Logcheck devel - Jul 2007 - Bug#435438: logcheck-database: patch for amavisd-new

Package: logcheck-database
Version: 1.2.57
Severity: normal
Tags: patch

Logcheck is now reporting lines like this:

Jul 31 10:20:59 protempore amavis[6399]: (06399-02) Passed CLEAN,
[64.147.162.140] [64.147.162.138] <bounce at yelp.com> -> <pst at
xxx.org>, Message-ID: <20070731172049.23239.71223.ZGNJvxkzek8w5l33rxj1Aw
at www.yelp.com>, mail_id: NdXYfYxZEllU, Hits: -0.853, queued_as:
3FCCF38060A, 7910 ms

and this:

Jul 31 10:27:13 protempore amavis[6351]: (06351-03) Passed CLEAN, [66.94.237.40]
[69.105.72.133] <sentto-12845535-1079-1185902827-pst=xxx.org at
returns.groups.yahoo.com> -> <pst at xxx.org>, Message-ID:
<409424.58160.qm at web82603.mail.mud.yahoo.com>, mail_id: 8FgJcG5eo5MY,
Hits: -2.598-3, queued_as: 0F1C638060A, 4705 ms

There are two bugs in the RE for ignore.d.server/amavisd-new, "hits"
had just a dash following it.  Please note both lines, as you can see,
hits can be a single number, or, sometimes, amavisd-new will put out
two numbers (second example).

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (650, 'testing'), (600, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.21-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.13     Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information excluded
-------------- next part --------------
--- /etc/logcheck/ignore.d.server/amavisd-new	2007-07-14 04:11:10.000000000
-0700
+++ /tmp/b	2007-07-31 11:39:48.000000000 -0700
@@ -1,5 +1,5 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){1,2} <[^>]*>
-> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>(
\(added by[^)]+\))?,( Resent-Message-ID: [^[:space:]]*,)? mail_id:
[-+[:alnum:]]+, Hits: -, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed INFECTED \([-._[:alnum:]]+\),( \[[.:[:xdigit:]]+\]){2}
<[^>]*> -> <[^>]*>, quarantine: virus-[-+[:alnum:]]+,
Message-ID: [^[:space:]]*, mail_id: [-+[:alnum:]]+, Hits: -, queued_as:
[[:xdigit:]]+, [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){1,2} <[^>]*>
-> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>(
\(added by[^)]+\))?,( Resent-Message-ID: [^[:space:]]*,)? mail_id:
[-+[:alnum:]]+, Hits: [.[:digit:]-]+, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed INFECTED \([-._[:alnum:]]+\),( \[[.:[:xdigit:]]+\]){2}
<[^>]*> -> <[^>]*>, quarantine: virus-[-+[:alnum:]]+,
Message-ID: [^[:space:]]*, mail_id: [-+[:alnum:]]+, Hits: [.[:digit:]-]+,
queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) NOTICE: Not sending DSN in response to bulk mail from
<[^.]*> containing [[:upper:] ]+, mail intentionally dropped$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) INFO: unfolded [[:digit:]]+ illegal all-whitespace
continuation lines$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) WARN: address modified \((sender|recipient)\):
<[^>]+> -> <[^>]+>$