[ also posted in logwatch users ]
Hello Amavis/Logwatch users,
I've updated the 7.x amavis logwatch filter and would like to obtain any
feedback before I submit it to replace the current version.
Relevant Changes:
- Transition amavis formatting to that used by new postfix filter
- Detailed summary lines are sorted first by count, then by IP
and lexically
- Added ability to control max print depth on a per section basis
- Added bytes scanned summary
- Ignore additional log lines:
"Waiting for the process [NNN] to terminate"
"do_notify_and_quarantine"
"Valid PID file (younger than sys uptime ..."
"Sending SIGxxx to amavisd"
"Daemon [NNN] terminated by SIG..."
- Capture and report on missed or ignored log lines
additional "SA TIMED OUT" messages
A/V timeouts
encrypted archive members
"logging initialized, log level N, syslog: amavis.mail"
- Spam discarded (not quarantined) percentage is now shown as
percentage of Total scanned instead of Spam blocked
The new amavis logwatch filter (and postfix filter too) can be downloaded
from:
http://www.mikecappella.com/logwatch
Download and expand the amavis.tgz file, and see the enclosed README file
for installation instructions and customization instructions. The filter
has been tested with logwatch 7.3.x but probably works with older versions
too. I have not determined the oldest version of logwatch that will work
with this filter.
Feedback is welcome and encouraged. If you have log lines that are not
captured or processed correctly, please send me a copy of the line in some
form of archive so that whitespace is not altered, and I'll update the
script. Either alter private information, or leave it as is, and rest
assured your data will remain confidential.
MrC
-----
Sample Output at detail 10:
--------------------- amavis Begin ------------------------
****** Summary *******************************************************
546.370M Bytes scanned 572,910,582
======== ================================================
19403 Clean passed 90.17%
42 Bad header passed 0.20%
194 Malware blocked 0.90%
1229 Spam blocked 5.71%
2 Banned file name blocked 0.01%
648 Spam discarded (not quarantined) 3.01%
-------- ------------------------------------------------
21518 Total Messages Scanned 100.00%
======== ================================================
68 Bad header (debug supplemental)
17 Released from quarantine
1 Archive contains zero length member
1 Archive contains encrypted member
2 SpamAssassin timeout
2 DCC error
3 MIME error
124 Extra code modules loaded at runtime
****** Detailed ******************************************************
42 Bad header passed --------------------------------------
16 [EMAIL PROTECTED]
16 192.168.0.1
9 [EMAIL PROTECTED]
7 [EMAIL PROTECTED]
... [ cut ] ...
66 Malware blocked ----------------------------------------
13 Html.Phishing.Bank.Gen1542.Sanesecurity.06112912
12 192.168.0.1
12 [EMAIL PROTECTED]
... [ cut ] ...
2 Banned file name blocked -------------------------------
1 [EMAIL PROTECTED]
1 text/plain,.asc | .exe,.exe-ms,0001.txt
1 10.0.0.1
1 [EMAIL PROTECTED]
... [ cut ] ...
17 Released from quarantine -------------------------------
3 [EMAIL PROTECTED]
1 [EMAIL PROTECTED] (0eT4ANsAXmjl)
1 [EMAIL PROTECTED] (A8waJ0oO+2Yi)
1 [EMAIL PROTECTED] (77ExeRihHiRp)
... [ cut ] ...
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
