[Logwatch] A little bug in logwatch.pl, v 1.111 2004/06/21 and updates to scripts/services/amavis

Ivan Pesin ipesin at n-ix.com.ua
Wed Jun 23 01:32:26 MST 2004


Hello.

I have found a little bug in
$Id: logwatch.pl,v 1.111 2004/06/21 15:00:44 kirk Exp $

here is a patch:

--- logwatch.pl    2004-06-22 00:17:13.000000000 +0300
+++ logwatch    2004-06-23 11:13:58.000000000 +0300
@@ -474,7 +474,7 @@
 
 my $TempDir;
 my $UseMkTemp = $Config{'usemktemp'};
-my $MkTemp = $Config{'MkTemp'};
+my $MkTemp = $Config{'mktemp'};
 if ($UseMkTemp and (-x $MkTemp)) {
    $TempDir = `$MkTemp -d $Config{'tmpdir'}/logwatch.XXXXXXXX 2>/dev/null`;
    chomp($TempDir);

Also, I send you a patch and the fulltext version of changes I have made
into scripts/services/amavis. The main goal of that changes is to process
messages generated, when running clamav via amavis. In that case messages
are slightly other, and vanilla version doesn't work.

Thank you for your work.

-- 
Ivan Pesin                              mailto:ipesin at n-ix.com.ua
System administrator
N-iX Newcomp Computersysteme GmbH       http://www.n-ix.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: amavis.patch
Type: text/x-patch
Size: 6971 bytes
Desc: not available
Url : http://list.kaybee.org/pipermail/logwatch/attachments/20040623/68e1f56e/amavis.bin
-------------- next part --------------
#!/usr/bin/perl -w
##########################################################################
# $Id: amavis,v 1.12 2004/06/21 14:59:05 kirk Exp $
##########################################################################

########################################################
# This was written and is maintained by:
#    Jim O'Halloran <jim at kendle.com.au>
#
# Please send all comments, suggestions, bug reports,
#    etc, to jim at kendle.com.au.
########################################################

$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
$CleanMsgs = 0;
$InfectedMsgs = 0;
$SpamMsgs = 0;
$BannedNames = 0;
$BadHeaders = 0;
$IntentionallyDrop = 0;
$DSNNotSent = 0;
$MIMEParserErrors = 0;
$TotalTime = 0;

# Parse logfile
while (defined($ThisLine = <STDIN>)) {
   $From = "";
   $Towards = "";
   $Virus = "";
   $FileName = "";
   $Timing = 0;

   $ThisLine =~ s/^\([\d-]+\) //;
   while ($ThisLine =~ s/\.\.\.$//) {
      chomp($ThisLine);
      $NextLine = <STDIN>;
      $NextLine =~ s/^\([\d-]+\) \.\.\.//;
      $ThisLine .= $NextLine;
   }
   
   if ( ($ThisLine =~ /^do_ascii/) 
        or ($ThisLine =~ /^Found av scanner/) 
        or ($ThisLine =~ /^Found myself/)
        or ($ThisLine =~ /^Module/)
        or ($ThisLine =~ /^TIMING/)
        or ($ThisLine =~ /^Checking/)
        or ($ThisLine =~ /^(ESMTP|FWD|SEND) via/)
        or ($ThisLine =~ /^spam_scan/)
        or ($ThisLine =~ /^Not-Delivered/)
        or ($ThisLine =~ /^SpamControl/)
        or ($ThisLine =~ /^Net/)
        or ($ThisLine =~ /^Perl/)
        or ($ThisLine =~ /^ESMTP/)
        or ($ThisLine =~ /^LMTP/)
        or ($ThisLine =~ /^.* code[ \t]+(NOT)? loaded/)
        or ($ThisLine =~ /^tempdir being removed/)
        or ($ThisLine =~ /^Found primary av scanner/)
        or ($ThisLine =~ /^Found \$[\S]+[\s]+at/)  
        or ($ThisLine =~ /^No \$[\S]+,[\s]+not using it/) 
        or ($ThisLine =~ /^Found secondary av scanner/)
        or ($ThisLine =~ /^Using internal av scanner code/)
        or ($ThisLine =~ /^mail_via_smtp/)
        or ($ThisLine =~ /^local delivery: /)
        or ($ThisLine =~ /^cached [a-zA-Z0-9]+ /)
        or ($ThisLine =~ /^starting.  amavisd at/)
# INP	
        or ($ThisLine =~ /^\([A-z0-9]+\) Virus [A-z0-9\.\-]+ matches pattern/ )
        or ($ThisLine =~ /^\([A-z0-9]+\) Checking: / )
        or ($ThisLine =~ /^\([A-z0-9]+\) AM.CL \/var\/spool\/amavis\/amavis\-milter\-[A-z0-9]+/ )
        or ($ThisLine =~ /^\([A-z0-9]+\) SEND via PIPE: / )
        or ($ThisLine =~ /^\([A-z0-9]+\) local delivery: / )
        or ($ThisLine =~ /^\([A-z0-9]+\) cached [0-9A-Fa-f]+ from / )
# /INP
	 ) {
       # We don't care about these
   } elsif (($ThisLine =~ /^Passed, /) or ($ThisLine =~ /^\([A-z0-9]+\) Passed, /)) {
      $CleanMsgs++;
   } elsif ( (($FileName, $From) = ( $ThisLine =~ /^BANNED name\/type \(([^\)]+)\)\, \<([^\>]*)\>/ )) or
	     (($FileName, $From) = ( $ThisLine =~ /^\([A-z0-9]+\) BANNED name\/type \(([^\)]+)\)\, \<([^\>]*)\>/ )) ) {

