[Logwatch-Devel] Updates for amavis service script

Geert Janssens info at kobaltwit.be
Sat Jun 24 07:15:57 MST 2006


Mrc,

I have tested your replaced amavis script. I like the new output much better !

I have decided to redo some of my changes starting from your script:
- I readded the optional 'LOCAL' string in the regexps
- I spit counts in passed and blocked for clean, spam, malware, bannednames 
and badheaders, since these were the regexps that explicitely checked for 
Passed or Blocked. I have also modified the regexps to match lines that don't 
have Passed or Blocked before CLEAN, SPAM, and so on. If these lines happen, 
I consider them blocked.
- I have added some additional dummy example lines in the comments to 
illustrate the reason for some of my changes.
- The total messages scanned now takes all of passed or blocked entries into 
account instead of only clean, spam and malware. This gives more accurate 
percentages in the summary.
- Finally, I have added a few extra lines in the summary to split the numbers 
into passed and blocked.

Can you test these changes as well ?

Hopefully they will improve the script even further.

Attached you will find:
- The modified script
- The unified diff with the version of June, 21st
- Two example outputs from my environments.

Kind regards,

Geert

On Friday 23 June 2006 18:15, MrC wrote:
> > Subject: [Logwatch-Devel] Updates for amavis service script
> >
> > Hi,
> >
> > I have made some changes to the amavis service script, based
> > on my experiences with it's results in two production
> > environments. Attached, you will find a unified diff against
> > the latest CVS.
>
> Geert,
>
> Please test the replaced amavis script I posted to logwatch-devel first on
> April 17th, and again on June 21 (attached); if you see no issues, you or I
> can integrate your changes into it.  It is not yet in CVS, and has been
> reworked substantially.  Search the logwatch-devel archives for change
> notes.
>
> Thanks,
> MrC

-- 
Kobalt W.I.T.
Web & Information Technology
Brusselsesteenweg 152
1850 Grimbergen

Tel  : +32 479 339 655
Email: info at kobaltwit.be
-------------- next part --------------

##########################################################################
# $Id: amavis,v 1.25 2006/01/29 23:52:53 bjorn Exp $
##########################################################################
# $Log: amavis,v $
# Revision 1.25  2006/01/29 23:52:53  bjorn
# Print out virus names and sender, by Felix Schwarz.
#
# Revision 1.24  2005/12/07 19:15:56  bjorn
# Detect and count timeouts, by 'Who Knows'.
#
# Revision 1.23  2005/11/30 05:34:10  bjorn
# Corrected regexp with space, by Markus Lude.
#
# Revision 1.22  2005/11/22 18:34:32  bjorn
# Recognize 'Passed' bad headers, by "Who Knows".
#
# Revision 1.21  2005/10/26 05:40:43  bjorn
# Additional patches for amavisd-new, by Mike Cappella
#
##########################################################################
# This was originally written by:
#    Jim O'Halloran <jim at kendle.com.au>
#
# Please send all comments, suggestions, bug reports,
#    etc, to logwatch-devel at logwatch.org and jim at kendle.com.au.
##########################################################################

$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
my $re_IP = '(?:\d{1,3}\.){3}(?:\d{1,3})';

# Parse logfile
while (defined($ThisLine = <STDIN>)) {
   $Action = "";
   $From = "";
   $FromIP = "";
   $Towards = "";
   $Key = "";
   $Item = "";
   $Reason = "";

