[Logcheck-devel] Bug#578415: logcheck-database: Patch to improve dspam rules

Mon Apr 19 17:36:16 UTC 2010

Package: logcheck-database
Severity: wishlist
Tags: ipv6 patch

Hi,

please find below a patch to improve the rules defined for dspam, so that they take
into account ipv6 addresses and adding rules for 2 current cases (mail over the limit
set by the administrator and mail rejected as flagged as infected by clamav).


diff -urN logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dspam logcheck-1.3.8/rulefiles/linux/ignore.d.server/dspam

--- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dspam	2008-03-05 09:10:47.000000000 +0100
+++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dspam	2010-04-19 19:33:16.483402478 +0200
@@ -1,2 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: spam detected from [.0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: innocent message from [.0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: infected message from ([.0-9]{7,15}|[0-9a-fA-F:.]{4,39})$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: spam detected from ([.0-9]{7,15}|[0-9a-fA-F:.]{4,39})$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: innocent message from ([.0-9]{7,15}|[0-9a-fA-F:.]{4,39})$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: message too big, delivering$


Cheers,
Julien

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (150, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