      $BannedNames++;

      if ($Detail >= 10) {
          $Banned{$FileName}{$From}++;
      }; # if 

   } elsif ( (($Virus, $From) = ( $ThisLine =~ /^(Virus found - quarantined|INFECTED) \(([^\)]+)\)\, [\(\<]([^\>\)]*)[\)\>]/ )) or
	     (($Virus, $From) = ( $ThisLine =~ /^\([A-z0-9]+\) (Virus found - quarantined|INFECTED) \(([^\)]+)\)\, [\(\<]([^\>\)]*)[\)\>]/ )) ) {


      $InfectedMsgs++;

      if ($Detail >= 5) {
        $Virustypes{$Virus}++;
      }; # if

      if ($Detail >= 10) {
        $Viruses{$Virus}{$From}++;
      }; # if

   } elsif ( (($Fromspam, $Towards) = ( $ThisLine =~ /^SPAM, [\(\<]([^\>\)]+)[\)\>] -\> [\(\<]([^\>\)]+)[\)\>]/ )) or
             (($Fromspam, $Towards) = ( $ThisLine =~ /^\([A-z0-9]+\) SPAM, [\(\<]([^\>\)]+)[\)\>] -\> [\(\<]([^\>\)]+)[\)\>]/ )) ) {
      $SpamMsgs++;

      if ($Detail >= 5) {
        $Spamtypes{$Towards}++;
      }; # if

      if ($Detail >= 10) {
        $Spams{$Towards}{$Fromspam}++;
      }; # if

   } elsif ( (($From, $Why) = ( $ThisLine =~ /^BAD HEADER from [\(\<]([^\>\)]+)[\)\>]: (.*) in message header/ )) or
	     (($From, $Why) = ( $ThisLine =~ /^\([A-z0-9]+\) BAD HEADER from [\(\<]([^\>\)]+)[\)\>]: (.*) in message header/ )) ) {
      $BadHeaders++;

      if ($Detail >= 10) {
        $Headers{$From}{$Why}++;
      }; # if
   } elsif (( $ThisLine =~ /^NOTICE: DSN contains VIRUS; bounce is not bouncable, mail intentionally dropped/ ) or
	    ( $ThisLine =~ /^\([A-z0-9]+\) NOTICE: DSN contains VIRUS; bounce is not bouncable, mail intentionally dropped/ ) ) {
      $IntentionallyDrop++;
      $InfectedMsgs++;
   } elsif (( $ThisLine =~ /^NOTICE: DSN contains BANNED NAME; bounce is not bouncable, mail intentionally dropped/ ) or
	    ( $ThisLine =~ /^\([A-z0-9]+\) NOTICE: DSN contains BANNED NAME; bounce is not bouncable, mail intentionally dropped/ )) {
      $IntentionallyDrop++;
      $BannedNames++;
   } elsif (( $ThisLine =~ /^NOTICE: DSN contains VIRUS & BANNED NAME; bounce is not bouncable, mail intentionally dropped/ ) or
	    ( $ThisLine =~ /^\([A-z0-9]+\) NOTICE: DSN contains VIRUS & BANNED NAME; bounce is not bouncable, mail intentionally dropped/ )) {
      $IntentionallyDrop++;
      $BannedNames++;
      $InfectedMsgs++;
   } elsif (( $ThisLine =~ /^NOTICE: DSN contains VIRUS & BAD HEADER; bounce is not bouncable, mail intentionally dropped/ ) or
	    ( $ThisLine =~ /^\([A-z0-9]+\) NOTICE: DSN contains VIRUS & BAD HEADER; bounce is not bouncable, mail intentionally dropped/ )) {
      $IntentionallyDrop++;
      $BadHeaders++;
      $InfectedMsgs++;
   } elsif (( $ThisLine =~ /^NOTICE: DSN contains VIRUS & BANNED NAME & BAD HEADER; bounce is not bouncable, mail intentionally dropped/ ) or
	    ( $ThisLine =~ /^\([A-z0-9]+\) NOTICE: DSN contains VIRUS & BANNED NAME & BAD HEADER; bounce is not bouncable, mail intentionally dropped/ )) {
      $IntentionallyDrop++;
      $BadHeaders++;
      $InfectedMsgs++;
      $BannedNames++;
   } elsif ( ( $ThisLine =~ /^NOTICE: Not sending DSN to believed-to-be-faked sender [\(\<][^\>\)]+[\)\>], mail containing VIRUS intentionally dropped/ )  or 
	     ( $ThisLine =~ /^\([A-z0-9]+\) NOTICE: Not sending DSN to believed-to-be-faked sender [\(\<][^\>\)]+[\)\>], mail containing [A-Z\&\ ]+ intentionally dropped/ ) ) {
      $DSNNotSent++;
   } elsif ( ( $ThisLine =~ /^warning - MIME::Parser error: / ) or ( $ThisLine =~ /^\([A-z0-9]+\) warning - MIME::Parser error: / ) ) {
      $MIMEParserErrors++;
   } elsif ( (($Timing) = ( $ThisLine =~ /^TIMING \[total ([0-9]+) ms\]/ )) or 
             (($Timing) = ( $ThisLine =~ /^\([A-z0-9]+\) TIMING \[total ([0-9]+) ms\]/ )) ) {
      $TotalTime = $TotalTime + $Timing;
   } else {
      # Report any unmatched entries...
      chomp($ThisLine);
      $OtherList{$ThisLine}++;        
   } # else
} # while