   $ThisLine =~ s/^\([A-z\d-]+\) //;
   while ($ThisLine =~ s/\.\.\.$//) {
      chomp($ThisLine);
      $NextLine = <STDIN>;
      $NextLine =~ s/^\([\d-]+\) \.\.\.//;
      $ThisLine .= $NextLine;
   }

   
   if ( ($ThisLine =~ /^do_ascii/) 
       # We don't care about these
        or ($ThisLine =~ /^SPAM,.*score=(?:[\d.+])+ tag=/)
        or ($ThisLine =~ /^Found av scanner/) 
        or ($ThisLine =~ /^Found myself/)
        or ($ThisLine =~ /^Module/)
        or ($ThisLine =~ /^TIMING/)
        or ($ThisLine =~ /^Checking/)
        or ($ThisLine =~ /^(ESMTP|FWD|SEND) via/)
        or ($ThisLine =~ /^spam_scan/)
        or ($ThisLine =~ /^Not-Delivered/)
        or ($ThisLine =~ /^SpamControl/)
        or ($ThisLine =~ /^SPAM-TAG/)
        or ($ThisLine =~ /SPAM\.TAG2/)
        or ($ThisLine =~ /BAD-HEADER\.TAG2/)
        or ($ThisLine =~ /^Net/)
        or ($ThisLine =~ /^Perl/)
        or ($ThisLine =~ /^ESMTP/)
        or ($ThisLine =~ /^LMTP/)
        or ($ThisLine =~ /^tempdir being removed/)
        or ($ThisLine =~ /^Found \$[\S]+[\s]+at/)  
        or ($ThisLine =~ /^No \$[\S]+,[\s]+not using it/) 
        or ($ThisLine =~ /^mail_via_smtp/)
        or ($ThisLine =~ /^local delivery: /)
        or ($ThisLine =~ /^cached [a-zA-Z0-9]+ /)
        or ($ThisLine =~ /^loaded policy bank/)
        or ($ThisLine =~ /^wbl: soft-(?:white|black)listed/)
        or ($ThisLine =~ /^p\d+ \d+(\/\d+)* Content-Type: /)
        or ($ThisLine =~ /^Requesting (a |)process rundown after [0-9]+ tasks/)
        or ($ThisLine =~ /^NOTICE: Not sending DSN, spam level [0-9.]+ exceeds DSN cutoff level/)
        or ($ThisLine =~ /^INFO: unfolded \d+ illegal all-whitespace continuation line/)
        or ($ThisLine =~ /^Cached (virus|spam) check expired/)
        or ($ThisLine =~ /^p\.path BANNED/)
        or ($ThisLine =~ /^virus_scan: /)
        or ($ThisLine =~ /^providing full original message to scanners as/)
        or ($ThisLine =~ /^WARN: MIME::Parser error: /)
        or ($ThisLine =~ /^(?:run|ask)_av /)
        or ($ThisLine =~ /^Virus [^,]+ matches [^,]+, sender addr ignored/)
        or ($ThisLine =~ /^Not calling virus scanners, no files to scan in/)
        or ($ThisLine =~ /^lookup_ip_acl /)
         #or ($ThisLine =~ /^extra modules loaded/)
         #or ($ThisLine =~ /^BAD HEADER from [(<][^>)]+[)>]: [^:]*:/ )
        ) {

   } elsif ($ThisLine =~ /^Passed( CLEAN)?, /) {
      $Counts{'CleanMsgsPassed'}++;

   } elsif ($ThisLine =~ /^Blocked( CLEAN)?, /) {
      $Counts{'CleanMsgsBlocked'}++;

   } elsif (($Action, $FromIP, $From, $Towards) = ( $ThisLine =~ /^(Passed |Blocked )?SPAM(?:MY)?,(?: LOCAL)?(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -\> [(<]([^>)]*)[)>]/o )) {
      # Blocked SPAM, [192.168.0.1] [01.0.0.2] <bogus at example.com> -> <someuser at sample.net>...
      # Blocked SPAM, LOCAL [192.168.0.1] [01.0.0.2] <bogus at example.com> -> <someuser at sample.net>...
      # XXX can null IPs occur? they shouldn't...
      # print "XXX FromIP: \"$FromIP\", From: \"$From\", Towards: \"$Towards\"\n";

      if ($Action eq "Passed ") {
         $Counts{'SpamPassed'}++;
      } else {
         $Counts{'SpamBlocked'}++;
      }
      if ($Detail >= 5) {
         $From = '<>' if ($From =~ /^$/);
         $Spams{$Towards}{$FromIP}{$From}++;
      }

