[Logwatch] Announce: Updated amavis logwatch filter available

MrC lists-logwatch at cappella.us
Fri Jan 19 20:14:56 MST 2007

Hello Amavis/Logwatch users,

I've updated the 7.x amavis logwatch filter and would like to obtain any
feedback before I submit it to replace the current version.

Relevant Changes:

 - Transition amavis formatting to that used by new postfix filter
 - Detailed summary lines are sorted first by count, then by IP
   and lexically
 - Added ability to control max print depth on a per section basis
 - Added bytes scanned summary
 - Ignore additional log lines:
     "Waiting for the process [NNN] to terminate"
     "Valid PID file (younger than sys uptime ..."
     "Sending SIGxxx to amavisd"
     "Daemon [NNN] terminated by SIG..."
 - Capture and report on missed or ignored log lines
     additional "SA TIMED OUT" messages
     A/V timeouts
     encrypted archive members
    "logging initialized, log level N, syslog: amavis.mail" 
 - Spam discarded (not quarantined) percentage is now shown as
   percentage of Total scanned instead of Spam blocked

The new amavis logwatch filter (and postfix filter too) can be downloaded


Download and expand the amavis.tgz file, and see the enclosed README file
for installation instructions and customization instructions.  The filter
has been tested with logwatch 7.3.x but probably works with older versions
too.  I have not determined the oldest version of logwatch that will work
with this filter.

Feedback is welcome and encouraged.  If you have log lines that are not
captured or processed correctly, please send me a copy of the line in some
form of archive so that whitespace is not altered, and I'll update the
script.  Either alter private information, or leave it as is, and rest
assured your data will remain confidential.


Sample Output at detail 10:

 --------------------- amavis Begin ------------------------ 

 ****** Summary *******************************************************
  546.370M  Bytes scanned                        572,910,582
 ========   ================================================
    19403   Clean passed                              90.17%
       42   Bad header passed                          0.20%
      194   Malware blocked                            0.90%
     1229   Spam blocked                               5.71%
        2   Banned file name blocked                   0.01%
      648   Spam discarded (not quarantined)           3.01%
 --------   ------------------------------------------------
    21518   Total Messages Scanned                   100.00%
 ========   ================================================
       68   Bad header (debug supplemental) 
       17   Released from quarantine 
        1   Archive contains zero length member 
        1   Archive contains encrypted member 
        2   SpamAssassin timeout  
        2   DCC error             
        3   MIME error            
      124   Extra code modules loaded at runtime 

 ****** Detailed ******************************************************
       42   Bad header passed --------------------------------------
       16      lists at example.com
        9            goofy-announce-return-2122-lists=example.com at sample.net
        7            goofy-announce-return-9823-lists=example.com at sample.net
... [ cut ] ...
       66   Malware blocked ----------------------------------------
       13      Html.Phishing.Bank.Gen1542.Sanesecurity.06112912
       12            service at sample.net
... [ cut ] ...
        2   Banned file name blocked -------------------------------
        1      user at sample.net
        1         text/plain,.asc | .exe,.exe-ms,0001.txt
        1               noreply at example.com
... [ cut ] ...
       17   Released from quarantine -------------------------------
        3      user at example.com
        1         sample-13 at sample.net (0eT4ANsAXmjl)
        1         sample-28 at sample.net (A8waJ0oO+2Yi)
        1         sample-99 at sample.net (77ExeRihHiRp)
... [ cut ] ...

More information about the Logwatch mailing list