Julien Valroff
2010-Apr-19 17:36 UTC
[Logcheck-devel] Bug#578415: logcheck-database: Patch to improve dspam rules
Package: logcheck-database
Severity: wishlist
Tags: ipv6 patch
Hi,
please find below a patch to improve the rules defined for dspam, so that they
take
into account ipv6 addresses and adding rules for 2 current cases (mail over the
limit
set by the administrator and mail rejected as flagged as infected by clamav).
diff -urN logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dspam
logcheck-1.3.8/rulefiles/linux/ignore.d.server/dspam
--- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dspam 2008-03-05
09:10:47.000000000 +0100
+++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dspam 2010-04-19
19:33:16.483402478 +0200
@@ -1,2 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: spam detected from [.0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: innocent message from
[.0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: infected message from
([.0-9]{7,15}|[0-9a-fA-F:.]{4,39})$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: spam detected from
([.0-9]{7,15}|[0-9a-fA-F:.]{4,39})$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: innocent message from
([.0-9]{7,15}|[0-9a-fA-F:.]{4,39})$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: message too big,
delivering$
Cheers,
Julien
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (150, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Julien Valroff
2010-Apr-19 18:39 UTC
[Logcheck-devel] Bug#578415: logcheck-database: Patch to improve dspam rules
Le lundi 19 avril 2010 ? 19:36 +0200, Julien Valroff a ?crit :> Package: logcheck-database > Severity: wishlist > Tags: ipv6 patch > > Hi, > > please find below a patch to improve the rules defined for dspam, so that they take > into account ipv6 addresses and adding rules for 2 current cases (mail over the limit > set by the administrator and mail rejected as flagged as infected by clamav).Sorry, IPv6 addresses are prefixed with "IPv6:", here is an amended patch: diff -urN logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dspam logcheck-1.3.8/rulefiles/linux/ignore.d.server/dspam --- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dspam 2008-03-05 09:10:47.000000000 +0100 +++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dspam 2010-04-19 19:33:16.483402478 +0200 @@ -1,2 +1,4 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: spam detected from [.0-9]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: innocent message from [.0-9]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: infected message from ([.0-9]{7,15}|IPv6:[0-9a-fA-F:.]{4,39})$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: spam detected from ([.0-9]{7,15}|IPv6:[0-9a-fA-F:.]{4,39})$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: innocent message from ([.0-9]{7,15}|IPv6:[0-9a-fA-F:.]{4,39})$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: message too big, delivering$ Cheers, Julien