   } elsif (($Action, $Key, $FromIP, $From) = ( $ThisLine =~ /^(?:Virus found - quarantined|(Passed |Blocked )?INFECTED) \(([^\)]+)\),(?: LOCAL)?(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)]/o )) {
      # Blocked INFECTED (HTML.Phishing.Pay-43), [192.168.0.1] [10.0.0.2] <bogus at example.com> -> <someuser at sample.net>...
      # Blocked INFECTED (HTML.Phishing.Pay-43), LOCAL [192.168.0.1] [10.0.0.2] <bogus at example.com> -> <someuser at sample.net>...
      # print "XXX Key: \"$Key\", FromIP: \"$FromIP\", From: \"$From\"\n";

      if ($Action eq "Passed ") {
         $Counts{'MalwarePassed'}++;
      } else {
         $Counts{'MalwareBlocked'}++;
      }
      if ($Detail >= 5) {
        $Malware{$Key}{$FromIP}{$From}++;
      }

   } elsif (($Action, $Item, $FromIP, $From, $Towards) = ( $ThisLine =~ /^(Blocked |Passed )?BANNED (?:name\/type )?\(([^\)]+)\),(?: LOCAL)?(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o)) {
      # the first IP is the envelope sender.
      # Blocked BANNED (multipart/report | message/partial,.txt), [192.168.0.1] [10.0.0.2] <> -> <someuser at sample.net>...
      # Blocked BANNED (multipart/report | message/partial,.txt), LOCAL [192.168.0.1] [10.0.0.2] <> -> <someuser at sample.net>...
      # print "XXX Item: \"$Item\", FromIP: \"$FromIP\", From: \"$From\", Towards: \"$Towards\"\n";

      if ($Action eq "Passed ") {
         $Counts{'BannedNamesPassed'}++;
      } else {
         $Counts{'BannedNamesBlocked'}++;
      }
      if ($Detail >= 5) {
         $From = '<>' if ($From =~ /^$/);
         $Banned{$Towards}{$Item}{$FromIP}{$From}++;
      }

   } elsif (($Action, $FromIP, $From, $Towards) = ( $ThisLine =~ /^(Blocked |Passed )?BAD-HEADER,(?: LOCAL)?(?: \[([^\]]*)\])* [(<]([^>)]*)[)>](?: -\> [(<]([^>)]+)[)>])[^:]*/ )) {
      # Passed BAD-HEADER, [192.168.0.1] [10.0.0.2] <bogus at example.com> -> <someuser at sample.net>...
      # Passed BAD-HEADER, LOCAL [192.168.0.1] [10.0.0.2] <bogus at example.com> -> <someuser at sample.net>...
      # Passed BAD-HEADER, [192.168.0.1] [10.0.0.2] <bogus at example.com> -> <someuser at sample.net>...
      # print "XXX Bad Header: FromIP: \"$FromIP\", From: \"$From\", Towards: \"$Towards\"\n";

      if ($Action eq "Passed ") {
         $Counts{'BadHeadersPassed'}++;
      } else {
         $Counts{'BadHeadersBlocked'}++;
      }
      $From = '<>' if ($From =~ /^$/);
      $BadHeaders{$Towards}{$FromIP}{$From}++;

   } elsif (($From, $Reason) = ( $ThisLine =~ /^BAD HEADER from (?:[(]list[)] )?[(<]([^>)]+)[)>]: ([^:]*):.*/ )) {
       # When log_level > 1, provide additional header or MIME violations

       # BAD HEADER from <bogus at example.com>: Non-encoded 8-bit data (char F1 hex) in message header 'Subject': ...
       # BAD HEADER from <bogus at example.com>: Improper use of control character (char 0D hex) in message header 'Received': ...
       # BAD HEADER from <bogus at example.com>: MIME error: error: part did not end with expected boundary
       # BAD HEADER from (list) <bogus at bounces@lists.example.com>: Non-encoded 8-bit data (char E9 hex) in message header 'From'

