Fix case where amavis spam details was not collected. Thanks to grufo for the report.

sendmailanalyzer

@@ -1162,22 +1162,35 @@ sub parse_amavis
 {
 	my ($date,$time,$host,$str) = @_;
 
-	if ($str =~ /\(([^\)]+)\) (Passed|Blocked) SPAM.* <([^>]*)> -> <([^>]*)>(.*) Message-ID: <([^>]*)>, /) {
+	if ($str =~ /\(([^\)]+)\) (Passed|Blocked) SPAM(.*) [<]*([^\s>]*)[>]* -> [<]*([^,>]*)[>]*,(.*) Message-ID: [<]*([^,>]+)[>]*, /) {
 		my $pid = $1;
 		my $status = $2;
-		my $id = $6;
-		my $queueid = $5;
-		my $sender = &edecode($3);
-		my $to = &edecode($4);
+		my $relay = $3;
+		my $id = $7;
+		my $queueid = $6;
+		my $sender = &edecode($4);
+		my $to = &edecode($5);
 		if ($queueid =~ /Queue-ID: ([^,]+)/) {
 			$id = $1;
+		} elsif ($str =~ /mail_id: ([^,]+)/) {
+			# Quarantine id
+			$id = $1;
 		}
-		$SPAM{$host}{$id}{from} = $FROM{$host}{$id}{from} || &edecode($sender);
-		$SPAM{$host}{$id}{to} = $TO{$host}{$id}{queue_to}[0] || &edecode($to);
-		delete $TO{$host}{$id}{queue_date};
-		delete $TO{$host}{$id}{queue_to};
+		$SPAM{$host}{$id}{from} = $sender;
+		$SPAM{$host}{$id}{to} = $to;
 		$SPAM{$host}{$id}{spam} = "Amavis $status Spam";
 		$SPAM{$host}{$id}{date} = $date . $time;
+		if (!exists $FROM{$host}{$id}{from}) {
+			$FROM{$host}{$id}{from} = $sender;
+			$FROM{$host}{$id}{date} = $date . $time;
+			push(@{$TO{$host}{$id}{queue_date}}, $date . $time);
+			push(@{$TO{$host}{$id}{queue_to}}, $to);
+			if ($str =~ /size: (\d+)/) {
+				$FROM{$host}{$id}{size} = $1;
+			}
+			$FROM{$host}{$id}{nrcpts} = 1;
+			$FROM{$host}{$id}{relay} = &clean_relay($relay);
+		}
 		if ($CONFIG{SPAM_DETAIL}) {
 			if (exists $SPAMDETAIL{$host}{$pid}) {
 				foreach (keys %{$SPAM{$host}{$id}}) {
@@ -1185,37 +1198,73 @@ sub parse_amavis
 				}
 			}
 		}
-	} elsif ($str =~ /(Passed|Blocked) INFECTED \(([^\)]*)\), .* <([^>]*)> -> <([^>]*)>.* Message-ID: <([^>]*)>, /) {
-		my $id = $5;
+	} elsif ($str =~ /(Passed|Blocked) INFECTED \(([^\)]*)\), (.*) [<]*([^\s>]*)[>]* -> [<]*([^,>]*)[>]*,(.*) Message-ID: [<]*([^,>]+)[>]*, /) {
+		my $virus = $2;
+		my $relay = $3;
+		my $from = $4;
+		my $to = &edecode($5);
+		my $id = &edecode($7);
+		my $queue_id = $6;
+		if ($queue_id =~ /Queue-ID: ([^,]+),/) {
+			$id = $1;
+		}
+print STDERR "AAAAAAAAAAAAAAAAAA $id => $virus : $from -> $to\n";
 		$VIRUS{$host}{$id}{file} = 'Inline';
-		$VIRUS{$host}{$id}{virus} = $2;
-		$VIRUS{$host}{$id}{from} = $3;
-		$VIRUS{$host}{$id}{to} = $4;
+		$VIRUS{$host}{$id}{virus} = $virus;
+		$VIRUS{$host}{$id}{from} = $from;
+		$VIRUS{$host}{$id}{to} = $to;
 		$VIRUS{$host}{$id}{date} = $date . $time;
+		if (!exists $FROM{$host}{$id}{from}) {
+			$FROM{$host}{$id}{from} = $from;
+			$FROM{$host}{$id}{date} = $date . $time;
+			push(@{$TO{$host}{$id}{queue_date}}, $date . $time);
+			push(@{$TO{$host}{$id}{queue_to}}, $to);
+			if ($str =~ /size: (\d+)/) {
+				$FROM{$host}{$id}{size} = $1;
+			}
+			$FROM{$host}{$id}{nrcpts} = 1;