#######################################################
# Output report

if ($CleanMsgs > 0) {
   print "\n$CleanMsgs messages checked and passed.\n";
}; # if 

if ($InfectedMsgs > 0) {
   print "$InfectedMsgs virus infected messages were found.\n";
}; # if

if ($SpamMsgs > 0) {
   print "$SpamMsgs spam messages were found.\n";
}; # if

if ($BannedNames > 0) {
   print "$BannedNames messages rejected with banned file names.\n";
}; # if

if ($BadHeaders > 0) {
   print "$BadHeaders messages with bad headers were found.\n"; 
}; # if

if ($IntentionallyDrop > 0) {
   print "$IntentionallyDrop messages intentionally dropped (bad DSN).\n";
};

if ($DSNNotSent > 0) {
   print "$DSNNotSent DSN has been not sent due to believed-to-be-faked sender.\n";
};

if ($MIMEParserErrors > 0) {
   print "$MIMEParserErrors MIME parse error(s) detected.\n";
};

if ($TotalTime > 0) {
   if ($TotalTime > 6000) {
      printf "%d minutes used.\n", $TotalTime / 6000;
   } else {
      print "$TotalTime ms used.\n";
   }
};

if ((keys %Viruses)) {
   print "\nViruses Detected:\n";
   foreach $Virus (sort keys %Viruses) {
      if ($Detail < 10 && $Detail >= 5) {
         print "   $Virus: $Virustypes{$Virus} Times(s)\n";
      } elsif ($Detail >= 10) {
         $VirCount = 0;
         $OutString = "";
         foreach $From (sort keys %{ $Viruses{$Virus}}) {
            $VirCount += $Viruses{$Virus}{$From};
            $OutString .= "      $From  $Viruses{$Virus}{$From} Time(s)\n";
         }; # foreach
         print "   $Virus: $VirCount Times(s)  From:\n$OutString\n";
      }; # if 
   }; # foreach

}; # if

if ((keys %Spams)) {
   print "\nSpam Detected:\n";
   foreach $Towards (sort keys %Spams) {
      if ($Detail < 10 && $Detail >= 5) {
         print "   Spam to $Towards: $Spamtypes{$Towards} Times(s)\n";
      } elsif ($Detail >=10) {
         $SpamCount = 0;
         $OutString = "";
         foreach $From (sort keys %{ $Spams{$Towards}}) {
            $SpamCount += $Spams{$Towards}{$From};
            $OutString .= "      $From  $Spams{$Towards}{$From} Time(s)\n";
         }; # foreach
         print "   Spam to $Towards: $SpamCount Times(s) From:\n$OutString\n";
      }; # if
   }; # foreach

}; # if

if ((keys %Headers) && $Detail >= 10) {
   print "\nBad Headers Detected:\n";
   foreach $From (sort keys %Headers) {
      $Count = 0;
      $OutString = "";
      foreach $Why (sort keys %{ $Headers{$From}}) {
         $Count += $Headers{$From}{$Why};
         $OutString .= "      $Why  $Headers{$From}{$Why} Time(s)\n";
      }; # foreach
      print "   Bad Header from $From: $Count Times(s) Reason(s):\n$OutString\n";
   }; # foreach
}; # if

if (keys %Banned) {
  print "\nBanned File Names:\n";
   foreach $FileName (sort keys %Banned) {
      $BanCount = 0;
      $OutString = "";
      foreach $From (sort keys %{ $Banned{$FileName}}) {
         $BanCount += $Banned{$FileName}{$From};
         $OutString .= "      $From  $Banned{$FileName}{$From} Time(s)\n";
      }; # foreach
      print "   $FileName: $BanCount Times(s)  From:\n$OutString\n";
   }; # foreach
}; # if


if (keys %OtherList) {
   print "\n\n**Unmatched Entries**\n";
   foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
      print "   $line: $OtherList{$line} Time(s)\n";
   }; # foreach
}; # if

exit(0);

# vi: shiftwidth=3 tabstop=3 et

-------------- next part --------------
A non-text attachment was scrubbed...
Name: logwatch.patch
Type: text/x-patch
Size: 376 bytes
Desc: not available
Url : http://list.kaybee.org/pipermail/logwatch/attachments/20040623/68e1f56e/logwatch.bin


More information about the Logwatch mailing list