      $Counts{'BadHeadersSupp'}++;
      if ($Detail >= 5) {
        $BadHeadersSupp{$Reason}{$From}++;
      };

   } elsif ( $ThisLine =~ /: spam level exceeds quarantine cutoff level/ ) {
      $Counts{'NoQuarantine'}++;

   } elsif ( $ThisLine =~ /^NOTICE: Not sending DSN, spam level exceeds DSN cutoff level(?: for all recips)?, mail intentionally dropped/ ) {
      $Counts{'NoDSNSentCutoff'}++;

   } elsif ( $ThisLine =~ /^NOTICE: Not sending DSN to believed-to-be-faked sender/ ) {
      $Counts{'NoDSNSentFaked'}++;

   } elsif ( $ThisLine =~ /^NOTICE: DSN contains [^;]+; bounce is not bounc[ai]ble, mail intentionally dropped/ ) {
      $Counts{'NoDSNSentBad'}++;

   } elsif ( $ThisLine =~ /^(?:\(\!\) )?SA TIMED OUT,/ ) {
      $Counts{'SATimeout'}++;

   } elsif ( $ThisLine =~ /^missing message body; fatal error/ ) {
      $Counts{'DCCErrors'}++;

   } elsif (($ThisLine =~ /^white_black_list: whitelisted sender/ )
	 		or ( $ThisLine =~ /.* WHITELISTED/) ) {
	 		$Counts{'Whitelisted'}++;

   } elsif (($ThisLine =~ /^white_black_list: blacklisted sender/ )
	 		or ( $ThisLine =~ /.* BLACKLISTED/) ) {
	 		$Counts{'Blacklisted'}++;

   # Extra Modules loaded at runtime
   # extra modules loaded: unicore/lib/gc_sc/Digit.pl, unicore/lib/gc_sc/SpacePer.pl
   } elsif (($Item) = ( $ThisLine =~ /^extra modules loaded: (.+)$/ )) {
      foreach my $code (split /, /, $Item) {
         $ExtraModules{$code}++;
      }

   # Decoders
   } elsif (($Suffix, $Info) = ( $ThisLine =~ /^Internal decoder for (\.\S*)\s*(?:\(([^)]*)\))?$/ )) {
      $StartInfo{'Decoders'}{'Internal'}{$Suffix} = $Info;

   } elsif (($Suffix, $Attempted) = ( $ThisLine =~ /^No decoder for\s+(\.\S*)\s+tried:\s+(.*)$/ )) {
      $StartInfo{'Decoders'}{'None'}{$Suffix} = "tried: $Attempted";

   } elsif (($Suffix, $Decoder) = ( $ThisLine =~ /^Found decoder for\s+(\.\S*)\s+at\s+(.*)$/ )) {
      $StartInfo{'Decoders'}{'External'}{$Suffix} = $Decoder;

   # AV Scanners
   } elsif (($Type, $Item) = ( $ThisLine =~ /^Found (primary|secondary) av scanner (.+)$/ )) {
      $StartInfo{'AVScanner'}{"\u$Type"}{$Item}++;

   } elsif (($Type, $Item) = ( $ThisLine =~ /^Using internal av scanner code for \(([^)]+)\) (.+)$/ )) {
      $StartInfo{'AVScanner'}{"Internal \u$Type"}{$Item}++;

   # (Un)Loaded code, protocols, etc.
   } elsif (($Item, $Loaded) = ( $ThisLine =~ /^(\S+)\s+(?:proto? |base )?\s*(?:code)?\s+((?:NOT )?loaded)$/ )) {
      $StartInfo{'Code'}{$Loaded}{$Item}++;

   } elsif (($Item) = ( $ThisLine =~ /^INFO: no optional modules: (.+)$/ )) {
      foreach my $code (split / /, $Item) {
         $StartInfo{'Code'}{'NOT loaded'}{$code}++;
      }

   } elsif (($Item) = ( $ThisLine =~ /^starting\.\s+ (.+)$/ )) {
      $StartInfo{'Start'} = $Item;

