New - problems with amavis-new and clamav on Centos 6.3

Robert Moskowitz rgm at htt-consult.com
Wed Jan 30 22:47:57 UTC 2013 

I hope I have come to the right place for help.  My travails have been 
reported on the Centos list...

I am setting up a mailserver on Centos 6.3.  I am guided by two Howtos:

http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer
and
http://wiki.centos.org/HowTos/Amavisd

The former I used for setting up 
Postfix/mysql/postfixadmin/dovecot/Roundcube for basic mail handling.

The later I used for the anti-stuff, but instead of using the rpms from 
rpmforge, I used the epel rpms, so here I am with my problems.

It looks like a permissions problem; at least that is what I am seeing 
in maillog.  I am using the test messages shown in sec 4 of the amavisd 
howto pointed to above:

Jan 30 14:14:10 test1 postfix/pickup[6682]: DA8082A099B: uid=0 from=<root>
Jan 30 14:14:10 test1 postfix/cleanup[6773]: DA8082A099B: 
message-id=<20130130191410.DA8082A099B at test1.test.htt-consult.com>
Jan 30 14:14:10 test1 postfix/qmgr[6683]: DA8082A099B: 
from=<root at test1.test.htt-consult.com>, size=446, nrcpt=1 (queue active)
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) LMTP::10024 
/var/spool/amavisd/tmp/amavis-20130130T141411-06756: 
<root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com> 
SIZE=446 Received: from test1.test.htt-consult.com ([127.0.0.1]) by 
localhost (test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 
10024) with LMTP for <faxit at test.htt-consult.com>; Wed, 30 Jan 2013 
14:14:11 -0500 (EST)
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) Checking: 95-+1-aqz4Cb 
<root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com>
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!)run_av (ClamAV-clamd) 
FAILED - unexpected , 
output="/var/spool/amavisd/tmp/amavis-20130130T141411-06756/parts: 
lstat() failed: Permission denied. ERROR\n"
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!)ClamAV-clamd 
av-scanner FAILED: CODE(0x9fff7b8) unexpected , 
output="/var/spool/amavisd/tmp/amavis-20130130T141411-06756/parts: 
lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594.
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!!)WARN: all primary 
virus scanners failed, considering backups
Jan 30 14:14:21 test1 amavis[6756]: (06756-01) Blocked INFECTED 
(Eicar-Test-Signature), <root at test1.test.htt-consult.com> -> 
<faxit at test.htt-consult.com>, Message-ID: 
<20130130191410.DA8082A099B at test1.test.htt-consult.com>, mail_id: 
95-+1-aqz4Cb, Hits: -, size: 446, 10352 ms
Jan 30 14:14:21 test1 postfix/lmtp[6777]: DA8082A099B: 
to=<faxit at test.htt-consult.com>, relay=127.0.0.1[127.0.0.1]:10024, 
delay=11, delays=0.19/0.01/0.01/10, dsn=2.7.0, status=sent (250 2.7.0 
Ok, discarded, id=06756-01 - INFECTED: Eicar-Test-Signature)
Jan 30 14:14:21 test1 postfix/qmgr[6683]: DA8082A099B: removed

Jan 30 14:18:37 test1 postfix/pickup[6682]: 6E6342A099C: uid=0 from=<root>
Jan 30 14:18:37 test1 postfix/cleanup[6807]: 6E6342A099C: 
message-id=<GTUBE1.1010101 at example.net>
Jan 30 14:18:37 test1 postfix/qmgr[6683]: 6E6342A099C: 
from=<root at test1.test.htt-consult.com>, size=947, nrcpt=1 (queue active)
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) LMTP::10024 
/var/spool/amavisd/tmp/amavis-20130130T141837-06755: 
<root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com> 
SIZE=947 Received: from test1.test.htt-consult.com ([127.0.0.1]) by 
localhost (test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 
10024) with LMTP for <faxit at test.htt-consult.com>; Wed, 30 Jan 2013 
14:18:37 -0500 (EST)
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) Checking: iVLEI2wVyvfc 
<root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com>
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!)run_av (ClamAV-clamd) 
FAILED - unexpected , 
output="/var/spool/amavisd/tmp/amavis-20130130T141837-06755/parts: 
lstat() failed: Permission denied. ERROR\n"
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!)ClamAV-clamd 
av-scanner FAILED: CODE(0x9fff7b8) unexpected , 
output="/var/spool/amavisd/tmp/amavis-20130130T141837-06755/parts: 
lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594.
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!!)WARN: all primary 
virus scanners failed, considering backups
Jan 30 14:19:01 test1 amavis[6755]: (06755-01) Blocked SPAM, 
<root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com>, 
Message-ID: <GTUBE1.1010101 at example.net>, mail_id: iVLEI2wVyvfc, Hits: 
1005.069, size: 947, 23998 ms
Jan 30 14:19:01 test1 postfix/lmtp[6811]: 6E6342A099C: 
to=<faxit at test.htt-consult.com>, relay=127.0.0.1[127.0.0.1]:10024, 
delay=24, delays=0.13/0.01/0.01/24, dsn=2.7.0, status=sent (250 2.7.0 
Ok, discarded, id=06755-01 - SPAM)
Jan 30 14:19:01 test1 postfix/qmgr[6683]: 6E6342A099C: removed

Note the permissions denied above.  I am really unsure of how clamav is 
running.  The howto references a userid of clamav, but the rpm from epel 
sets up a user of clam and that is what I believe I have adjusted for.  
Then there are the conf files:

/etc/clamd.conf
/etc/clamd.d/amavisd.conf
/etc/amavisd.conf

Getting the .pid and .sock for clam all correct for these three took a 
bit.  One would think that since they came from the same repo, things 
would line up better.  I *believe* that clamd is running under userid 
clam and I have added clam to the amavis group.

So I hope I have come to the right place that can help me get this working.

thank you

More information about the epel-devel-list mailing list