amavis

#!/bin/sh

: <<=cut

=head1 NAME

amavis - plugin to monitor the amavis mail filter.

=head1 APPLICABLE SYSTEMS

Hosts running amavis localy and logtail(8) installed.

=head1 CONFIGURATION

The configuration environment variables are available

=over 4

=item amavislog

Path to logfile (Default: "/var/log/mail/mail.info")

=item logtail

Path to logtail command (Default: "logtail")

=back

On most systems the mail logs are not readable by nobody which the
plugin usually runs at.  To enable log reading it needs to run as a
group or user that has read access, as shown above.

By default the logtail program is started without any explicit path,
but if it is not found in the system $PATH then you will need to specify
the full path for the program.

=head2 EXAMPLE CONFIGURATION

The following shows a typical configuration:

  [amavis]
     env.amavislog     /var/log/mail/mail.info
     env.logtail       /usr/bin/logtail
     group adm

=head2 DEFAULT CONFIGURATION

This is the default configuration:

  [amavis]
    env.mktemp_command /bin/mktemp

=head1 INTERPRETATION

The plugin shows "probable spam", "surely spam" and "virus".  If your
"probable spam" raises you may need to tune your spam configuration to
classify more spam as "surely spam" and so be able to eliminate it.

=head1 MAGIC MARKERS

  #%# family=auto
  #%# capabilities=autoconf

=head1 BUGS

Should use counters since the origin data is really counters.  If the
node has multiple masters the data served will now be incorrect.
Proper operation may require porting to perl or such.

=head1 AUTHOR

Unknown

=head1 LICENSE

GPLv2

=cut

AMAVIS_LOG=${amavislog:-/var/log/mail/mail.info}
LOGTAIL=${logtail:-$(command -v logtail)}
STATEFILE=$MUNIN_PLUGSTATE/amavis.offset
mktemp_command="${mktemp_command:-/bin/mktemp}"

if [ "$1" = "autoconf" ]; then
	if [ ! -f "$AMAVIS_LOG" ]; then
		echo "no (file '$AMAVIS_LOG' not found)"
	elif [ -z "$LOGTAIL" ]; then
		echo "no (executable 'logtail' not found)"
	elif [ ! -x "$LOGTAIL" ]; then
		echo "no ('$LOGTAIL' is not executable)"
	elif ! { command -v amavisd-new || command -v amavisd; } >/dev/null; then
		echo "no (exeuctable 'amavisd' or 'amavisd-new' not found)"
	else
		echo yes
	fi
	exit 0
fi

# Try tailing a random file to check how arguments are passed
ARGS=0
"$LOGTAIL" /etc/hosts 2>/dev/null >/dev/null
if [ $? = 66 ]; then
    if [ -z "$logtail" ]; then
	ARGS=1
    fi
fi

if [ "$1" = "config" ]; then
	echo 'graph_title Amavis filter statistics'
	echo 'graph_vlabel \#'
	echo 'graph_category antivirus'
	echo 'virus.label virus'
	echo 'virus.info Number of viruses caught in email'
	echo 'spam_maybe.label probably spam'
	echo 'spam_maybe.info Emails amavis thinks probably contains spam'
	echo 'spam_sure.label surely spam'
	echo 'spam_sure.info Emails amavis is sure contains spam'
	echo 'total.label total mails'
	echo 'total.info Total emails evaluated by amavis'
	exit 0
fi

total=U
virus=U
spamm=U
spams=U

TEMP_FILE=$($mktemp_command) || exit 73
trap 'rm -f "$TEMP_FILE"' EXIT

if [ -n "$TEMP_FILE" ] && [ -f "$TEMP_FILE" ]; then
	if [ "$ARGS" != 0 ]; then
	    "$LOGTAIL" -f "${AMAVIS_LOG}" -o "${STATEFILE}" | grep 'amavis\[.*\]:' > "${TEMP_FILE}"
	else
	    "$LOGTAIL" "${AMAVIS_LOG}" "${STATEFILE}" | grep 'amavis\[.*\]:' > "${TEMP_FILE}"
	fi
	total=$(grep -c 'Hits:' "$TEMP_FILE")
	virus=$(grep -c 'INFECTED.*Hits:' "$TEMP_FILE")
	spamm=$(grep -c 'SPAMMY.*Hits:' "$TEMP_FILE")
	spams=$(grep -c 'SPAM .*Hits:' "$TEMP_FILE")
fi

echo "virus.value ${virus}"
echo "spam_maybe.value ${spamm}"
echo "spam_sure.value ${spams}"
echo "total.value ${total}"