   } elsif (($Item) = ( $ThisLine =~ /^Creating db in (.+)$/ )) {
      $StartInfo{'DB'} = $Item;

   } elsif (( $ThisLine =~ /^user=([^,]*), EUID: (\d+) [(](\d+)[)];\s+group=([^,]*), EGID: ([\d ]+)[(]([\d ]+)[)]/ )) {
      $StartInfo{'IDs'}{'User'} = $1;
      $StartInfo{'IDs'}{'EUID'} = $2;
      $StartInfo{'IDs'}{'UID'} = $3;
      $StartInfo{'IDs'}{'Group'} = $4;
      $StartInfo{'IDs'}{'EGID'} = $5;
      $StartInfo{'IDs'}{'GID'} = $6;

   } else {
      # Report any unmatched entries...
      chomp($ThisLine);
      $OtherList{$ThisLine}++;        
   }
}


#######################################################
# Output report


my $TotalMsgs = $Counts{'CleanMsgsPassed'} + $Counts{'CleanMsgsBlocked'} +
                $Counts{'SpamPassed'} + $Counts{'SpamBlocked'} +
                $Counts{'MalwarePassed'} + $Counts{'MalwareBlocked'} +
                $Counts{'BannedNamesPassed'} + $Counts{'BannedNamesBlocked'} +
                $Counts{'BadHeadersPassed'} + $Counts{'BadHeadersBlocked'};

#
# Counts key, print format, optional percentage divisor
#
my @Formats = (
   [ 'CleanMsgsPassed',    "%8d (%5.2f%%)   Clean passed",                   $TotalMsgs ],
   [ 'CleanMsgsBlocked',   "%8d (%5.2f%%)   Clean blocked",                  $TotalMsgs ],
   [ 'MalwarePassed',      "%8d (%5.2f%%)   Malware passed",                 $TotalMsgs ],
   [ 'MalwareBlocked',     "%8d (%5.2f%%)   Malware blocked",                $TotalMsgs ],
   [ 'SpamPassed',         "%8d (%5.2f%%)   Spam passed",                    $TotalMsgs ],
   [ 'SpamBlocked',        "%8d (%5.2f%%)   Spam blocked",                   $TotalMsgs ],
   [ 'NoQuarantine',       "%8d (%5.2f%%)   Spam discarded, not quarantined (spam score > quarantine cutoff)", $Counts{'Spam'} ],
   [ 'BannedNamesPassed',  "%8d (%5.2f%%)   Banned file names passed",       $TotalMsgs ],
   [ 'BannedNamesBlocked', "%8d (%5.2f%%)   Banned file names blocked",      $TotalMsgs ],
   [ 'BadHeadersPassed',   "%8d (%5.2f%%)   Bad headers passed",             $TotalMsgs ],
   [ 'BadHeadersBlocked',  "%8d (%5.2f%%)   Bad headers blocked",            $TotalMsgs ],
   [ 'BadHeadersSupp',     "%8d            Bad headers (debug supplemental)" ],
   [ 'NoDSNSentBad',       "%8d            DSNs not sent: bad DSN" ],
   [ 'NoDSNSentCutoff',    "%8d            DSNs not sent: spam score > DSN cutoff" ],
   [ 'NoDSNSentFaked',     "%8d            DSNs not sent: presumed bogus sender" ],
   [ 'Whitelisted',        "%8d            Whitelisted" ],
   [ 'Blacklisted',        "%8d            Blacklisted" ],
   [ 'SATimeout',          "%8d            SpamAssassin timeouts" ],
   [ 'DCCErrors',          "%8d            DCC errors" ],
);

if ($TotalMsgs > 0) {
   printf "\n%8d            Scanned\n", $TotalMsgs;
}

for $row ( @Formats ) {
   if ($Counts{@$row[0]} > 0) {
      #print "Row2 is @$row[2], Row0 is @$row[0], Counts is $Counts{@$row[0]}\n";
      if (@$row[2] > 0) {
         printf "@$row[1]\n", $Counts{@$row[0]}, $Counts{@$row[0]} * 100 / @$row[2];
      }
      else {
         printf "@$row[1]\n", $Counts{@$row[0]};
      }
   }
}

print;

sub doReport(\% $ $) {
   local $theHash = shift;
   local $title = shift;
   local $level = shift;
   local @tmpList;

   local $item;

   local $count = 0;

