0

i install on centos 6.4 amavis-new and clamav

/etc/clamd.d/amavisd

# cat amavisd.conf
# Use system logger.
LogSyslog yes

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
LogFacility LOG_MAIL

# This option allows you to save a process identifier of the listening
# daemon (main thread).
PidFile /var/run/amavisd/clamd.pid

# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket yes

# Run as a selected user (clamd must be started by root).
User amavis

# Path to a local socket file the daemon will listen on.
LocalSocket /var/spool/amavisd/clamd.sock

/etc/amavisd/amavisd.conf

['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

but if i test with viru in /var/log/maillog i see

Jul 16 09:46:24 server postfix/qmgr[15064]: 36F0A19F5: from=<root@itzena.cz>, size=407, nrcpt=1 (queue active)
Jul 16 09:46:24 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: 2
Jul 16 09:46:25 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory
Jul 16 09:46:25 server amavis[16208]: (16208-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2)
Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory
Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/spool/amavisd/clamd.sock (All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock) at (eval 113) line 600.\n
Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)WARN: all primary virus scanners failed, considering backups
Jul 16 09:46:36 server amavis[16208]: (16208-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedInbound,Quarantined}, <root@itzena.cz> -> <mardon@itzena.cz>, Message-ID: <20130716074624.36F0A19F5@server.itzena.cz>, mail_id: yDd_Z6Hv2PEK, Hits: -, size: 407, 12624 ms
Jul 16 09:46:36 server postfix/lmtp[16336]: 36F0A19F5: to=<mardon@itzena.cz>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=0.11/0/0/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=16208-01 - INFECTED: Eicar-Test-Signature)
Jul 16 09:46:36 server postfix/qmgr[15064]: 36F0A19F5: removed

clamd is running but in /var/spool/amavisd isni clamd.sock

 ps ax | grep clam
16509 ?        Ssl    0:00 clamd
16517 pts/2    S+     0:00 grep clam




# ls /var/spool/amavisd/
amavisd.sock  db  quarantine  tmp
mardon
  • 243
  • 1
  • 5
  • 17

3 Answers3

2

The answer is this: LocalSocket /var/spool/amavisd/clamd.sock not being equal to this: ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],, you need to decide which one you want to use, then set both programs to use it.

NickW
  • 10,263
  • 1
  • 20
  • 27
1

At the very beginning there is no clamd.sock file inside the /var/spool/amavisd/ directory. If you change the path of LocalSocket /var/spool/amavisd/clamd.sock or ["CONTSCAN {}\n","/var/run/clamav/clamd.sock"] as above answer it will give an error,

[root@hostname ~]# /etc/init.d/clamd.amavisd restart
Starting clamd.amavisd: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.
                                                           [FAILED]
[root@hostname ~]#

No need to change as above. I had the same problem. So I just start clamd.amavisd service. Then it works fine. The problen is we are not start clamd.amavisd service we start only clamd service.

[root@hostname ~]# /etc/init.d/clamd.amavisd start
Starting clamd.amavisd:                                    [  OK  ]
[root@hostname ~]#

Then it will create clamd.sock file automatically inside the /var/spool/amavisd/.

Kalana D
  • 11
  • 3
0

No need to change as above. I had the same problem. So I just start clamd.amavisd service. Then it works fine. The problen is we are not start clamd.amavisd service we start only clamd service.

[root@hostname ~]# /etc/init.d/clamd.amavisd start
Starting clamd.amavisd:                                    [  OK  ]
[root@hostname ~]#

Then it will create clamd.sock file automatically inside the /var/spool/amavisd/.

No it doesn't - you will get a permission denied error if you do that.

Katherine Villyard
  • 18,550
  • 4
  • 37
  • 59
guest
  • 1