Bug#585473: logwatch: Unmatched entries for spamassassin andclam-update

admin1 Thu, 10 Jun 2010 16:11:17 -0700

File:
/usr/share/logwatch/scripts/services/spamassassin:

say:
( $ThisLine =~ m/connection from localhost / ) or
( $ThisLine =~ m/setuid to / ) or
( $ThisLine =~ m/processing message / ) or
( $ThisLine =~ m/^result: / ) or
( $ThisLine =~ m/^child states: / ) or
( $ThisLine =~ m/^alarm *$/ ) or
( $ThisLine =~ m/^handled cleanup of child / ) or
( $ThisLine =~ m/^server successfully spawned child process, / ) or
( $ThisLine =~ m/^removing stderr method/ ) or
( $ThisLine =~ m/^server pid:/ ) or



fix:
( $ThisLine =~ m/connection from localhost / ) or
( $ThisLine =~ m/setuid to / ) or
( $ThisLine =~ m/processing message / ) or
( $ThisLine =~ m/result: / ) or
( $ThisLine =~ m/child states: / ) or
( $ThisLine =~ m/alarm *$/ ) or
( $ThisLine =~ m/handled cleanup of child / ) or
( $ThisLine =~ m/server successfully spawned child process, / ) or
( $ThisLine =~ m/removing stderr method/ ) or
( $ThisLine =~ m/server pid:/ ) or



file:
/usr/share/logwatch/scripts/services/clam-update:

say:
# separator of 38 dashes
($ThisLine =~ /\-{38}$/) or
# the following failure is also recorded with ERROR later on
($ThisLine =~ /^Giving up/) or
# SIGALRM, SIGUSR1, and SIGHIP signals
($ThisLine =~ /^Received signal \d*, wake up$/) or
($ThisLine =~ /Received signal \d*, re-opening log file$/) or
# temporary failure
($ThisLine =~ /^Trying again/) ) {
# Do nothing for the above statements
} elsif ($ThisLine =~ /^Received signal \d*, terminating$/) {

fix:
# separator of 38 dashes
($ThisLine =~ /\-{38}$/) or
# the following failure is also recorded with ERROR later on
($ThisLine =~ /Giving up/) or
# SIGALRM, SIGUSR1, and SIGHIP signals
($ThisLine =~ /Received signal \d*, wake up$/) or
($ThisLine =~ /Received signal \d*, re-opening log file$/) or
# temporary failure
($ThisLine =~ /Trying again/) ) {
# Do nothing for the above statements
} elsif ($ThisLine =~ /Received signal \d*, terminating$/) {


Problem is:  (^)

Keep out all (^)  fix problem.




My log:  spamd.log

Thu Jun 10 10:30:45 2010 [20312] info: spamd: connection from localhost 
[127.0.0.1] at port 54305
Thu Jun 10 10:30:45 2010 [20312] info: spamd: processing message 
<201006101530.o5afudn0021...@mail.copiservice.com.pe> for marketing:1002
Thu Jun 10 10:30:55 2010 [20312] info: spamd: clean message (-91.8/5.5) for 
marketing:1002 in 10.3 seconds, 92682 bytes.
Thu Jun 10 10:30:55 2010 [20312] info: spamd: result: . -91 - 
ALL_TRUSTED,BAYES_50,LOCAL_INFORMES,LOCAL_LINK,LOCAL_REMOVE,LOCAL_SPAM,LOCAL_VENDO,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,URI_HEX,USER_IN_WHITELIST
 
scantime=10.3,size=92682,user=marketing,uid=1002,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=54305,mid=<201006101530.o5afudn0021...@xxxxxx>,bayes=0.500000,autolearn=no
Thu Jun 10 10:30:55 2010 [2738] info: prefork: child states: II
Thu Jun 10 10:31:11 2010 [20312] info: spamd: connection from localhost 
[127.0.0.1] at port 54316
Thu Jun 10 10:31:11 2010 [20312] info: spamd: processing message 
<201006101531.o5afv5gg022...@mail.copiservice.com.pe> for marketing:1002
Thu Jun 10 10:31:16 2010 [20312] info: spamd: clean message (-92.6/5.5) for 
marketing:1002 in 5.7 seconds, 869 bytes.
Thu Jun 10 10:31:16 2010 [20312] info: spamd: result: . -92 - 
BAYES_05,FSL_HELO_NON_FQDN_1,HELO_NO_DOMAIN,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,TO_NO_BRKTS_DIRECT,TO_NO_BRKTS_DYNIP,TVD_RCVD_SINGLE,USER_IN_WHITELIST
 