   @tmpList = ();

   foreach $item (sort keys %$theHash) {
      if (ref($theHash->{$item}) eq "HASH") {
         #print " " x ($level * 4), "LEVEL $level: Item: $item, type: \"", ref($theHash->{$item}), "\"\n";

         ($retval, @childList) = doReport ($theHash->{$item}, '', $level + 1);

         # me + children
         push (@tmpList, sprintf "%s %8d  $item\n", '     ' x $level, $retval);
         push (@tmpList, @childList) if ($Detail > ($level + 5));
         #print "Pushed me and Children: tmpList: <<<", "@tmpList", ">>>\n";

         $count += $retval;

         #print " " x ($level * 4), "LEVEL $level: Found $retval, running total: $count\n";
      }
      else {
         push (@tmpList, sprintf "%s %8d  $item\n", '             ' x $level, $theHash->{$item})  if ($Detail > ($level + 4));
         $count += $theHash->{$item};

         #print " " x ($level * 4), "LEVEL $level: Item: $item (n = $theHash->{$item}), Total: $count\n";
         #print " " x ($level * 4), "LEVEL $level: tmpList3 is <<<@tmpList>>>\n";
      }
   }

   #print " " x ($level * 4), "LEVEL $level: Returning from level $level\n";

   if ($level == 0 && ($count > 0)) {
      printf "\n%8d $title:\n @tmpList", $count;
   }

   return ($count, @tmpList);
}

if ($Detail >= 5) {

   doReport (%Malware,        "Malware Messages", 0);
   doReport (%Spams,          "Spam Messages", 0);
   doReport (%BadHeaders,     "Bad Headers", 0);
   doReport (%BadHeadersSupp, "Bad Headers (supplemental)", 0);
   doReport (%Banned,         "Banned File Names", 0);

   if (keys %ExtraModules) {

      print "\n\nExtra Code Modules loaded at runtime:\n";
      foreach $code (sort keys %ExtraModules) {
         printf "%8d : %s\n", $ExtraModules{$code}, $code;
      }
   }

   if (keys %StartInfo) {

      print "\n\nAmavis Startup:\n";

      print "    Amavis:   $StartInfo{'Start'}\n"                   if ($StartInfo{'Start'});
      print "    Database: $StartInfo{'DB'}\n"                      if ($StartInfo{'DB'});

      if (keys %{$StartInfo{'IDs'}}) {
         print "    Process User/Group:\n";
         print "        User:  $StartInfo{'IDs'}{'User'}, EUID: $StartInfo{'IDs'}{'EUID'}, UID: $StartInfo{'IDs'}{'UID'}\n";
         print "        Group: $StartInfo{'IDs'}{'Group'}, EGID: $StartInfo{'IDs'}{'EGID'}, GID: $StartInfo{'IDs'}{'GID'}\n";
      }

      foreach $loaded (keys %{$StartInfo{'Code'}}) {
         if ($Detail < 10) {
            local $, = ' ';
            print "    Code/Module - \u$loaded:  ", sort keys %{$StartInfo{'Code'}{$loaded}};
         }
         else {
            print "    Code/Module - \u$loaded:\n";
            foreach $code (sort keys %{$StartInfo{'Code'}{$loaded}}) {
               print "        $code\n";
            }
         }
         printf "\n";
      }

      foreach $type (keys %{$StartInfo{'AVScanner'}}) {
         # primary, secondary, internal

         if ($Detail < 10) {
            local $, = ' ';
            print "    AV Scanner - $type:  ", sort keys %{$StartInfo{'AVScanner'}{$type}};
         }
         else {
            print "    AV Scanner - $type:\n";
            foreach $scanner (keys %{$StartInfo{'AVScanner'}{$type}}) {
               print "        $scanner\n";
            }
         }
         print "\n";
      }

