Bug#262327: [Logcheck-devel] Bug#262327: another spamd message for ignore.d

Eric Evans eevans at sym-link.com
Fri Jul 30 22:10:54 UTC 2004 

tags 262327 pending
thanks

On Fri, Jul 30, 2004 at 06:03:17PM +0200, Marcin Owsiany muttered these words:
> Package: logcheck
> Version: 1.2.23
> Severity: normal
> Tags: patch
> 
> Please add the followind message
> to/etc/logcheck/violations.ignore.d/logcheck-spamd
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: processing message <.*> for .*:[0-9]+\.$
> 
> Rationale: msg ids sometimes contain strings which are regarded as
> security violations by logcheck (mars-attacks.org for example).

I've updated CVS with a couple of minor changes to your rule.

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: processing message <.+> for .+:[0-9]+\.$

Note the "+" instead of "*" for both the message ID and user. I am
assuming that these will not be null, (or else they wouldn't trigger a
violation).

Thanks for the report,

-- Eric

> 
> -- System Information:
> Debian Release: testing/unstable
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: i386 (i686)
> Kernel: Linux 2.4.26-1-k7
> Locale: LANG=pl_PL, LC_CTYPE=pl_PL
> 
> Versions of packages logcheck depends on:
> ii  adduser          3.57                    Add and remove users and groups
> ii  cron             3.0pl1-83               management of regular background p
> ii  debconf [debconf 1.4.29                  Debian configuration management sy
> ii  debianutils      2.8.3                   Miscellaneous utilities specific t
> ii  exim4            4.34-2                  An MTA (Mail Transport Agent)
> ii  exim4-daemon-hea 4.34-2                  Exim (v4) with extended features, 
> ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
> ii  logcheck-databas 1.2.23                  A database of system log rules for
> ii  logtail          1.2.23                  Print log file lines that have not
> ii  mailx            1:8.1.2-0.20040524cvs-1 A simple mail user agent
> ii  perl             5.8.4-2                 Larry Wall's Practical Extraction 
> ii  sysklogd [system 1.4.1-14                System Logging Daemon
> 
> -- debconf information:
>   logcheck/changes:
> * logcheck/install-note:
> 
> 
> _______________________________________________
> Logcheck-devel mailing list
> Logcheck-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

-- 
Eric Evans
eevans at sym-link.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040730/6adc9631/attachment.pgp

More information about the Logcheck-devel mailing list