Mailscanner 4.83.2 breaks logwatch report.

Mark Sapiro mark at msapiro.net
Fri Mar 18 19:34:14 GMT 2011 

The change in MailScanner 4.83.2 changes log entries of the form

Mar 16 01:10:57 sbh16 MailScanner[4887]: Clamd::INFECTED::
Worm.Mydoom.M :: ./7AD6C6900BA.ABEC6/

to

Mar 16 01:10:57 sbh16 MailScanner[4887]: Clamd::INFECTED::Worm.Mydoom.M
:: ./7AD6C6900BA.ABEC6/

I.e., the space following INFECTED:: is dropped.

The attached patch (logwatch.patch.txt) applies to the
logwatch.scripts/services/mailscanner file distributed with logwatch
7.4.0 and fixes the problem.

Note, that the only part of this patch that is tested is the Clamd part
as I don't run any other virus scanners, but the patch shouldn't hurt
in any case as it only makes the space optional.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
--- mailscanner	2010-04-30 19:34:09.000000000 -0700
+++ /etc/logwatch/scripts/services/mailscanner	2011-03-18 12:01:26.000000000 -0700
@@ -168,13 +168,13 @@
       $VirusType_BitDefender{$1}++;
       $MailScan_Virus_BitDefender++;
    } elsif ( ($ThisLine =~ m/^\/var\/spool\/MailScanner\/incoming\/.+: ([\w\_\-\.\/]+) FOUND/i) or
-           ($ThisLine =~ m/Clamd::INFECTED:: (\S+) ::/i) ) {
+           ($ThisLine =~ m/Clamd::INFECTED:: ?(\S+) ::/i) ) {
       $VirusType_ClamAv{$1}++;
       $MailScan_Virus_ClamAv++;
-   } elsif ($ThisLine =~ m/ClamAVModule::INFECTED:: (.+)::/) {
+   } elsif ($ThisLine =~ m/ClamAVModule::INFECTED:: ?(.+)::/) {
       $VirusType_ClamAVModule{$1}++;
       $MailScan_Virus_ClamAVModule++;
-   } elsif ($ThisLine =~ m/INFECTED:: (.+) (FOUND )?::/) {
+   } elsif ($ThisLine =~ m/INFECTED:: ?(.+) (FOUND )?::/) {
       $VirusType_Clamd{$1}++;
       $MailScan_Virus_Clamd++;
    } elsif ($ThisLine =~ m/\/.+ Infection: (.+)/i) {
@@ -203,7 +203,7 @@
    } elsif ($ThisLine =~ m/>>> Virus \'(.+)\' found/) {
       $VirusType_Sophos{$1}++;
       $MailScan_Virus_Sophos++;
-   } elsif ($ThisLine =~ m/SophosSAVI::INFECTED:: (.+)::/) {
+   } elsif ($ThisLine =~ m/SophosSAVI::INFECTED:: ?(.+)::/) {
       $VirusType_SophosSavi{$1}++;
       $MailScan_Virus_SophosSavi++;
    } elsif ($ThisLine =~ m/Commercial scanner (.+) timed out!/){

More information about the MailScanner mailing list