Hi all. I run a server that receives email using exim4 which in turn hands email off to amavisd-new for virus-scanning and spam-checking. I run logcheck which sends email highlighting specific entries from my various logs. Logcheck has a series of files named after each program which tell the logcheck program which messages to ignore. My problem is that I can't get logcheck to ignore amavisd-new's error messages about do_executable/do_unzip failing. It seems I don't understand the syntax correctly. Here is what I have tried in order to get the messages at the bottom excluded:
amavis\[[0-9]+\]: +(\([-0-9]+\) +)?do_executable/do_unzip And amavis\[[0-9]+\]: +(\([-0-9]+\) +)?do_executable\/do_unzip Has anyone out there figured out what line to put in logcheck's amavisd-new file to get the messages below excluded from logcheck's report? Thanks Jason Security Events =-=-=-=-=-=-=-= Nov 29 14:02:04 linttrap amavis[18737]: (18737-03) do_executable/do_unzip failed, ignoring: format error: bad signature: 0x00905a4d at offset 0 in file /var/lib/amavis/tmp/amavis-20051129T140130-18737/parts/part-00003
