Logcheck amavisd-new and do_executable/do_unzip
Hi all. I run a server that receives email using exim4 which in turn
hands email off to amavisd-new for virus-scanning and spam-checking. I
run logcheck which sends email highlighting specific entries from my
various logs. Logcheck has a series of files named after each program
which tell the logcheck program which messages to ignore. My problem is
that I can't get logcheck to ignore amavisd-new's error messages about
do_executable/do_unzip failing. It seems I don't understand the syntax
correctly. Here is what I have tried in order to get the messages at
the bottom excluded:
amavis\[[0-9]+\]: +(\([-0-9]+\) +)?do_executable/do_unzip
And
amavis\[[0-9]+\]: +(\([-0-9]+\) +)?do_executable\/do_unzip
Has anyone out there figured out what line to put in logcheck's
amavisd-new file to get the messages below excluded from logcheck's
report?
Thanks
Jason
Security Events
=-=-=-=-=-=-=-=
Nov 29 14:02:04 linttrap amavis[18737]: (18737-03)
do_executable/do_unzip failed, ignoring: format error: bad signature:
0x00905a4d at offset 0 in file
/var/lib/amavis/tmp/amavis-20051129T140130-18737/parts/part-00003
Reply to: