1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/usr/bin/perl -w
#
# samailoffset - Easy way to get messages from mass-check log output
#
# By: Theo Van Dinter (felicity@apache.org) (c) 1998-2007
# Revision Info: $Id: samailoffset 500015 2007-01-25 22:12:53Z felicity $
#
# this script will grab messages out of a corpus and display the headers (by
# default) or the full message (-b). typically this lets you do something
# like "grep RULE_NAME ham.log | samailoffset" and get the right thing.
use strict;
$|++;
my $body = 0;
# if "-b" is given on the command, this will output the body of the message as
# well as the header.
if ( @ARGV && $ARGV[0] =~ /^-+b/ ) { $body=1; shift; }
unless (@ARGV) {
@ARGV=<STDIN>;
}
foreach ( @ARGV ) {
next if /^#/;
if (/^[.Y]\s+-?\d+\s(.+?)\s(?:[A-Za-z0-9_,]+\s)?[a-z]+=/) {
$_ = $1;
}
my $count = 0;
/^(.+?)(?:\.(\d+))?$/;
my($file,$offset) = ($1,$2);
if ($file =~ /\.gz$/) {
$file = "gunzip -cd $file |";
}
elsif ($file =~ /\.bz2$/) {
$file = "bzip2 -cd $file |";
}
open(T,$file) || die "Can't open $file: $!";
seek T, $offset, 0 if (defined $offset);
while(defined(my $l=<T>)) {
last if ($count++ && $l=~/^From /);
print $l;
last if (!$body && $l=~/^$/);
}
close(T);
}
|
