Recording rule names & virus names

Hans Spaans hans at dailystuff.nl
Mon Jul 29 23:43:31 CEST 2013


Kent Oyer schreef op zo 28-07-2013 om 14:11 [-0400]:
> I'm using SQL for lookups. Is there a way to record the names of the rules that were hit on each message? I would like to generate stats on how my rules are preforming. I have the same question about virus names. I would like to see some stats on which viruses were found and blocked. It would be great to have this information written to the database somehow.
> 
> Thanks
> Kent

As far as I know this isn't part of the schema yet, but I use the
following log_templ[1] to get all the information into syslog. Once in a
while I parse it for everything I need. You may also want to have a
closer look at logtail is you parse the logfile incrementally.

==BEGIN==

$log_templ = <<'EOD';
[?%#D|#|Passed #
[? [:ccat|major] |#
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)] {[:actions_performed]}#
, [? %p ||%p ][?%a||[?%l||LOCAL ][:client_addr_port] ][?%e||\[%e\] ]%s
-> [%D|,]#
[? %q ||, quarantine: %q]#
[? %Q ||, Queue-ID: %Q]#
[? %m ||, Message-ID: %m]#
[? %r ||, Resent-Message-ID: %r]#
[? %i ||, mail_id: %i]#
, Hits: [:SCORE]#
, size: %z#
[? [:partition_tag] ||, pt: [:partition_tag]]#
[~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\
[remote_mta_smtp_response|[~%x|["queued as ([0-9A-Za-z]+)$"]|["%1"]|["%
0"]]|/]#
#, Subject: [:dquote|[:mime2utf8|[:header_field|Subject]|100|1]]#
#, From: [:uquote|[:mime2utf8|[:header_field|From]|100|1]]#
[? %#T ||, Tests: \[[%T|,]\]]#
[? [:dkim|sig_sd]    ||, dkim_sd=[:dkim|sig_sd]]#
[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]#
, %y ms#
]
[?%#O|#|Blocked #
[? [:ccat|major|blocking] |#
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)] {[:actions_performed]}#
, [? %p ||%p ][?%a||[?%l||LOCAL ][:client_addr_port] ][?%e||\[%e\] ]%s
-> [%O|,]#
[? %q ||, quarantine: %q]#
[? %Q ||, Queue-ID: %Q]#
[? %m ||, Message-ID: %m]#
[? %r ||, Resent-Message-ID: %r]#
[? %i ||, mail_id: %i]#
, Hits: [:SCORE]#
, size: %z#
[? [:partition_tag] ||, pt: [:partition_tag]]#
#, Subject: [:dquote|[:mime2utf8|[:header_field|Subject]|100|1]]#
#, From: [:uquote|[:mime2utf8|[:header_field|From]|100|1]]#
[? %#T ||, Tests: \[[%T|,]\]]#
[? [:dkim|sig_sd]    ||, dkim_sd=[:dkim|sig_sd]]#
[? [:dkim|newsig_sd] ||, dkim_new=[:dkim|newsig_sd]]#
, %y ms#
]

===END===

Hans

[1] Someone posted it in the past on this mailinglist;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20130729/0b05da03/attachment.sig>


More information about the amavis-users mailing list