Bug#262327: [Logcheck-devel] Bug#262327: another spamd message for ignore.d
Eric Evans
eevans at sym-link.com
Fri Jul 30 22:10:54 UTC 2004
tags 262327 pending
thanks
On Fri, Jul 30, 2004 at 06:03:17PM +0200, Marcin Owsiany muttered these words:
> Package: logcheck
> Version: 1.2.23
> Severity: normal
> Tags: patch
>
> Please add the followind message
> to/etc/logcheck/violations.ignore.d/logcheck-spamd
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: processing message <.*> for .*:[0-9]+\.$
>
> Rationale: msg ids sometimes contain strings which are regarded as
> security violations by logcheck (mars-attacks.org for example).
I've updated CVS with a couple of minor changes to your rule.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: processing message <.+> for .+:[0-9]+\.$
Note the "+" instead of "*" for both the message ID and user. I am
assuming that these will not be null, (or else they wouldn't trigger a
violation).
Thanks for the report,
-- Eric
>
> -- System Information:
> Debian Release: testing/unstable
> APT prefers unstable
> APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: i386 (i686)
> Kernel: Linux 2.4.26-1-k7
> Locale: LANG=pl_PL, LC_CTYPE=pl_PL
>
> Versions of packages logcheck depends on:
> ii adduser 3.57 Add and remove users and groups
> ii cron 3.0pl1-83 management of regular background p
> ii debconf [debconf 1.4.29 Debian configuration management sy
> ii debianutils 2.8.3 Miscellaneous utilities specific t
> ii exim4 4.34-2 An MTA (Mail Transport Agent)
> ii exim4-daemon-hea 4.34-2 Exim (v4) with extended features,
> ii lockfile-progs 0.1.10 Programs for locking and unlocking
> ii logcheck-databas 1.2.23 A database of system log rules for
> ii logtail 1.2.23 Print log file lines that have not
> ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent
> ii perl 5.8.4-2 Larry Wall's Practical Extraction
> ii sysklogd [system 1.4.1-14 System Logging Daemon
>
> -- debconf information:
> logcheck/changes:
> * logcheck/install-note:
>
>
> _______________________________________________
> Logcheck-devel mailing list
> Logcheck-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
--
Eric Evans
eevans at sym-link.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040730/6adc9631/attachment.pgp
More information about the Logcheck-devel
mailing list