scantime=5.7,size=869,user=marketing,uid=1002,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=54316,mid=<201006101531.o5afv5gg022...@xxxx>,bayes=0.016241,autolearn=no
Thu Jun 10 10:31:18 2010 [2738] info: prefork: child states: II
Thu Jun 10 10:32:03 2010 [20312] info: spamd: connection from localhost 
[127.0.0.1] at port 54324
Thu Jun 10 10:32:03 2010 [20312] info: spamd: processing message 
<201006101531.o5afvubx022...@xxxx> for marketing:1002
Thu Jun 10 10:32:13 2010 [20312] info: spamd: clean message (-91.8/5.5) for 
marketing:1002 in 10.7 seconds, 92550 bytes.
Thu Jun 10 10:32:13 2010 [20312] info: spamd: result: . -91 - 
ALL_TRUSTED,BAYES_50,LOCAL_INFORMES,LOCAL_LINK,LOCAL_REMOVE,LOCAL_SPAM,LOCAL_VENDO,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,URI_HEX,USER_IN_WHITELIST
 
scantime=10.7,size=92550,user=marketing,uid=1002,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=54324,mid=<201006101531.o5afvubx022...@xxxx>,bayes=0.500000,autolearn=no
Thu Jun 10 10:32:13 2010 [2738] info: prefork: child states: II
Thu Jun 10 10:36:24 2010 [20312] info: spamd: connection from localhost 
[127.0.0.1] at port 41719
Thu Jun 10 10:36:24 2010 [20312] info: spamd: processing message 
<201006101536.o5afagxf022...@xxxx> for marketing:1002
Thu Jun 10 10:36:33 2010 [20312] info: spamd: clean message (-91.8/5.5) for 
marketing:1002 in 9.7 seconds, 94308 bytes.
Thu Jun 10 10:36:33 2010 [20312] info: spamd: result: . -91 - 
ALL_TRUSTED,BAYES_50,LOCAL_INFORMES,LOCAL_LINK,LOCAL_REMOVE,LOCAL_SPAM,LOCAL_VENDO,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,URI_HEX,USER_IN_WHITELIST
 
scantime=9.7,size=94308,user=marketing,uid=1002,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=41719,mid=<201006101536.o5afagxf022...@xxxx>,bayes=0.500000,autolearn=no
Thu Jun 10 10:36:33 2010 [2738] info: prefork: child states: II
Thu Jun 10 10:38:37 2010 [20312] info: spamd: connection from localhost 
[127.0.0.1] at port 53415
Thu Jun 10 10:38:37 2010 [20312] info: spamd: processing message 
<201006101538.o5afcuey023...@xxxx> for marketing:1002
Thu Jun 10 10:38:50 2010 [20312] info: spamd: clean message (-91.8/5.5) for 
marketing:1002 in 13.0 seconds, 94218 bytes.
Thu Jun 10 10:38:50 2010 [20312] info: spamd: result: . -91 - 
ALL_TRUSTED,BAYES_50,LOCAL_INFORMES,LOCAL_LINK,LOCAL_REMOVE,LOCAL_SPAM,LOCAL_VENDO,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,URI_HEX,USER_IN_WHITELIST
 
scantime=13.0,size=94218,user=marketing,uid=1002,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=53415,mid=<201006101538.o5afcuey023...@xxxx>,bayes=0.500000,autolearn=no
Thu Jun 10 10:38:50 2010 [2738] info: prefork: child states: II
Thu Jun 10 10:40:25 2010 [20312] info: spamd: connection from localhost 
[127.0.0.1] at port 53430
Thu Jun 10 10:40:25 2010 [20312] info: spamd: processing message 
<aanlktink4bnhhoqxg1syhi8ehnl6pv11dtvl1akci...@mail.gmail.com> for 
marketing:1002
Thu Jun 10 10:40:31 2010 [20312] info: spamd: identified spam (9.8/5.5) for 
marketing:1002 in 6.3 seconds, 369920 bytes.
Thu Jun 10 10:40:31 2010 [20312] info: spamd: result: Y 9 - 
BAYES_50,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLY,HTML_IMAGE_ONLY_12,HTML_IMAGE_RATIO_02,HTML_MESSAGE,LOCAL_PUBLICIDAD,MISSING_HEADERS,SPF_PASS,T_DKIM_INVALID,T_FREEMAIL_DOC_PDF,T_REMOTE_IMAGE,T_TO_NO_BRKTS_FREEMAIL
 
scantime=6.3,size=369920,user=marketing,uid=1002,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=53430,mid=<aanlktink4bnhhoqxg1syhi8ehnl6pv11dtvl1akci...@mail.gmail.com>,bayes=0.575625,autolearn=no
Thu Jun 10 10:40:32 2010 [2738] info: prefork: child states: II
Thu Jun 10 10:42:15 2010 [20312] info: spamd: connection from localhost 
[127.0.0.1] at port 53442
Thu Jun 10 10:42:15 2010 [20312] info: spamd: processing message 
<201006101542.o5afg8q6023...@mail.copiservice.com.pe> for marketing:1002
Thu Jun 10 10:42:25 2010 [20312] info: spamd: clean message (-91.8/5.5) for 
marketing:1002 in 10.0 seconds, 94227 bytes.
Thu Jun 10 10:42:25 2010 [20312] info: spamd: result: . -91 - 
ALL_TRUSTED,BAYES_50,LOCAL_INFORMES,LOCAL_LINK,LOCAL_REMOVE,LOCAL_SPAM,LOCAL_VENDO,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,URI_HEX,USER_IN_WHITELIST
 
scantime=10.0,size=94227,user=marketing,uid=1002,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=53442,mid=<201006101542.o5afg8q6023...@xxxx>,bayes=0.500000,autolearn=no
Thu Jun 10 10:42:25 2010 [2738] info: prefork: child states: II



