Simscan/Logging

From Qmailwiki
Revision as of 01:10, 26 August 2005 by Flaviocu (Talk | contribs)
Jump to: navigation, search

Contents

Current Logging in Simscan

Logging in simscan is to be defined here. Currently most logging lines look like this

 simscan:[PID]:STATE:SUBJECT:SENDERIP:SENDERADDR:RCPTTOADDR

STATE

  • CLEAN: message passed
  • VIRUS: virus
  • SPAM PASS: spam-level too low to bounce
  • SPAM REJECT: spam-level high enough to bounce

SUBJECT

  • State VIRUS: Virus-Name

SENDERIP

  • IP of sender
  • With IPv6 addresses the format is broken because : are used for the address

Wishlist

  • Spam-Points on SPAM PASS or SPAM REJECT
  • attachment and regex blocking should also get logged
  • silently dropped messages also
  • for virus, the scanner should be logged (trophie/sophie/clamav)
  • More statistics
    • Processing time?
    • bytes?
  • easy processing for statistics-generating...

please comment...

Future logging proposal

 simscan[PID]:REMOTEIP:RCPTS:TTP:MODULES:ACTION:ACTIONINFO

The idea is the have the first part (up to ACTION) stay the same and make the ACTIONINFO part dependent on the chosen action.

; PID : The pid is the pid of the simscan proccess
; REMOTEIP : The remoteip is the IP of the sender. Colons ":" get replaced by "," (ipv6). If this information is not available it is set to "(null)"
; RCPTS : the recipients of the mail, seperated by commas.
; TTP : TimeToProcess, is the time is seconds that simscan needed to process the message. 1.1234 is the format.
; MODULES : lists the modules used to scan this message, separated by commas. Looks like: modulename(tts[,version) 
    • modulename is the name of the scanning module
    • tts is the time this module took to scan in seconds. 1.1234 is the format.
    • version is the version of the module. only if available (--enable-received)

ACTIONS

PASSED

We are in this state if

ACTIONINFO 
Personal tools