|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /usr/share/logwatch/scripts/services/ |
Upload File : |
##########################################################################
# $Id: amavis,v 1.25 2006/01/29 23:52:53 bjorn Exp $
##########################################################################
# $Log: amavis,v $
# Revision 1.25 2006/01/29 23:52:53 bjorn
# Print out virus names and sender, by Felix Schwarz.
#
# Revision 1.24 2005/12/07 19:15:56 bjorn
# Detect and count timeouts, by 'Who Knows'.
#
# Revision 1.23 2005/11/30 05:34:10 bjorn
# Corrected regexp with space, by Markus Lude.
#
# Revision 1.22 2005/11/22 18:34:32 bjorn
# Recognize 'Passed' bad headers, by "Who Knows".
#
# Revision 1.21 2005/10/26 05:40:43 bjorn
# Additional patches for amavisd-new, by Mike Cappella
#
##########################################################################
# This was originally written by:
# Jim O'Halloran <jim@kendle.com.au>
#
# Please send all comments, suggestions, bug reports,
# etc, to logwatch-devel@logwatch.org and jim@kendle.com.au.
##########################################################################
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
$CleanMsgs = 0;
$InfectedMsgs = 0;
$SpamMsgs = 0;
$BannedNames = 0;
$BadHeaders = 0;
$IntentionallyDrop = 0;
$NoDSNSent = 0;
$NoQuarantine = 0;
$Whitelisted = 0;
$Blacklisted = 0;
$SATimedout = 0;
# Parse logfile
while (defined($ThisLine = <STDIN>)) {
$From = "";
$Towards = "";
$Virus = "";
$FileName = "";
$ThisLine =~ s/^\([A-z\d-]+\) //;
while ($ThisLine =~ s/\.\.\.$//) {
chomp($ThisLine);
$NextLine = <STDIN>;
$NextLine =~ s/^\([\d-]+\) \.\.\.//;
$ThisLine .= $NextLine;
}
if ( ($ThisLine =~ /^do_ascii/)
or ($ThisLine =~ /^Found av scanner/)
or ($ThisLine =~ /^Found myself/)
or ($ThisLine =~ /^Module/)
or ($ThisLine =~ /^TIMING/)
or ($ThisLine =~ /^Checking/)
or ($ThisLine =~ /^(ESMTP|FWD|SEND) via/)
or ($ThisLine =~ /^spam_scan/)
or ($ThisLine =~ /^Not-Delivered/)
or ($ThisLine =~ /^SpamControl/)
or ($ThisLine =~ /^SPAM-TAG/)
or ($ThisLine =~ /^Net/)
or ($ThisLine =~ /^Perl/)
or ($ThisLine =~ /^ESMTP/)
or ($ThisLine =~ /^LMTP/)
or ($ThisLine =~ /^.* code[ \t]+(NOT)? loaded/)
or ($ThisLine =~ /^tempdir being removed/)
or ($ThisLine =~ /^Found primary av scanner/)
or ($ThisLine =~ /^Found \$[\S]+[\s]+at/)
or ($ThisLine =~ /^No \$[\S]+,[\s]+not using it/)
or ($ThisLine =~ /^Found secondary av scanner/)
or ($ThisLine =~ /^Using internal av scanner code/)
or ($ThisLine =~ /^mail_via_smtp/)
or ($ThisLine =~ /^local delivery: /)
or ($ThisLine =~ /^cached [a-zA-Z0-9]+ /)
or ($ThisLine =~ /^loaded policy bank/)
or ($ThisLine =~ /^wbl: soft-whitelisted/)
or ($ThisLine =~ /^p\d+ \d+(\/\d+)* Content-Type: /)
or ($ThisLine =~ /^Requesting (a |)process rundown after [0-9]+ tasks/)
or ($ThisLine =~ /^NOTICE: Not sending DSN, spam level [0-9.]+ exceeds DSN cutoff level/)
or ($ThisLine =~ /^starting. amavisd at/) ) {
# We don't care about these
} elsif ($ThisLine =~ /^Passed( CLEAN)?, /) {
$CleanMsgs++;
} elsif (($FileName, $From) = ( $ThisLine =~ /^(?:Blocked )?BANNED (?:name\/type )?\(([^\)]+)\)\, (?:\[([^\]]*)\] )*\<([^\>]*)\>/ )) {
$BannedNames++;
if ($Detail >= 10) {
$Banned{$FileName}{$From}++;
}; # if
