From: Mira Limbeck <m.limbeck@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH log-tracker 2/2] tests: add clamd signature found log test
Date: Wed, 19 Jul 2023 17:13:52 +0200 [thread overview]
Message-ID: <20230719151352.1438974-2-m.limbeck@proxmox.com> (raw)
In-Reply-To: <20230719151352.1438974-1-m.limbeck@proxmox.com>
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
---
...st_input_after_queue_clamd_signature_found | 13 +++++++++
...t_output_after_queue_clamd_signature_found | 29 +++++++++++++++++++
tests/tests_after_queue.rs | 24 +++++++++++++++
3 files changed, 66 insertions(+)
create mode 100644 tests/test_input_after_queue_clamd_signature_found
create mode 100644 tests/test_output_after_queue_clamd_signature_found
diff --git a/tests/test_input_after_queue_clamd_signature_found b/tests/test_input_after_queue_clamd_signature_found
new file mode 100644
index 0000000..72d24eb
--- /dev/null
+++ b/tests/test_input_after_queue_clamd_signature_found
@@ -0,0 +1,13 @@
+2023-07-19T16:04:27.415550+02:00 pmg postfix/smtpd[1165]: connect from pmghost.mydomain.tld[192.168.1.001]
+2023-07-19T16:04:27.415823+02:00 pmg postfix/smtpd[1165]: 65810380099: client=pmghost.mydomain.tld[192.168.1.001]
+2023-07-19T16:04:27.459569+02:00 pmg postfix/cleanup[1169]: 65810380099: message-id=<redacted:msgid>
+2023-07-19T16:04:27.473604+02:00 pmg postfix/qmgr[746]: 65810380099: from=<redacted:return-path@domain.tld>, size=1968, nrcpt=1 (queue active)
+2023-07-19T16:04:27.473656+02:00 pmg postfix/smtpd[1165]: disconnect from pmghost.mydomain.tld[192.168.1.001] ehlo=1 mail=1 rcpt=1 data=1 commands=4
+2023-07-19T16:04:27.519674+02:00 pmg pmg-smtp-filter[783]: 38089764B7ED6B7DE74: new mail message-id=<redacted:msgid>#012
+2023-07-19T16:04:27.528730+02:00 pmg clamd[638]: /var/spool/pmg/active/38089764B7ED6B7DE74: Eicar-Signature FOUND
+2023-07-19T16:04:27.528789+02:00 pmg clamd[638]: /var/spool/pmg/active/38089764B7ED6B7DE74: Eicar-Signature FOUND
+2023-07-19T16:04:27.528963+02:00 pmg pmg-smtp-filter[783]: 38089764B7ED6B7DE74: virus detected: Eicar-Signature (clamav)
+2023-07-19T16:04:27.538824+02:00 pmg pmg-smtp-filter[783]: 38089764B7ED6B7DE74: moved mail for <redacted:recipient@mydomain.tld> to virus quarantine - 3835A764B7ED6B8146A (rule: block all)
+2023-07-19T16:04:27.543650+02:00 pmg pmg-smtp-filter[783]: 38089764B7ED6B7DE74: processing time: 0.023 seconds (0, 0.009, 0)
+2023-07-19T16:04:27.543837+02:00 pmg postfix/lmtp[1170]: 65810380099: to=<redacted:recipient@mydomain.tld>, relay=127.0.0.1[127.0.0.1]:10023, delay=0.13, delays=0.06/0/0.04/0.03, dsn=2.5.0, status=sent (250 2.5.0 OK (38089764B7ED6B7DE74))
+2023-07-19T16:04:27.543930+02:00 pmg postfix/qmgr[746]: 65810380099: removed
diff --git a/tests/test_output_after_queue_clamd_signature_found b/tests/test_output_after_queue_clamd_signature_found
new file mode 100644
index 0000000..fde5459
--- /dev/null
+++ b/tests/test_output_after_queue_clamd_signature_found
@@ -0,0 +1,29 @@
+# LogReader: 3430
+# Query options
+# Start: 2023-07-19 00:00:00 (1689724800)
+# End: 2023-07-20 00:00:00 (1689811200)
+# End Query Options
+
+QENTRY: 65810380099
+CTIME: 64B8098B
+SIZE: 1968
+CLIENT: pmghost.mydomain.tld[192.168.1.001]
+MSGID: <redacted:msgid>
+TO:64B8098B:65810380099:Q: from <redacted:return-path@domain.tld> to <redacted:recipient@mydomain.tld> (3835A764B7ED6B8146A)
+SMTP:
