I frequently get these types of alert notifications from OSSEC-HIDS. ----- Forwarded message from OSSEC HIDS <ossecm@xxxxxxxxxxxxxxxx> ----- OSSEC HIDS Notification. 2006 Jun 11 14:29:53 Received From: satyr->/var/log/maillog Rule: 102 fired (level 7) -> "Unknown problem somewhere in the system.'" Portion of the log(s): spamd[1433]: checking message <1DEBAD4B.77C5EC8@xxxxxxxxxxx> for nobody:99. ----- End forwarded message ----- The problem is that the string "BAD" is found in the above. Maybe if we say that the match must be surrounded by whitespace then the above kind of misfire can be minimized? ---Kayvan -- Kayvan A. Sylvan | Proud husband of | Father to my kids: Sylvan Associates, Inc. | Laura Isabella Sylvan, | Katherine Yelena (8/8/89) http://sylvan.com/~kayvan | my beautiful Queen. | Robin Gregory (2/28/92)
Attachment:
pgph7a72eZk2k.pgp
Description: PGP signature