      foreach $type (sort keys %{$StartInfo{'Decoders'}}) {
         # external, internal, none

         if ($Detail < 10) {
            local $, = ' ';
            print "    Decoder - $type:  ", sort keys %{$StartInfo{'Decoders'}{$type}};
         }
         else {
            print "    Decoder - $type:\n";
            foreach $suffix (sort keys %{$StartInfo{'Decoders'}{$type}}) {
               printf "          %6s : %s\n", $suffix, $StartInfo{'Decoders'}{$type}{$suffix};
            }
         }
         print "\n";
      }
   }
}

if (keys %OtherList) {
   print "\n\n**Unmatched Entries**\n";
   foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
      print "   $line: $OtherList{$line} Time(s)\n";
   }
}


exit(0);

# vi: shiftwidth=3 tabstop=3 syntax=perl et
-------------- next part --------------
A non-text attachment was scrubbed...
Name: amavis.diff
Type: text/x-diff
Size: 8030 bytes
Desc: not available
Url : http://www2.list.logwatch.org:8080/pipermail/logwatch-devel/attachments/20060624/7d657aed/attachment-0001.bin 
-------------- next part --------------

 ################### LogWatch 7.1 (11/12/05) #################### 
        Processing Initiated: Sat Jun 24 16:01:20 2006
        Date Range Processed: all
      Detail Level of Output: 5
              Type of Output: unformatted
           Logfiles for Host: phv006.phvriens.com
  ################################################################## 
 
 --------------------- amavis Begin ------------------------ 

     9482            Scanned
     5178 (54.61%)   Clean passed
        2 ( 0.02%)   Clean blocked
       16 ( 0.17%)   Malware blocked
      241 ( 2.54%)   Spam passed
     3962 (41.78%)   Spam blocked
       83 ( 0.88%)   Bad headers passed
 
       16 Malware Messages:
         12  HTML.Phishing.Acc-4
          1  HTML.Phishing.Auction-122
          1  HTML.Phishing.Auction-127
          2  HTML.Phishing.Pay-16
 
     4203 Spam Messages:
          1  INFO at DIESTSESTRAAT.COM
          1  INFO at SPECIAL-TOPICS.BE
          2  Info at PHVriens.com
         83  annelies_kayenbergh at derank.be
        100  bert_hermans at derank.be
         59  cmneuug at phvriens.com
         11  directieks at derank.be
         11  directiels at derank.be
          3  gds at ABITMORE.BE
        576  gds at abitmore.be
         21  gfd at phvriens.com
          1  herman at HERMAN-ENGELS.COM
        498  herman at herman-engels.com
        423  info at abitmore.be
        188  info at derank.be
         30  info at diestsestraat.com
          5  info at echgman.com
        148  info at grietensconcept.be
        109  info at grietensinterieur.be
         66  info at herman-engels.com
         45  info at madeinflanders.com
        181  info at phvriens.com
        198  info at rigomeys.be
         99  info at special-topics.be
         65  jo.beeck at jbe-consult.be
        122  listmaster at phvriens.com
        165  mail at vlaanderenzingt.be
        110  marjolein_bollen at derank.be
          2  phv at ABITMORE.BE
        353  phv at abitmore.be
        420  phv at phvriens.com
          1  pierre.vriens at abitmore.be
          1  postmaster at ABITMORE.BE
          1  postmaster at PLACETO.BE
          1  sales at abitmore.be
          1  sales at placeto.be
          4  savanne_wouters at derank.be
         60  webmaster at abitmore-scm.com
         36  webmaster at phvriens.com
          2  webmaster at vlaanderenzingt.be
 
