[Exim] logwrite in system filter

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MJeffrey Goldberg at ->
Delete this message
Reply to this message
Author: Jeffrey Goldberg
Date:  
To: exim-users
Subject: [Exim] logwrite in system filter
It looks like many of us who haven't been using system filters are now
getting into it and so a few questions.

I am having problems with logwrite

I have a system filter which currently looks like this

===========================================
# Exim filter

logfile /var/spool/exim/log/filter_log 

if (first_delivery and not error_message and $message_size is above 6k)
then
 if ($h_subject: IS ILOVEYOU) then
           freeze  text "Suspected ILOVEYOU virus"
#           logwrite "$tod_log $message_id \
#              $sender_address ($sender_host_name[$sender_host_address]) \
#              => $recipients (recipients=$recipients_count) \
#              subject=\"$header_subject\" \
#               reason=Suspected ILOVEYOU virus"
 elif
     $message_body matches
        "\\\\b(?:file)?name=(\"[^\"]+|\\\\S+)\\\\.txt\\\\.vb[se]\\\\b"
then
           freeze text "May contain surrupticious VBscript attachment"
#           logwrite "$tod_log $message_id \
#              $sender_address ($sender_host_name[$sender_host_address]) \
#              => $recipients (recipients=$recipients_count) \
#              subject=\"$header_subject\" \
#               reason=Surrepticious VBScript attachment"
 elif
     $message_body matches
        "\\\\b(?:file)?name=(\"[^\"]+|\S+)\\\\.vb[se]\\\\b" then
           freeze text "May contain VBScript attachment"
#           logwrite "$tod_log $message_id \
#              $sender_address ($sender_host_name[$sender_host_address]) \
#              => $recipients (recipients=$recipients_count) \
#              subject=\"$header_subject\" \
#               reason=VBScript attachment"
 endif
endif
===========================================


Until recently the bits that are commented out, were not commented out.
During that time, nothing was written to the filter log, and the
messages that had been frozen this way were not showing up on the queue
(at least not via eximon). Once I commented out the logwrites the
messages appeared frozen on the queue and all is well.

Obvious questions: Do I have the right file/path/permission for the
filter_log ?

Answer: 

# ls -l /var/spool/exim/log/filter_log
-rw-r--r--   1 exim     exim           0 May  5 12:39 /var/spool/exim/log/filter_log


(I created the empty file with touch hoping that would help).

There is nothing in the panic log to indicate problems writing to this. 


-j
-- 
Jeffrey Goldberg                +44 (0)1234 750 111 x 2826
 Cranfield Computer Centre      FAX         751 814
 J.Goldberg@???     http://WWW.Cranfield.ac.uk/public/cc/cc047/
Relativism is the triumph of authority over truth, convention over justice.




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Generic VBS script detectionRe: [Exim] Generic VBS script detection->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)