+			$FROM{$host}{$id}{relay} = &clean_relay($relay);
+		}
 	}
+
 	if ($CONFIG{SPAM_DETAIL}) {
-		if ($str =~ /\(([^\)]+)\) SPAM, .*, Yes, score=([^\s]+).* tests=(.*), autolearn=([^,]+)/) {
+
+		if ($str =~ /\(([^\)]+)\) SPAM, (.*), Yes, score=([^\s]+) .* tests=(.*) autolearn=([^,]+)/) {
+			my $id = $1;
+			my $from_to = $2;
+			my $score = $3;
+			my $spam = $4;
+			my $autolearn = $5;
+			if ($str =~ /autolearn=spam, quarantine ([^\s,]+)/) {
+				$id = $1;
+			}
+			$SPAMDETAIL{$host}{$id}{date} = $date . $time;
+			$SPAMDETAIL{$host}{$id}{type} = 'amavis';
+			$SPAMDETAIL{$host}{$id}{score} = $score;
+			$SPAMDETAIL{$host}{$id}{spam} = $spam;
+			$SPAMDETAIL{$host}{$id}{autolearn} = $autolearn;
+			($SPAMDETAIL{$host}{$id}{from}, $SPAMDETAIL{$host}{$id}{to}) = split(/ -> /, $from_to);
+print STDERR "BBBBBBBBBBBB $id => $SPAMDETAIL{$host}{$id}{from}, $SPAMDETAIL{$host}{$id}{to}\n";
+		} elsif ($str =~ /\(([^\)]+)\) SPAM, (.*), Yes, score=([^\s]+).* tests=(.*)/) {
+			my $from_to = $2;
 			$SPAMDETAIL{$host}{$1}{date} = $date . $time;
 			$SPAMDETAIL{$host}{$1}{type} = 'amavis';
-			$SPAMDETAIL{$host}{$1}{score} = $2;
-			$SPAMDETAIL{$host}{$1}{spam} = $3;
-			$SPAMDETAIL{$host}{$1}{autolearn} = $4;
-		} elsif ($str =~ /\(([^\)]+)\) SPAM, .*, Yes, score=([^\s]+).* tests=(.*)/) {
-			$SPAMDETAIL{$host}{$1}{date} = $date . $time;
-			$SPAMDETAIL{$host}{$1}{type} = 'amavis';
-			$SPAMDETAIL{$host}{$1}{score} = $2;
-			$SPAMDETAIL{$host}{$1}{spam} = $3;
+			$SPAMDETAIL{$host}{$1}{score} = $3;
+			$SPAMDETAIL{$host}{$1}{spam} = $4;
+			($SPAMDETAIL{$host}{$1}{from}, $SPAMDETAIL{$host}{$1}{to}) = split(/ -> /, $from_to);
 		} elsif ($str =~ /\(([^\)]+)\) spam_scan: score=([^\s]+) autolearn=([^\s]+) tests=(.*),/) {
 			$SPAMDETAIL{$host}{$1}{date} = $date . $time;
 			$SPAMDETAIL{$host}{$1}{type} = 'amavis';
 			$SPAMDETAIL{$host}{$1}{score} = $2;
 			$SPAMDETAIL{$host}{$1}{autolearn} = $3;
 			$SPAMDETAIL{$host}{$1}{spam} = $4;
-		} elsif ($str =~ /\(([^\)]+)\) SPAM, .*, Yes, hits=([^\s]+) .*tests=(.*), quarantine/) {
+		} elsif ($str =~ /\(([^\)]+)\) SPAM, (.*), Yes, hits=([^\s]+) .*tests=(.*), quarantine/) {
+			my $from_to = $2;
 			$SPAMDETAIL{$host}{$1}{date} = $date . $time;
 			$SPAMDETAIL{$host}{$1}{type} = 'amavis';
-			$SPAMDETAIL{$host}{$1}{score} = $2;
-			$SPAMDETAIL{$host}{$1}{spam} = $3;
+			$SPAMDETAIL{$host}{$1}{score} = $3;
+			$SPAMDETAIL{$host}{$1}{spam} = $4;
+			($SPAMDETAIL{$host}{$1}{from}, $SPAMDETAIL{$host}{$1}{to}) = split(/ -> /, $from_to);
 		}
 	}
 }
@@ -1365,10 +1414,14 @@ sub clean_relay
 	} elsif ($relay =~ m#localhost|127\.0\.0\.1#) {
 		return 'localhost';
 	} elsif ($relay =~ /^(.*[^\d])(\d+\.\d+\.\d+\.\d+)/) {
-		if (lc($1) eq 'unknown') {
-			return $2;
+		my $fqdn = $1;
+		my $ip = $2;
+		if (lc($fqdn) eq 'unknown') {
+			return $ip;
+		} elsif ($fqdn =~ /[\s,]/) {
+			return $ip;
 		} else {
-			return $1;
+			return $fqdn;
 		}
 	}
 	$relay =~ s#^\s+##;