Current Logging in Simscan
Logging in simscan is to be defined here. Currently most logging lines look like this
- CLEAN: message passed
- VIRUS: virus
- SPAM PASS: spam-level too low to bounce
- SPAM REJECT: spam-level high enough to bounce
- State VIRUS: Virus-Name
- IP of sender
- With IPv6 addresses the format is broken because : are used for the address
- Spam-Points on SPAM PASS or SPAM REJECT
- attachment and regex blocking should also get logged
- silently dropped messages also
- for virus, the scanner should be logged (trophie/sophie/clamav)
- More statistics
- Processing time?
- easy processing for statistics-generating...
Future logging proposal
The idea is the have the first part (up to ACTION) stay the same and make the ACTIONINFO part dependent on the chosen action.
; PID : The pid is the pid of the simscan proccess ; REMOTEIP : The remoteip is the IP of the sender. Colons ":" get replaced by "," (ipv6). If this information is not available it is set to "(null)" ; RCPTS : the recipients of the mail, seperated by commas. ; TTP : TimeToProcess, is the time is seconds that simscan needed to process the message. 1.1234 is the format. ; MODULES : lists the modules used to scan this message, separated by commas. Looks like: modulename(tts[,version)
- modulename is the name of the scanning module
- tts is the time this module took to scan in seconds. 1.1234 is the format.
- version is the version of the module. only if available (--enable-received)
We are in this state if