Simscan/Logging

From Qmailwiki
(Difference between revisions)
Jump to: navigation, search
(Wishlist)
(added proposed format)
Line 1: Line 1:
== Logging in Simscan ==
+
== Current Logging in Simscan ==
  
 
Logging in simscan is to be defined here. Currently most logging lines look like this
 
Logging in simscan is to be defined here. Currently most logging lines look like this
Line 29: Line 29:
  
 
please comment...
 
please comment...
 +
 +
== Future logging proposal ==
 +
 +
  simscan[PID]:REMOTEIP:RCPTS:TTP:MODULES:ACTION:ACTIONINFO
 +
 +
The idea is the have the first part (up to ACTION) stay the same and make the ACTIONINFO part dependent on the chosen action.
 +
 +
; PID : The pid is the pid of the simscan proccess
 +
; REMOTEIP : The remoteip is the IP of the sender. Colons ":" get replaced by "," (ipv6). If this information is not available it is set to "(null)"
 +
; RCPTS : the recipients of the mail, seperated by commas.
 +
; TTP : TimeToProcess, is the time is seconds that simscan needed to process the message. 1.1234 is the format.
 +
; MODULES : lists the modules used to scan this message, separated by commas. Looks like: modulename(tts[,version)
 +
** modulename is the name of the scanning module
 +
** tts is the time this module took to scan in seconds. 1.1234 is the format.
 +
** version is the version of the module. only if available (--enable-received)
 +
 +
=== ACTIONS ===
 +
==== PASSED ====
 +
We are in this state if
 +
; ACTIONINFO :

Revision as of 01:10, 26 August 2005

Contents

Current Logging in Simscan

Logging in simscan is to be defined here. Currently most logging lines look like this

 simscan:[PID]:STATE:SUBJECT:SENDERIP:SENDERADDR:RCPTTOADDR

STATE

  • CLEAN: message passed
  • VIRUS: virus
  • SPAM PASS: spam-level too low to bounce
  • SPAM REJECT: spam-level high enough to bounce

SUBJECT

  • State VIRUS: Virus-Name

SENDERIP

  • IP of sender
  • With IPv6 addresses the format is broken because : are used for the address

Wishlist

  • Spam-Points on SPAM PASS or SPAM REJECT
  • attachment and regex blocking should also get logged
  • silently dropped messages also
  • for virus, the scanner should be logged (trophie/sophie/clamav)
  • More statistics
    • Processing time?
    • bytes?
  • easy processing for statistics-generating...

please comment...

Future logging proposal

 simscan[PID]:REMOTEIP:RCPTS:TTP:MODULES:ACTION:ACTIONINFO

The idea is the have the first part (up to ACTION) stay the same and make the ACTIONINFO part dependent on the chosen action.

; PID : The pid is the pid of the simscan proccess
; REMOTEIP : The remoteip is the IP of the sender. Colons ":" get replaced by "," (ipv6). If this information is not available it is set to "(null)"
; RCPTS : the recipients of the mail, seperated by commas.
; TTP : TimeToProcess, is the time is seconds that simscan needed to process the message. 1.1234 is the format.
; MODULES : lists the modules used to scan this message, separated by commas. Looks like: modulename(tts[,version) 
    • modulename is the name of the scanning module
    • tts is the time this module took to scan in seconds. 1.1234 is the format.
    • version is the version of the module. only if available (--enable-received)

ACTIONS

PASSED

We are in this state if

ACTIONINFO 
Personal tools