Clamav + amavisd-new

Jan-Frode Myklebust janfrode at
Sun Mar 13 18:54:01 UTC 2011

On 2011-03-12, Kevin Fenzi <kevin at> wrote:
> Anyhow, yeah, if we could add the wrapper thing that amavisd-new needs
> that might be a quick solution.=20

Just tested now by copying /usr/share/clamav/clamd-wrapper from the 
old installation to the new.

First problem:

	Mar 13 18:49:50 asav clamd[23281]: Can't save PID in file /var/run/clamd.amavisd/

(actually the same problem with old clamd-installation). So i manually 
created this directory, and things seems to be working.

> What runs as 'clam'? clamd?


> yes, thats true. It does mean the clam user could modify the db files,
> but the additional security here I don't know is worth it.

.. and if we can get in the /usr/share/clamav/clamd-wrapper, running
the virus-scanner as amavis instead becomes trivial.

> If you wish to seperate things like that, I would suggest running
> clamscan instead as whatever user.=20

clamscan is waay too slow on a busy mailserver.

> * clamav packaged the new way on 4/5/6
> * amavisd-new packaged to use that on 4/5/6
> How we get there is up to the maintainers... I know several people were
> looking at amavisd-new. Perhaps we could get everyone together at an
> irc meeting and hash out what needs to happen?

1 -  Add back /usr/share/clamav/clamd-wrapper to the clamd-package + possibly
     the README-file /usr/share/doc/clamav-server-0.96.1/README which explains
     how to set up individual clamd-instances:

     It's maybe not pretty to put this in %{_prefix}/share/clamav/, but IMHO it's 
     needed for compatibility with older packaging and existing installations on

2 -   Modify amavisd-new from f14 to create the directory /var/run/clamd.amavisd
      (it's already adding the service "clamd.amavisd" which use this directory).

3 -    Make amavisd-new not use "PidFile /var/run/amavisd/" in 
       /etc/clamd.d/amavisd.conf, since it's using the wrapper which overrides
       this pidfile anyway.

I'll get #2/#3 done as well, but would appreciate if someone could sponsor
me as a fedora maintainer, so that can also get this submitted to EPEL properly.


More information about the epel-devel-list mailing list