Goran, this is pretty much what I did to get to
re-queuing:
gawk "$0 ~ /Final\t828931/ {print
substr($3,2,16)}" gxamq2kt.log.20060207* >msgids.txt
The
file msgids.txt will now contain just the GUID part of the D[guid].SMD from
column 3 in the tab delimited Message Sniffer log files.
I then used a
batch file I had previously created called qm.cmd (for queue and move).
Note that the folders I specify are for Declude 1.x, which has an overflow
folder. I use the overflow folder so that Declude will re-analyze the
message:
Rem this is the qm.cmd file
listing
move d:\imail\spool\spam\d%1.smd u:\imail\spool\ >nul
move
d:\imail\spool\spam\q%1.smd u:\imail\spool\overflow\ >nul
I
then issued from the command line:
for /F %i in (msgids.txt) do @qm.cmd
%i
That takes of re-queuing all the held messages. I am using a
move instead of a copy because I want Declude to be able to move a message it
deems spam to the spam folder. If I used a copy, it would fail to do the
move because the file is already in the spam folder, and Declude would then pass
control back to Imail, which would then deliver the spam inbound.
After
my queue went back to normal, I then set to work on my dec0207.log file to
determine if the entirety of the message was spam or ham based on whether it was
held or not (which is the simple scenario I have).
I hope that
helps,
Andrew 8)
p.s. Another re-posting in HTML so as to preserve the line breaks. Sorry for the duplication, folks.
> -----Original
Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf
Of Goran Jovanovic
> Sent: Tuesday, February 07, 2006 5:39 PM
> To:
sniffer@SortMonster.com
> Subject: RE: Re[4]: [sniffer] Bad Rule -
828931
>
> I just ran the grep command on my log and I got 850
hits.
>
> Now is there a way to take the output of the grep command
and
> use it pull out the total weight of corresponding message
>
from the declude log file, or maybe the subject?
>
> Goran
Jovanovic
> Omega Network Solutions
>
>
>
>
> -----Original Message-----
> > From:
[EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
>
> On Behalf Of David Sullivan
> > Sent: Tuesday, February 07, 2006
7:47 PM
> > To: Landry, William (MED US)
> > Subject: Re[4]:
[sniffer] Bad Rule - 828931
> >
> > Hello William,
>
>
> > Tuesday, February 7, 2006, 7:39:05 PM, you wrote:
>
>
> > LWMU> grep -c "Final.*828931"
c:\imail\declude\sniffer\logfile.log
> >
> > That's what I
tried. Just figured out I forgot to
> capitalize the "F".
> > It
works.
> >
> > Confirmed - 22,055
> >
> >
I'm writing a program now to parse the sniffer log file,
> extract
the
> > file ID, lookup the id in sql server, determine
quarantine
> location,
> > extract q/d pair from quarantine and
send to user.
> >
> > --
> > Best regards,
>
>
David
mailto:[EMAIL PROTECTED]
> >
>
>
> >
> > This E-Mail came from the Message Sniffer mailing
list. For
> information
> > and (un)subscription instructions go
to
> > http://www.sortmonster.com/MessageSniffer/Help/Help.html
>
>
> This E-Mail came from the Message Sniffer mailing
list. For
> information and (un)subscription instructions go to
>
http://www.sortmonster.com/MessageSniffer/Help/Help.html
>
