[Logwatch-Devel] Fwd: logwatch 7.3.1 and amavs 2.4.2

Mike Tremaine mgt at stellarcore.net
Mon Oct 16 15:25:07 MST 2006


Geert Janssens wrote:
> On Monday 16 October 2006 20:18, MrC wrote:
>   
>> Hi folks,
>>
>> Just catching up from the weekend away - sorry for the delayed response.
>>
>> I personally don't care much about which protocol is used as a category
>> designator.  But this might be useful to some folks, certainly only at the
>> highest detail level.  Perhaps an Implement-As-Necessary policy is best,
>> meaning lets make it work correctly, and add further classifications as
>> desired by others.
>>
>> Here's a patch to version 1.32 that :
>>
>> 1) accepts more generalized amavis protocol names (LOCAL, AM.PDP, LOCAL
>> MYNETS, etc)
>> 2) lowercases email addresses (User at example.com and user at example.com
>> treated as the same)
>> 3) corrects captured IP address in BAD HEADERS case
>>
>> MrC
>>     
> Whow, don't talk, just do !
>
> I was thinking of making changes in the same direction, but you beat me to it. 
> I agree on the Implement-As-Necessary part and also believe your patch should 
> be sufficient.
>
> Good work MrC !
>
>   

Commited to CVS make sure I did not managle it.

Rigel:~/Projects/logwatch_cvs/logwatch/scripts/services mgt$ cvs diff 
amavis
Index: amavis
===================================================================
RCS file: /var/cvs/logwatch/scripts/services/amavis,v
retrieving revision 1.32
diff -r1.32 amavis
124c124
<    } elsif (($Action, $FromIP, $From, $Towards) = ( $ThisLine =~ 
/^(Passed |Blocked )?SPAM(?:MY)?,(?: LOCAL)?(?: \[($re_IP)\])?(?: 
\[$re_IP\])* [<(]([^>)]*)[>)] -\> [(<]([^>)]*)[)>]/o )) {
---
 >    } elsif (($Action, $FromIP, $From, $Towards) = ( $ThisLine =~ 
/^(Passed |Blocked )?SPAM(?:MY)?,[A-Z .]*(?: \[($re_IP)\])?(?: 
\[$re_IP\])* [<(]([^>)]*)[>)] -\> [(<]([^>)]*)[)>]/o )) {
137c137
<          $Spams{$Towards}{$FromIP}{$From}++;
---
 >          $Spams{"\L$Towards"}{$FromIP}{$From}++
140c140
<    } elsif (($Action, $Key, $FromIP, $From) = ( $ThisLine =~ 
/^(?:Virus found - quarantined|(Passed |Blocked )?INFECTED) 
\(([^\)]+)\),(?: LOCAL)?(?: \[($re_IP)\])?(?: \[$re_IP\])* 
[<(]([^>)]*)[>)]/o )) {
---
 >    } elsif (($Action, $Key, $FromIP, $From) = ( $ThisLine =~ 
/^(?:Virus found - quarantined|(Passed |Blocked )?INFECTED) 
\(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* 
[<(]([^>)]*)[>)]/o )) {
154c154
<    } elsif (($Action, $Item, $FromIP, $From, $Towards) = ( $ThisLine 
=~ /^(Blocked |Passed )?BANNED (?:name\/type )?\(([^\)]+)\),(?: 
LOCAL)?(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> 
[(<]([^(<]+)[(>]/o)) {
---
 >    } elsif (($Action, $Item, $FromIP, $From, $Towards) = ( $ThisLine 
=~ /^(Blocked |Passed )?BANNED (?:name\/type )?\(([^\)]+)\),[A-Z .]*(?: 
\[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o)) {
170c170
<    } elsif (($Action, $FromIP, $From, $Towards) = ( $ThisLine =~ 
/^(Blocked |Passed )?BAD-HEADER,(?: LOCAL)?(?: \[([^\]]*)\])* 
[(<]([^>)]*)[)>](?: -\> [(<]([^>)]+)[)>])[^:]*/ )) {
---
 >    } elsif (($Action, $FromIP, $From, $Towards) = ( $ThisLine =~ 
/^(Blocked |Passed )?BAD-HEADER,[A-Z .]*(?: \[($re_IP)\])?(?: 
\[$re_IP\])* [(<]([^>)]*)[)>](?: -\> [(<]([^>)]+)[)>])[^:]*/ )) {
173a174
 >       # Passed BAD-HEADER, MYNETS AM.PDP [127.0.0.1] [127.0.0.1] 
<bogus at example.com> -> <someuser at sample.net>...

-Mike


More information about the Logwatch-Devel mailing list