Logcheck amavisd-new and do_executable/do_unzip

To: <debian-user@lists.debian.org>
Subject: Logcheck amavisd-new and do_executable/do_unzip
From: "Fisher, Jason" <JFisher@Huitt-Zollars.com>
Date: Tue, 29 Nov 2005 15:20:23 -0600
Message-id: <[🔎] 3F545DABC05A6D4FB5E9BABD3E0063810123CF9D@hzdalexch.huitt-zollars.com>

Hi all.  I run a server that receives email using exim4 which in turn
hands email off to amavisd-new for virus-scanning and spam-checking.  I
run logcheck which sends email highlighting specific entries from my
various logs.  Logcheck has a series of files named after each program
which tell the logcheck program which messages to ignore.  My problem is
that I can't get logcheck to ignore amavisd-new's error messages about
do_executable/do_unzip failing.  It seems I don't understand the syntax
correctly.  Here is what I have tried in order to get the messages at
the bottom excluded:

 amavis\[[0-9]+\]: +(\([-0-9]+\) +)?do_executable/do_unzip

And

amavis\[[0-9]+\]: +(\([-0-9]+\) +)?do_executable\/do_unzip

Has anyone out there figured out what line to put in logcheck's
amavisd-new file to get the messages below excluded from logcheck's
report?

Thanks

Jason


Security Events
=-=-=-=-=-=-=-=
Nov 29 14:02:04 linttrap amavis[18737]: (18737-03)
do_executable/do_unzip failed, ignoring: format error: bad signature:
0x00905a4d at offset 0 in file
/var/lib/amavis/tmp/amavis-20051129T140130-18737/parts/part-00003

Reply to:

Prev by Date: modprobe for module at boot time?
Next by Date: Exim4 & LOG
Previous by thread: Re: modprobe for module at boot time?
Next by thread: RE: Logcheck amavisd-new and do_executable/do_unzip
Index(es):
- Date
- Thread