Bug#618526: logwatch: Unmatched entries from barracuda filter.

Tue, 15 Mar 2011 16:51:20 -0700 

Package: logwatch
Version: 7.3.6.cvs20090906-1
Severity: normal

The barracuda filter in the logwatch package generates unmatched entries
like: 

 --------------------- barracuda spam firewall Begin ------------------------ 

 **Unmatched Entries**
 
 Mar 15 22:35:05 mx2 mimedefang.pl[15615]: 
MDLOG,p2FLZ4id016590,mail_in,-2.91,192.42.125.239,<theun...@rijnh.nl>,<theun...@rijnh.nl>,This
 trigers A bug in the barracuda logwatch filter.
 
 ---------------------- barracuda spam firewall End ------------------------- 

This is caused by the follwing code:
$ cat -n /usr/share/logwatch/scripts/services/barracuda |grep -A2 '^ *209'
   209     } elsif ( $ThisLine =~ /\s[RECV|SCAN|SEND]\s/) {
   210        push @OtherList,$ThisLine;
   211     }

This code is supposed to be a catch-all case for not previously handled 
log-lines
containng any of the words "RECV", "SCAN" or "SEND" (without quotes) surrounded
by space. But line 209 triggers on any single occurence of one of the chars
between the "[" and "]" that is surrounded by space. (On the " A " in the
logwatch output quoted above.) 

Solution: Change line 209 to read:
    } elsif ( $ThisLine =~ /\s(RECV|SCAN|SEND)\s/) {
Or disable or remove the entire barracuda filter. This filter doesn't seem to
be usefull for any of the packages distributed by debian.



Regards,

Kees Theunissen.


-- System Information:
Debian Release: 6.0
  APT prefers squeeze-updates
  APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logwatch depends on:
ii  perl                          5.10.1-17  Larry Wall's Practical Extraction 
ii  sendmail-bin [mail-transport- 8.14.3-9.4 powerful, efficient, and scalable 

Versions of packages logwatch recommends:
ii  libdate-manip-perl            6.11-1     module for manipulating dates

Versions of packages logwatch suggests:
pn  fortune-mod                   <none>     (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to