Le samedi 19 décembre 2009 à 16:12 +0100, Stevan Bajić a écrit : > On Sat, 19 Dec 2009 15:55:59 +0100 > Julien Valroff <jul...@kirya.net> wrote: > > > Hi Steve, > > > > Le samedi 19 décembre 2009 à 15:01 +0100, Stevan Bajić a écrit : > > > On Sat, 19 Dec 2009 14:07:44 +0100 > > > Julien Valroff <jul...@kirya.net> wrote: > > > > > > > Hi, > > > > > > > Hallo Julien, > > > > > > > > > > Since commit 70ef9cd17c02081a10971c6f64a2770524c138e2, there is > a > > > new > > > > virus option to tracksources. > > > > > > > > When enabled, it causes virus to be notified twice in the logs: > > > > Dec 19 13:50:48 nix dspam[29400]: virus warning: infected > message > > > from 209.85.219.223 > > > > Dec 19 13:50:48 nix dspam[29400]: infected message from > > > 209.85.219.223 > > > > > > > > This is confusing for tools like mailgraph which parses the mail > > > logs to > > > > gather statistics (in that case, virus would be counted twice). > > > > > > > > I would propose to remove the "old" warning: > > > > > > > > diff --git a/src/dspam.c b/src/dspam.c > > > > index 574aa70..74fdae0 100644 > > > > --- a/src/dspam.c > > > > +++ b/src/dspam.c > > > > @@ -415,10 +415,6 @@ process_message ( > > > > result = DSR_ISSPAM; > > > > strcpy(CTX->class, LANG_CLASS_VIRUS); > > > > internally_canned = 1; > > > > - if (!dspam_getsource (CTX, ip, sizeof (ip))) > > > > - { > > > > - LOG(LOG_WARNING, "virus warning: infected message from > %s", > > > ip); > > > > - } > > > > } > > > > } > > > > #endif > > > > > > > How about this?: > > > diff --git a/src/dspam.c b/src/dspam.c > > > index 574aa70..c119ee1 100644 > > > --- a/src/dspam.c > > > +++ b/src/dspam.c > > > @@ -1,4 +1,4 @@ > > > -/* $Id: dspam.c,v 1.385 2009/12/19 01:02:19 sbajic Exp $ */ > > > +/* $Id: dspam.c,v 1.386 2009/12/19 14:45:19 sbajic Exp $ */ > > > > > > /* > > > DSPAM > > > @@ -415,9 +415,11 @@ process_message ( > > > result = DSR_ISSPAM; > > > strcpy(CTX->class, LANG_CLASS_VIRUS); > > > internally_canned = 1; > > > - if (!dspam_getsource (CTX, ip, sizeof (ip))) > > > - { > > > - LOG(LOG_WARNING, "virus warning: infected message from > %s", > > > ip); > > > + if(!_ds_match_attribute(agent_config, "TrackSources", > "virus")) > > > { > > > + if (!dspam_getsource (CTX, ip, sizeof (ip))) > > > + { > > > + LOG(LOG_WARNING, "virus warning: infected message from > %s", > > > ip); > > > + } > > > } > > > } > > > } > > > > Everything which can avoid double log entries would be fine to me, > > > That thing is avoiding the double logging. It restores the old state > as it used to be before I added the patch. But should some one have > enabled the tracking of virus infected mails then the old logging > condition is not executed. > > > > but > > still, I don't understand why the behaviour should be different for > > viruses than for spam and nonspam mail. > > > Don't ask me. It was done by John around version 3.6 when SoBig.F was > a huge problem. And since that time this logging condition is there. > He never logged spam/ham explicitly but when he added the ClamAV > integration he started to log virus infected mails with the above > condition. > > I think world wide there are just a bunch of people using the tracking > feature of DSPAM for other things then pure logging. I use it for > RABL. I know, I know. The project is death and you can't download it > any more but I have it and I have patched it to integrate well with my > BIND 9.6.1_p2 that I use in conjunction with DLZ and PostgreSQL 8.4.1. > > One of the directives for 3.9.0 is/was not not change to much things > in the old code base (in terms of removing functions). So I would like > to keep the above statement to allow people upgrading from 3.6.x/3.8.x > to see familiar logging as they have seen before (but allow them to > use an updated tracking sources if they should need it). > > For 4.0.0 we can be more restrictive and remove that stuff and say > that tracking sources is the right way to go should one want to track > spam/ham/virus/blacklist/blocklist/etc... > > What do you say?
I now understand it better. Actually, I remember I had requested this feature myself in early 2006, as previously, infected mail were considered as spam mail in the logs. I had requested to had an option to be added to TrackSources, but it was implemented after that as it is now. Then, I do totally agree with your proposal, as long as we keep in mind that such things should be reviewed for 4.0.0 Cheers, Julien ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Dspam-devel mailing list Dspam-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-devel