[Mimedefang] Reading MIMEDefang log-entries

Tue Jul 31 17:36:27 EDT 2007

On Tue, 31 Jul 2007, Briareos wrote:

> Great! I got nice output now. One (i guess) last question: Is there a chance
> to get the points per test SA does (like "BAYES 5, DDC 9, HTML 0.1, ...") or

   You can do this but you would have to a.) make sure those lines appear
in your report; and b.) parse the report for the scores.

   The first part is just making sure you have the _SUMMARY_ macro in your
report definition.  This will cause you to get lines like this:

 0.6 NO_REAL_NAME           From: does not include a real name
 1.2 SUBJ_ALL_CAPS          Subject is all capitals
 0.0 UPPERCASE_25_50        message body is 25-50% uppercase
 0.5 PLING_PLING            Subject has lots of exclamation marks

(along with any other "noise" lines that you get in your report).  So now
you just parse those lines.  In your filter_end you probably have a line
that reads something like

    if ($hits >= $req) {

you could add these lines under there (Warning! only semi-tested):

      if($report) {
        my @report = split(/\n/,$report);
        my $hitline;
        foreach my $reportline (@report) {
          next unless ($reportline =~ /^ (\d{1,2\.\d) (\w+)/);
          #
          # At this point, $1 should contain the numeric score, and
          # $2 should have the rule name.
          #
          $hitline = $hitline . "$2 $1\; ";
        }
        # remove the extra trailing space from $hitline if you want
        chop($hitline);
        #
        #  Now do with $hitline whatever you want done (log, etc).
        #
      }

   Hope this helps...

Jim McCullars
University of Alabama in Huntsville