both amavisd and 
logwatch are the original Redhat rpms.


In the logwatch report clean messages are correctly reported, 
but all other messages get chucked under **Unmatched 
Entries**.  In other works none of the spam, virus, or banned 
log entries are recognized by the logwatch script. (I saw 
this issue discussed about a year ago on the list, but no resolution)


Does anyone have an updated script for logwatch that matches 
the format of the amavid log files.?


   




Yes, but this requires you to update logwatch.  This version is you have is
very dated, and much of logwatch has changed significantly, so the amavisd
filter script will not work with your 5.2.2 version.

Update from http://www2.logwatch.org:8080/tabs/download/ and grab the 7.1
RPM.

-Mike


 


Hello Mike:
I've updated to logwatch 7.1, but still no luck. Here's a clip from the 
logwatch report:


### LogWatch 7.1 (11/12/05)  
   Processing Initiated: Sun Dec 18 08:55:44 2005

   Date Range Processed: yesterday
 ( 2005-Dec-17 )
 Period is day.
 Detail Level of Output: 0
 Type of Output: unformatted
  Logfiles for Host: www.arava.co.il
 ## 

- amavis Begin  


7 messages checked and passed.


**Unmatched Entries**
   Blocked SPAM, LOCAL [192.168.10.3] [83.84.135.63] [EMAIL PROTECTED] - [EMAIL 
PROTECTED], quarantine: spam-3gO1Eb4uansl.gz, Message-ID: [EMAIL PROTECTED], mail_id: 
3gO1Eb4uansl, Hits: 18.891, 10056 ms: 1 Time(s)
   Passed BAD-HEADER, LOCAL [192.168.10.3] [130.94.6.248] [EMAIL PROTECTED] - [EMAIL 
PROTECTED], Message-ID: [EMAIL PROTECTED], mail_id: 4F8FT0dJsCer, Hits: 3.92, 16065 ms: 
1 Time(s)
   Blocked SPAM, LOCAL [192.168.10.3] [62.195.90.36] [EMAIL PROTECTED] - [EMAIL 
PROTECTED], quarantine: spam-BYJ6n8ZuIwOK.gz, Message-ID: [EMAIL PROTECTED], mail_id: 
BYJ6n8ZuIwOK, Hits: 26.993, 16980 ms: 1 Time(s)


As you see all amavis messages (except the CLEAN ones) appear under 
**Unmatched Entries**. What else can I try?


Thanks,
Micha


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/