       83 Bad Headers:
          1  Fabiaan.Verdoodt at phvriens.com
          5  JO.BEECK at JBE-CONSULT.BE
          1  Nathan_Vranken at derank.be
          3  bert_hermans at derank.be
          1  daan_moechaars at derank.be
          3  directiels at derank.be
          4  frederik.heylen at jbe-consult.be
          2  gds at abitmore.be
          1  herman at herman-engels.com
          7  info at abitmore.be
          5  info at aldrymo.be
          8  info at derank.be
          1  info at diestsestraat.com
          1  info at echgman.com
         12  info at grietensinterieur.be
          2  info at herman-engels.com
          4  info at phvriens.com
          3  info at rigomeys.be
          7  info at special-topics.be
         10  jo.beeck at jbe-consult.be
          1  martine.curias at phvriens.com
          1  nathan_vranken at derank.be
 
 
 Amavis Startup:
     Amavis:   /usr/sbin/amavisd at phv006.phvriens.com amavisd-new-2.3.3 (20050822), Unicode aware, LANG=en_US.UTF-8
     Database: /var/amavis/db/; BerkeleyDB 0.27, libdb 4.2
     Code/Module - Loaded:   ANTI-SPAM ANTI-VIRUS Amavis::Cache Amavis::DB SMTP-in Unpackers
     Code/Module - NOT loaded:   AM.PDP Lookup::LDAP Lookup::SQL SQL SQL::Log SQL::Quarantine
     AV Scanner - Internal Primary:   ClamAV-clamd
     AV Scanner - Secondary:   ClamAV-clamscan at /usr/bin/clamscan
     Decoder - External:   .F .Z .arc .arj .bz2 .cab .cpio .deb .exe .lha .lzo .rar .rpm .tar .zoo
     Decoder - Internal:   .asc .gz .hqx .mail .tnef .uue .ync .zip
     Decoder - None:   .tnef
 
 
 **Unmatched Entries**
    INFO: no existing header field 'Subject', inserting it: 3 Time(s)
 
 ---------------------- amavis End ------------------------- 

 
 ###################### LogWatch End ######################### 

 
-------------- next part --------------

 ################### LogWatch 7.1 (11/12/05) #################### 
        Processing Initiated: Sat Jun 24 15:52:35 2006
        Date Range Processed: all
      Detail Level of Output: 5
              Type of Output: unformatted
           Logfiles for Host: aragorn
  ################################################################## 
 
 --------------------- amavis Begin ------------------------ 

     4627            Scanned
     4264 (92.15%)   Clean passed
        2 ( 0.04%)   Malware blocked
      343 ( 7.41%)   Spam blocked
       18 ( 0.39%)   Bad headers passed
        2            SpamAssassin timeouts
 
        2 Malware Messages:
          2  HTML.Phishing.Pay-33
 
      343 Spam Messages:
         62  goudsmid at smtp.vialila.lan
        281  janssege at smtp.vialila.lan
 
       18 Bad Headers:
         10  goudsmid at smtp.vialila.lan
          8  janssege at smtp.vialila.lan
 
 
 Amavis Startup:
     Amavis:   /usr/sbin/amavisd at aragorn amavisd-new-2.3.2 (20050629), Unicode aware
     Database: /var/lib/amavis/db/; BerkeleyDB 0.26, libdb 4.2
     Code/Module - Loaded:   ANTI-SPAM ANTI-VIRUS Amavis::Cache Amavis::DB SMTP-in Unpackers
     Code/Module - NOT loaded:   AM.PDP Lookup::LDAP Lookup::SQL SQL SQL::Log SQL::Quarantine
     AV Scanner - Internal Primary:   ClamAV-clamd
     AV Scanner - Secondary:   ClamAV-clamscan at /usr/bin/clamscan
     Decoder - External:   .Z .arc .bz2 .cpio .deb .exe .lha .lzo .rpm .tar
     Decoder - Internal:   .asc .gz .hqx .mail .tnef .uue .ync .zip
     Decoder - None:   .F .arj .cab .rar .tnef .zoo
 
 ---------------------- amavis End ------------------------- 

 
 ###################### LogWatch End ######################### 

 


More information about the Logwatch-Devel mailing list