Logcheck amavisd-new and do_executable/do_unzip

• Previous message: Ishwar Rattan: "modprobe for module at boot time?"
• Next in thread: Fisher, Jason: "RE: Logcheck amavisd-new and do_executable/do_unzip"
• Maybe reply: Fisher, Jason: "RE: Logcheck amavisd-new and do_executable/do_unzip"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 29 Nov 2005 15:20:23 -0600
To: <debian-user@lists.debian.org>

Hi all. I run a server that receives email using exim4 which in turn
hands email off to amavisd-new for virus-scanning and spam-checking. I
run logcheck which sends email highlighting specific entries from my
various logs. Logcheck has a series of files named after each program
which tell the logcheck program which messages to ignore. My problem is
that I can't get logcheck to ignore amavisd-new's error messages about
do_executable/do_unzip failing. It seems I don't understand the syntax
correctly. Here is what I have tried in order to get the messages at
the bottom excluded:

 amavis\[[0-9]+\]: +(\([-0-9]+\) +)?do_executable/do_unzip

And

amavis\[[0-9]+\]: +(\([-0-9]+\) +)?do_executable\/do_unzip

Has anyone out there figured out what line to put in logcheck's
amavisd-new file to get the messages below excluded from logcheck's
report?

Thanks

Jason

Security Events
=-=-=-=-=-=-=-=
Nov 29 14:02:04 linttrap amavis[18737]: (18737-03)
do_executable/do_unzip failed, ignoring: format error: bad signature:
0x00905a4d at offset 0 in file
/var/lib/amavis/tmp/amavis-20051129T140130-18737/parts/part-00003

• Previous message: Ishwar Rattan: "modprobe for module at boot time?"
• Next in thread: Fisher, Jason: "RE: Logcheck amavisd-new and do_executable/do_unzip"
• Maybe reply: Fisher, Jason: "RE: Logcheck amavisd-new and do_executable/do_unzip"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]