+L00000001 2023-07-19T16:04:27.415550+02:00 pmg postfix/smtpd[1165]: connect from pmghost.mydomain.tld[192.168.1.001]
+L00000002 2023-07-19T16:04:27.415823+02:00 pmg postfix/smtpd[1165]: 65810380099: client=pmghost.mydomain.tld[192.168.1.001]
+L00000005 2023-07-19T16:04:27.473656+02:00 pmg postfix/smtpd[1165]: disconnect from pmghost.mydomain.tld[192.168.1.001] ehlo=1 mail=1 rcpt=1 data=1 commands=4
+FILTER: 38089764B7ED6B7DE74
+L00000006 2023-07-19T16:04:27.519674+02:00 pmg pmg-smtp-filter[783]: 38089764B7ED6B7DE74: new mail message-id=<redacted:msgid>#012
+L00000007 2023-07-19T16:04:27.528730+02:00 pmg clamd[638]: /var/spool/pmg/active/38089764B7ED6B7DE74: Eicar-Signature FOUND
+L00000008 2023-07-19T16:04:27.528789+02:00 pmg clamd[638]: /var/spool/pmg/active/38089764B7ED6B7DE74: Eicar-Signature FOUND
+L00000009 2023-07-19T16:04:27.528963+02:00 pmg pmg-smtp-filter[783]: 38089764B7ED6B7DE74: virus detected: Eicar-Signature (clamav)
+L0000000A 2023-07-19T16:04:27.538824+02:00 pmg pmg-smtp-filter[783]: 38089764B7ED6B7DE74: moved mail for <redacted:recipient@mydomain.tld> to virus quarantine - 3835A764B7ED6B8146A (rule: block all)
+L0000000B 2023-07-19T16:04:27.543650+02:00 pmg pmg-smtp-filter[783]: 38089764B7ED6B7DE74: processing time: 0.023 seconds (0, 0.009, 0)
+QMGR:
+L00000003 2023-07-19T16:04:27.459569+02:00 pmg postfix/cleanup[1169]: 65810380099: message-id=<redacted:msgid>
+L00000004 2023-07-19T16:04:27.473604+02:00 pmg postfix/qmgr[746]: 65810380099: from=<redacted:return-path@domain.tld>, size=1968, nrcpt=1 (queue active)
+L0000000C 2023-07-19T16:04:27.543837+02:00 pmg postfix/lmtp[1170]: 65810380099: to=<redacted:recipient@mydomain.tld>, relay=127.0.0.1[127.0.0.1]:10023, delay=0.13, delays=0.06/0/0.04/0.03, dsn=2.5.0, status=sent (250 2.5.0 OK (38089764B7ED6B7DE74))
+L0000000D 2023-07-19T16:04:27.543930+02:00 pmg postfix/qmgr[746]: 65810380099: removed
+
diff --git a/tests/tests_after_queue.rs b/tests/tests_after_queue.rs
index 8e13564..b6e08b3 100644
--- a/tests/tests_after_queue.rs
+++ b/tests/tests_after_queue.rs
@@ -202,3 +202,27 @@ fn after_queue_duplicate_msgid() {
let output_reader = BufReader::new(&output.stdout[..]);
utils::compare_output(output_reader, expected_output);
}
+
+#[test]
+fn after_queue_clamd_signature_found() {
+ let output = Command::new("faketime")
+ .env("TZ", "Europe/Vienna")
+ .arg("2023-07-20 23:59:59")
+ .arg(utils::log_tracker_path())
+ .arg("-vv")
+ .arg("-s")
+ .arg("2023-07-19 00:00:00")
+ .arg("-e")
+ .arg("2023-07-20 00:00:00")
+ .arg("-i")
+ .arg("tests/test_input_after_queue_clamd_signature_found")
+ .output()
+ .expect("failed to execute pmg-log-tracker");
+
+ let expected_file = File::open("tests/test_output_after_queue_clamd_signature_found")
+ .expect("failed to open test_output");
+
+ let expected_output = BufReader::new(&expected_file);
+ let output_reader = BufReader::new(&output.stdout[..]);
+ utils::compare_output(output_reader, expected_output);
+}
--
2.39.2
next prev parent reply other threads:[~2023-07-19 15:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-19 15:13 [pmg-devel] [PATCH log-tracker 1/2] add clamd signature found messages to log output Mira Limbeck
2023-07-19 15:13 ` Mira Limbeck [this message]
2023-08-04 12:09 ` Dominik Csapak
2023-09-12 14:18 ` Stoiko Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230719151352.1438974-2-m.limbeck@proxmox.com \
--to=m.limbeck@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox