[Logcheck-devel] Bug#639839: please update amavisd-new rules

Tue Aug 30 19:29:19 UTC 2011

package: logcheck-database
version: 1.3.13
severity: wishlist

Hi,

basically daily I get system events like 

Aug 30 17:18:12 alpha amavis[25542]: (25542-18) Passed SPAM, [128.233.192.41] [60.191.19.150] 
<akeiaioiw32ewew at yahoo.de> -> <holger at layer-acht.org>, quarantine: l/spam-lqVFlLbHc1ZN.gz, Message-ID: 
<SHAREWEB13l6qKejmuF0000763f at SHAREWEB1.usask.ca>, mail_id: lqVFlLbHc1ZN, Hits: 8.447, size: 3335, queued_as: 
136AACACFE1, 458 ms

which are quite annoying. The supplied amavisd rules don't catch it and
my cusom local rules (attached) neither.

I'd be happy if you could point out the error in my rules as well updating
the packages rules.

Thanks for maintaining logcheck!

cheers,
 Holger
-------------- next part --------------
amavis\[[0-9]+\]: +(\([-0-9]+\) +)INFO: no existing header field 'Subject', inserting it$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[(IPv6)?[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: -?[.[:digit:]]*, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed SPAM,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*,( quarantine: ?/spam-[-[:alnum:]]+.gz, )(Message-ID: <[^>]+>)( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed SPAM,( \[(IPv6)?[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*,( quarantine: ?/spam-[-[:alnum:]]+.gz,) Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: -?[.[:digit:]]*, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed UNCHECKED,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed UNCHECKED,( \[(IPv6)?[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: -?[.[:digit:]]*, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$