} elsif (($Virus, $FromIP, $From) = ( $ThisLine =~ /^(?:Virus found - quarantined|INFECTED|Blocked INFECTED) \(([^\)]+)\)\, (?:\[([^\]]*)\] )*[\(\<]([^\>\)]*)[\)\>]/ )) {
$InfectedMsgs++;
if (defined($From)){
$From="$From [$FromIP]" if defined($FromIP);
}
else {
$From="[$FromIP]";
}
if ($Detail >= 5) {
$Virustypes{$Virus}++;
}; # if
if ($Detail >= 10) {
$Viruses{$Virus}{$From}++;
}; # if
} elsif (($Ac,$FromIP, $Fromspam, $Towards)
= ( $ThisLine =~ /^(Passed |Blocked )?SPAM(?:MY)?,(?: LOCAL)? (?:\[([^\]]*)\] )*[(<]([^>)]*)[)>] -\> [\(\<]([^\>\)]+)[\)\>]/ )) {
$SpamMsgs++;
if ($Fromspam =~ /^$/) {
$Fromspam="[$FromIP]";
}
else {
$Fromspam="$Fromspam [$FromIP]" if defined($FromIP);
}
if ($Detail >= 5) {
$Spamtypes{$Towards}++;
}; # if
if ($Detail >= 10) {
#print "Fromspam is '", $Fromspam, "', ";
#print "Towards is '", $Towards, "'\n";
$Spams{$Towards}{$Fromspam}++;
}; # if
} elsif (($Towards) = ( $ThisLine =~ /^(?:Passed )?SPAM, \<\> -\> [\(\<]([^\>\)]+)[\)\>]/ )) {
$SpamMsgs++;
if ($Detail >= 5) {
$Spamtypes{$Towards}++;
}; # if
if ($Detail >= 10) {
$Spams{$Towards}{"<>"}++;
}; # if
} elsif (($FromIP, $From, $Why) = ( $ThisLine =~ /^(?:Blocked |Passed )?BAD[ -]HEADER(?: from|\,) (?:\[([^\]]*)\] )*[\(\<]([^\>\)]+)[\)\>](?: -\> [\(\<](?:[^\>\)]+)[\)\>])[^\:]*(?:\: (.*) in message header)?/ )) {
$BadHeaders++;
if (defined($From)){
$From="$From [$FromIP]" if defined($FromIP);
}
else {
$From="[$FromIP]";
}
$Why="" if not defined($Why);
if ($Detail >= 10) {
$Headers{$From}{$Why}++;
}; # if
} elsif ( $ThisLine =~ /^NOTICE: Not sending DSN, spam level exceeds DSN cutoff level(| for all recips), mail intentionally dropped/ ) {
$NoDSNSent++;
} elsif ( $ThisLine =~ /^do_spam: spam level exceeds quarantine cutoff level/ ) {
$NoQuarantine++;
} elsif ( $ThisLine =~ /^NOTICE: DSN contains SPAM; bounce is not bouncible, mail intentionally dropped/ ) {
$IntentionallyDrop++;
} elsif ( $ThisLine =~ /^NOTICE: Not sending DSN to believed-to-be-faked sender/ ) {
$IntentionallyDrop++;
#I'm not incrementing infections since that was caught by INFECTED
#$InfectedMsgs++;
} elsif ( $ThisLine =~ /^NOTICE: DSN contains VIRUS; bounce is not bouncable, mail intentionally dropped/ ) {
$IntentionallyDrop++;
$InfectedMsgs++;
} elsif ( $ThisLine =~ /^NOTICE: DSN contains BANNED NAME; bounce is not bouncable, mail intentionally dropped/ ) {
$IntentionallyDrop++;
$BannedNames++;
} elsif ( $ThisLine =~ /^NOTICE: DSN contains VIRUS & BANNED NAME; bounce is not bouncable, mail intentionally dropped/ ) {
$IntentionallyDrop++;
$BannedNames++;
$InfectedMsgs++;
} elsif ( $ThisLine =~ /^NOTICE: DSN contains VIRUS & BAD HEADER; bounce is not bouncable, mail intentionally dropped/ ) {
$IntentionallyDrop++;
$BadHeaders++;
$InfectedMsgs++;
} elsif ( $ThisLine =~ /^NOTICE: DSN contains VIRUS & BANNED NAME & BAD HEADER; bounce is not bouncable, mail intentionally dropped/ ) {
$IntentionallyDrop++;
$BadHeaders++;
$InfectedMsgs++;
$BannedNames++;
} elsif ( $ThisLine =~ /^SA TIMED OUT,/ ) {
$SATimedout++;
} elsif (($ThisLine =~ /^white_black_list: whitelisted sender/ )
or ( $ThisLine =~ /.* WHITELISTED/) ) {
$Whitelisted++;
} elsif (($ThisLine =~ /^white_black_list: blacklisted sender/ )
or ( $ThisLine =~ /.* BLACKLISTED/) ) {
$Blacklisted++;