My log: freshclam.log

Thu Jun 10 02:41:31 2010 -> --------------------------------------
Thu Jun 10 04:41:31 2010 -> Received signal: wake up
Thu Jun 10 04:41:31 2010 -> Max retries == 3
Thu Jun 10 04:41:31 2010 -> ClamAV update process started at Thu Jun 10 
04:41:31 2010
Thu Jun 10 04:41:31 2010 -> Using IPv6 aware code
Thu Jun 10 04:41:31 2010 -> Querying current.cvd.clamav.net
Thu Jun 10 04:41:31 2010 -> TTL: 699
Thu Jun 10 04:41:31 2010 -> Software version from DNS: 0.96.1
Thu Jun 10 04:41:31 2010 -> main.cvd version from DNS: 52
Thu Jun 10 04:41:31 2010 -> main.cvd is up to date (version: 52, sigs: 704727, 
f-level: 44, builder: sven)
Thu Jun 10 04:41:31 2010 -> daily.cvd version from DNS: 11171
Thu Jun 10 04:41:31 2010 -> daily.cld is up to date (version: 11171, sigs: 
95708, f-level: 51, builder: guitar)
Thu Jun 10 04:41:31 2010 -> bytecode.cvd version from DNS: 25
Thu Jun 10 04:41:31 2010 -> bytecode.cvd is up to date (version: 25, sigs: 3, 
f-level: 51, builder: nervous)
Thu Jun 10 04:41:31 2010 -> --------------------------------------
Thu Jun 10 06:41:31 2010 -> Received signal: wake up
Thu Jun 10 06:41:31 2010 -> Max retries == 3
Thu Jun 10 06:41:31 2010 -> ClamAV update process started at Thu Jun 10 
06:41:31 2010
Thu Jun 10 06:41:31 2010 -> Using IPv6 aware code
Thu Jun 10 06:41:31 2010 -> Querying current.cvd.clamav.net
Thu Jun 10 06:41:31 2010 -> TTL: 604
Thu Jun 10 06:41:31 2010 -> Software version from DNS: 0.96.1
Thu Jun 10 06:41:31 2010 -> main.cvd version from DNS: 52
Thu Jun 10 06:41:31 2010 -> main.cvd is up to date (version: 52, sigs: 704727, 
f-level: 44, builder: sven)
Thu Jun 10 06:41:31 2010 -> daily.cvd version from DNS: 11173
Thu Jun 10 06:41:31 2010 -> Retrieving 
http://database.clamav.net/daily-11172.cdiff
Thu Jun 10 06:41:32 2010 -> Trying to download 
http://database.clamav.net/daily-11172.cdiff (IP: 194.8.197.22)
Thu Jun 10 06:41:32 2010 -> Downloading daily-11172.cdiff [100%]
Thu Jun 10 06:41:32 2010 -> cdiff_apply: Parsed 8 lines and executed 8 commands
Thu Jun 10 06:41:32 2010 -> Retrieving 
http://database.clamav.net/daily-11173.cdiff
Thu Jun 10 06:41:32 2010 -> Trying to download 
http://database.clamav.net/daily-11173.cdiff (IP: 194.8.197.22)
Thu Jun 10 06:41:33 2010 -> Downloading daily-11173.cdiff [100%]
Thu Jun 10 06:41:33 2010 -> cdiff_apply: Parsed 9 lines and executed 9 commands
Thu Jun 10 06:41:33 2010 -> Properly loaded 95711 signatures from new daily.cld
Thu Jun 10 06:41:33 2010 -> daily.cld updated (version: 11173, sigs: 95711, 
f-level: 51, builder: ccordes)
Thu Jun 10 06:41:33 2010 -> bytecode.cvd version from DNS: 25
Thu Jun 10 06:41:33 2010 -> bytecode.cvd is up to date (version: 25, sigs: 3, 
f-level: 51, builder: nervous)
Thu Jun 10 06:41:33 2010 -> Database updated (800441 signatures) from 
database.clamav.net (IP: 194.8.197.22)
Thu Jun 10 06:41:37 2010 -> Clamd successfully notified about the update.
Thu Jun 10 06:41:37 2010 -> --------------------------------------
Thu Jun 10 08:41:37 2010 -> Received signal: wake up
Thu Jun 10 08:41:37 2010 -> Max retries == 3
Thu Jun 10 08:41:37 2010 -> ClamAV update process started at Thu Jun 10 
08:41:37 2010
Thu Jun 10 08:41:37 2010 -> Using IPv6 aware code
Thu Jun 10 08:41:37 2010 -> Querying current.cvd.clamav.net
Thu Jun 10 08:41:37 2010 -> TTL: 127
Thu Jun 10 08:41:37 2010 -> Software version from DNS: 0.96.1
Thu Jun 10 08:41:37 2010 -> main.cvd version from DNS: 52
Thu Jun 10 08:41:37 2010 -> main.cvd is up to date (version: 52, sigs: 704727, 
f-level: 44, builder: sven)
Thu Jun 10 08:41:37 2010 -> daily.cvd version from DNS: 11173
Thu Jun 10 08:41:37 2010 -> daily.cld is up to date (version: 11173, sigs: 
95711, f-level: 51, builder: ccordes)
Thu Jun 10 08:41:37 2010 -> bytecode.cvd version from DNS: 25
Thu Jun 10 08:41:37 2010 -> bytecode.cvd is up to date (version: 25, sigs: 3, 
f-level: 51, builder: nervous)
Thu Jun 10 08:41:37 2010 -> --------------------------------------

Example:

With  m/^result:

Not detect line in log:
Thu Jun 10 10:30:55 2010 [20312] info: spamd: result: . -91 - 
ALL_TRUSTED,BAYES_50,LOCAL_INFORMES,LOCAL_LINK,LOCAL_REMOVE,LOCAL_SPAM,LOCAL_VENDO,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,URI_HEX,USER_IN_WHITELIST
 
scantime=10.3,size=92682,user=marketing,uid=1002,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=54305,mid=<201006101530.o5afudn0021...@mail.copiservice.com.pe>,bayes=0.500000,autolearn=no


With m/result:   detect line in log.


Than.

Luis Rivera A.
Lima-Peru











Willi Mann <wi...@wm1.at> wrote ..
> tags 585473 + moreinfo
> thanks
> 
> Am 2010-06-10 21:30, schrieb admin1:
> > Package: logwatch
> > Version: 7.3.6.cvs20080702-2
> > Severity: important
> > 
> > Unmatched entries for spamassassin and freshclam:
> > 
> > 
> > Problem:
> > (example)
> > ($ThisLine =~ /^Received signal \d*, wake up$/)
> > 
> > Fix:
> > ($ThisLine =~ /Received signal \d*, wake up$/)
> 
> This bug report is useless. Please always include the original loglines,
> the logfile they originated from and the service script that show the
> problem. Otherwise I can't fix bugs in scripts that I don't use on my
> systems.
> 
> Second, if you remove the ^ everywhere, you make regex evaluation much
> less efficient.
> 
> WM

Bug#585473: logwatch: Unmatched entries for spamassassin andclam-update

Reply via email to