--- scripts/services/amavis
+++ scripts/services/amavis
@@ -2283,7 +2283,7 @@
       #XXX elsif (($action, $key, $ip, $from, $to) = ( $p1 =~ /^(?:Virus found - quarantined|(?:(Passed|Blocked) )?INFECTED) \(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o ))
 
       # the first IP is the envelope sender.
-      if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: {[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
+      if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
          inc_unmatched('passblock');
          next;
       }
--- scripts/services/postfix
+++ scripts/services/postfix
@@ -1847,7 +1847,7 @@
         # KeyboardInterrupt 
         $line =~ /^Read line: "/ or
         $line =~ /^Found the end of entry$/ or
-        $line =~ /^Config: {/ or
+        $line =~ /^Config: \{/ or
         $line =~ /^spfcheck: pyspf result/ or
         $line =~ /^Starting$/ or
         $line =~ /^Normal exit$/ or
--- scripts/services/http
+++ scripts/services/http
@@ -1,5 +1,5 @@
 ##########################################################################
-# $Id: http 233 2014-09-09 15:52:31Z stefjakobs $
+# $Id: http 305 2016-01-06 19:28:18Z stefjakobs $
 ##########################################################################
 
 #####################################################
@@ -310,10 +310,10 @@
    } elsif ($logformat =~ /\G%O/gc) {
       $parse_field[$parse_index][$parse_subindex++] = "bytes_out";
       $parse_string[$parse_index] .= "(-|\\d*)";
-   } elsif ($logformat =~ /\G%{Referer}i/gci) {
+   } elsif ($logformat =~ /\G%\{Referer}i/gci) {
       $parse_string[$parse_index] .= "(.*)";
       $parse_field[$parse_index][$parse_subindex++] = "referrer";
-   } elsif ($logformat =~ /\G%{User-Agent}i/gci) {
+   } elsif ($logformat =~ /\G%\{User-Agent}i/gci) {
       $parse_string[$parse_index] .= "(.*)";
       $parse_field[$parse_index][$parse_subindex++] = "agent";
    } elsif ($logformat =~ /\G%({.*?})?./gc) {
--- scripts/services/secure
+++ scripts/services/secure
@@ -1,5 +1,5 @@
 #########################################################################
-# $Id: secure 231 2014-09-09 12:59:24Z stefjakobs $
+# $Id: secure 305 2016-01-06 19:28:18Z stefjakobs $
 ##########################################################################
 # $Log: secure,v $
 # Revision 1.86  2009/11/14 16:26:41  kirk
@@ -505,7 +505,7 @@
       $DeniedAccess{"$User,$Reason"}++;
    } elsif ($ThisLine =~ /^request-key: Cannot find command to construct key/) {
       $RequestKeyFailures++;
-   } elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes {[ 0-9]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (ISSUE|UNKNOWN_SERVER): authtime [0-9]+, (?:etypes {rep=[0-9]+ tkt=[0-9]+ ses=[0-9]+},)? ([^ ]+) for ([^ ,]+)(?:, )?(.*)$/)) {
+   } elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes \{[ 0-9]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (ISSUE|UNKNOWN_SERVER): authtime [0-9]+, (?:etypes \{rep=[0-9]+ tkt=[0-9]+ ses=[0-9]+},)? ([^ ]+) for ([^ ,]+)(?:, )?(.*)$/)) {
      if($service=~/^krbtgt\/([^@]+)@\1/) {
         $service='Login';
      }
@@ -514,7 +514,7 @@
         $e='';
      }
      $KerbList{$response}{$type}{$from}{$service}{$client}{$e}++;
-  } elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes {[ 0-9]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (NEEDED_PREAUTH|PREAUTH_FAILED|CLIENT_NOT_FOUND): ([^ ]+) for ([^ ,]+)(?:, )?(.*)$/)) {
+  } elsif (my ($type,$from,$response,$client,$service,$e) = ($ThisLine =~ /krb5kdc\[[0-9]*\]: (AS_REQ|TGS_REQ) \([0-9]+ etypes \{[ 0-9]+}\) ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): (NEEDED_PREAUTH|PREAUTH_FAILED|CLIENT_NOT_FOUND): ([^ ]+) for ([^ ,]+)(?:, )?(.*)$/)) {
      if($service=~/^krbtgt\/([^@]+)@\1/) {
         $service='Login';
      }
--- scripts/services/amavis
+++ scripts/services/amavis
@@ -2283,7 +2283,7 @@
       #XXX elsif (($action, $key, $ip, $from, $to) = ( $p1 =~ /^(?:Virus found - quarantined|(?:(Passed|Blocked) )?INFECTED) \(([^\)]+)\),[A-Z .]*(?: \[($re_IP)\])?(?: \[$re_IP\])* [<(]([^>)]*)[>)] -> [(<]([^(<]+)[(>]/o ))
 
       # the first IP is the envelope sender.
-      if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
+      if ($p1 !~ /^(CLEAN|SPAM(?:MY)?|INFECTED \(.*?\)|BANNED \(.*?\)|BAD-HEADER(?:-\d)?|UNCHECKED|MTA-BLOCKED|OVERSIZED|OTHER|TEMPFAIL)(?: \{[^}]+\})?, ([^[]+ )?(?:([^<]+) )?[<(](.*?)[>)] -> ([(<].*?[)>]), (?:.*Hits: ([-+.\d]+))(?:.* size: (\d+))?(?:.* autolearn=(\w+))?/) {
          inc_unmatched('passblock');
          next;
       }