} else {
# Report any unmatched entries...
chomp($ThisLine);
$OtherList{$ThisLine}++;
} # else
} # while
#######################################################
# Output report
if ($CleanMsgs > 0) {
print "\n$CleanMsgs messages checked and passed.\n";
}; # if
if ($InfectedMsgs > 0) {
print "$InfectedMsgs virus infected messages were found.\n";
}; # if
if ($SpamMsgs > 0) {
print "$SpamMsgs spam messages were found.\n";
}; # if
if ($BannedNames > 0) {
print "$BannedNames messages rejected with banned file names.\n";
}; # if
if ($BadHeaders > 0) {
print "$BadHeaders messages with bad headers were found.\n";
}; # if
if ($IntentionallyDrop > 0) {
print "$IntentionallyDrop messages intentionally dropped (bad DSN).\n";
};
if ($NoDSNSent > 0) {
print "$NoDSNSent DSNs intentionally not sent (spam level exceeds DSN cutoff level).\n";
};
if ($NoQuarantine > 0) {
print "$NoQuarantine messages destined for quarantine intentially not quarantined (spam level exceeds quarantine cutoff level).\n";
};
if($SATimedout > 0) {
print "$SATimedout messages caused SpamAssassin to timeout during message processing.\n";
};
if ($Whitelisted > 0 && $Detail >= 5) {
print "$Whitelisted messages were whitelisted.\n";
};
if ($Blacklisted > 0 && $Detail >= 5) {
print "$Blacklisted messages were blacklisted.\n";
};
if ((keys %Virustypes)) {
print "\nViruses Detected:\n";
foreach $Virus (sort keys %Virustypes) {
if ($Detail < 10 && $Detail >= 5) {
print " $Virus: $Virustypes{$Virus} Times(s)\n";
} elsif ($Detail >= 10) {
$VirCount = 0;
$OutString = "";
foreach $From (sort keys %{ $Viruses{$Virus}}) {
$VirCount += $Viruses{$Virus}{$From};
$OutString .= " $From $Viruses{$Virus}{$From} Time(s)\n";
}; # foreach
print " $Virus: $VirCount Times(s) From:\n$OutString\n";
}; # if
}; # foreach
}; # if
if ((keys %Spams)) {
print "\nSpam Detected:\n";
foreach $Towards (sort keys %Spams) {
if ($Detail < 10 && $Detail >= 5) {
print " Spam to $Towards: $Spamtypes{$Towards} Times(s)\n";
} elsif ($Detail >=10) {
$SpamCount = 0;
$OutString = "";
foreach $From (sort keys %{ $Spams{$Towards}}) {
$SpamCount += $Spams{$Towards}{$From};
#print "From is '", $From, "'\n";
if ($From =~ /^$/) {
$OutString .= " <>";
}
else {
$OutString .= " $From ";
}
$OutString .= " $Spams{$Towards}{$From} Time(s)\n";
}; # foreach
print " Spam to $Towards: $SpamCount Times(s) From:\n$OutString\n";
}; # if
}; # foreach
}; # if
if ((keys %Headers) && $Detail >= 10) {
print "\nBad Headers Detected:\n";
foreach $From (sort keys %Headers) {
$Count = 0;
$OutString = "";
foreach $Why (sort keys %{ $Headers{$From}}) {
$Count += $Headers{$From}{$Why};
$OutString .= " $Why $Headers{$From}{$Why} Time(s)\n";
}; # foreach
print " Bad Header from $From: $Count Times(s) Reason(s):\n$OutString\n";
}; # foreach
}; # if
if (keys %Banned) {
print "\nBanned File Names:\n";
foreach $FileName (sort keys %Banned) {
$BanCount = 0;
$OutString = "";
foreach $From (sort keys %{ $Banned{$FileName}}) {
$BanCount += $Banned{$FileName}{$From};
$OutString .= " $From $Banned{$FileName}{$From} Time(s)\n";
}; # foreach
print " $FileName: $BanCount Times(s) From:\n$OutString\n";
}; # foreach
}; # if
if (keys %OtherList) {
print "\n\n**Unmatched Entries**\n";
foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
print " $line: $OtherList{$line} Time(s)\n";
}; # foreach
}; # if
exit(0);
# vi: shiftwidth=3 tabstop=3 syntax=perl et