On Sat, 19 Dec 2009 15:55:59 +0100 Julien Valroff <jul...@kirya.net> wrote:
> Hi Steve, > > Le samedi 19 décembre 2009 à 15:01 +0100, Stevan Bajić a écrit : > > On Sat, 19 Dec 2009 14:07:44 +0100 > > Julien Valroff <jul...@kirya.net> wrote: > > > > > Hi, > > > > > Hallo Julien, > > > > > > > Since commit 70ef9cd17c02081a10971c6f64a2770524c138e2, there is a > > new > > > virus option to tracksources. > > > > > > When enabled, it causes virus to be notified twice in the logs: > > > Dec 19 13:50:48 nix dspam[29400]: virus warning: infected message > > from 209.85.219.223 > > > Dec 19 13:50:48 nix dspam[29400]: infected message from > > 209.85.219.223 > > > > > > This is confusing for tools like mailgraph which parses the mail > > logs to > > > gather statistics (in that case, virus would be counted twice). > > > > > > I would propose to remove the "old" warning: > > > > > > diff --git a/src/dspam.c b/src/dspam.c > > > index 574aa70..74fdae0 100644 > > > --- a/src/dspam.c > > > +++ b/src/dspam.c > > > @@ -415,10 +415,6 @@ process_message ( > > > result = DSR_ISSPAM; > > > strcpy(CTX->class, LANG_CLASS_VIRUS); > > > internally_canned = 1; > > > - if (!dspam_getsource (CTX, ip, sizeof (ip))) > > > - { > > > - LOG(LOG_WARNING, "virus warning: infected message from %s", > > ip); > > > - } > > > } > > > } > > > #endif > > > > > How about this?: > > diff --git a/src/dspam.c b/src/dspam.c > > index 574aa70..c119ee1 100644 > > --- a/src/dspam.c > > +++ b/src/dspam.c > > @@ -1,4 +1,4 @@ > > -/* $Id: dspam.c,v 1.385 2009/12/19 01:02:19 sbajic Exp $ */ > > +/* $Id: dspam.c,v 1.386 2009/12/19 14:45:19 sbajic Exp $ */ > > > > /* > > DSPAM > > @@ -415,9 +415,11 @@ process_message ( > > result = DSR_ISSPAM; > > strcpy(CTX->class, LANG_CLASS_VIRUS); > > internally_canned = 1; > > - if (!dspam_getsource (CTX, ip, sizeof (ip))) > > - { > > - LOG(LOG_WARNING, "virus warning: infected message from %s", > > ip); > > + if(!_ds_match_attribute(agent_config, "TrackSources", "virus")) > > { > > + if (!dspam_getsource (CTX, ip, sizeof (ip))) > > + { > > + LOG(LOG_WARNING, "virus warning: infected message from %s", > > ip); > > + } > > } > > } > > } > > Everything which can avoid double log entries would be fine to me, > That thing is avoiding the double logging. It restores the old state as it used to be before I added the patch. But should some one have enabled the tracking of virus infected mails then the old logging condition is not executed. > but > still, I don't understand why the behaviour should be different for > viruses than for spam and nonspam mail. > Don't ask me. It was done by John around version 3.6 when SoBig.F was a huge problem. And since that time this logging condition is there. He never logged spam/ham explicitly but when he added the ClamAV integration he started to log virus infected mails with the above condition. I think world wide there are just a bunch of people using the tracking feature of DSPAM for other things then pure logging. I use it for RABL. I know, I know. The project is death and you can't download it any more but I have it and I have patched it to integrate well with my BIND 9.6.1_p2 that I use in conjunction with DLZ and PostgreSQL 8.4.1. One of the directives for 3.9.0 is/was not not change to much things in the old code base (in terms of removing functions). So I would like to keep the above statement to allow people upgrading from 3.6.x/3.8.x to see familiar logging as they have seen before (but allow them to use an updated tracking sources if they should need it). For 4.0.0 we can be more restrictive and remove that stuff and say that tracking sources is the right way to go should one want to track spam/ham/virus/blacklist/blocklist/etc... What do you say? > Cheers, > Julien > -- Kind Regards from Switzerland, Stevan Bajić ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Dspam-devel mailing list Dspam-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-devel