[ also posted in logwatch users ]
Hello Amavis/Logwatch users,
I've updated the 7.x amavis logwatch filter and would like
to obtain any
feedback before I submit it to replace the current version.
Relevant Changes:
- Transition amavis formatting to that used by new postfix
filter
- Detailed summary lines are sorted first by count, then by
IP
and lexically
- Added ability to control max print depth on a per section
basis
- Added bytes scanned summary
- Ignore additional log lines:
"Waiting for the process [NNN] to terminate"
"do_notify_and_quarantine"
"Valid PID file (younger than sys uptime
..."
"Sending SIGxxx to amavisd"
"Daemon [NNN] terminated by SIG..."
- Capture and report on missed or ignored log lines
additional "SA TIMED OUT" messages
A/V timeouts
encrypted archive members
"logging initialized, log level N, syslog:
amavis.mail"
- Spam discarded (not quarantined) percentage is now shown
as
percentage of Total scanned instead of Spam blocked
The new amavis logwatch filter (and postfix filter too) can
be downloaded
from:
http://www.mikec
appella.com/logwatch
Download and expand the amavis.tgz file, and see the
enclosed README file
for installation instructions and customization
instructions. The filter
has been tested with logwatch 7.3.x but probably works with
older versions
too. I have not determined the oldest version of logwatch
that will work
with this filter.
Feedback is welcome and encouraged. If you have log lines
that are not
captured or processed correctly, please send me a copy of
the line in some
form of archive so that whitespace is not altered, and I'll
update the
script. Either alter private information, or leave it as
is, and rest
assured your data will remain confidential.
MrC
-----
Sample Output at detail 10:
--------------------- amavis Begin ------------------------
****** Summary
*******************************************************
546.370M Bytes scanned
572,910,582
========
================================================
19403 Clean passed
90.17%
42 Bad header passed
0.20%
194 Malware blocked
0.90%
1229 Spam blocked
5.71%
2 Banned file name blocked
0.01%
648 Spam discarded (not quarantined)
3.01%
--------
------------------------------------------------
21518 Total Messages Scanned
100.00%
========
================================================
68 Bad header (debug supplemental)
17 Released from quarantine
1 Archive contains zero length member
1 Archive contains encrypted member
2 SpamAssassin timeout
2 DCC error
3 MIME error
124 Extra code modules loaded at runtime
****** Detailed
******************************************************
42 Bad header passed
--------------------------------------
16 lists example.com
16 192.168.0.1
9
goofy-announce-return-2122-lists=example.comsample.net
7
goofy-announce-return-9823-lists=example.comsample.net
... [ cut ] ...
66 Malware blocked
----------------------------------------
13
Html.Phishing.Bank.Gen1542.Sanesecurity.06112912
12 192.168.0.1
12 servicesample.net
... [ cut ] ...
2 Banned file name blocked
-------------------------------
1 usersample.net
1 text/plain,.asc | .exe,.exe-ms,0001.txt
1 10.0.0.1
1 noreplyexample.com
... [ cut ] ...
17 Released from quarantine
-------------------------------
3 userexample.com
1 sample-13sample.net (0eT4ANsAXmjl)
1 sample-28sample.net (A8waJ0oO+2Yi)
1 sample-99sample.net (77ExeRihHiRp)
... [ cut ] ...
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys -
and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|