I hope I have come to the right place for help. My travails have been
reported on the Centos list...
I am setting up a mailserver on Centos 6.3. I am guided by two Howtos:
http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtM...
and
http://wiki.centos.org/HowTos/Amavisd
The former I used for setting up
Postfix/mysql/postfixadmin/dovecot/Roundcube for basic mail handling.
The later I used for the anti-stuff, but instead of using the rpms from
rpmforge, I used the epel rpms, so here I am with my problems.
It looks like a permissions problem; at least that is what I am seeing
in maillog. I am using the test messages shown in sec 4 of the amavisd
howto pointed to above:
Jan 30 14:14:10 test1 postfix/pickup[6682]: DA8082A099B: uid=0 from=<root>
Jan 30 14:14:10 test1 postfix/cleanup[6773]: DA8082A099B:
message-id=<20130130191410.DA8082A099B(a)test1.test.htt-consult.com>
Jan 30 14:14:10 test1 postfix/qmgr[6683]: DA8082A099B:
from=<root(a)test1.test.htt-consult.com>, size=446, nrcpt=1 (queue active)
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) LMTP::10024
/var/spool/amavisd/tmp/amavis-20130130T141411-06756:
<root(a)test1.test.htt-consult.com> -> <faxit(a)test.htt-consult.com>
SIZE=446 Received: from
test1.test.htt-consult.com ([127.0.0.1]) by
localhost (
test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port
10024) with LMTP for <faxit(a)test.htt-consult.com>; Wed, 30 Jan 2013
14:14:11 -0500 (EST)
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) Checking: 95-+1-aqz4Cb
<root(a)test1.test.htt-consult.com> -> <faxit(a)test.htt-consult.com>
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!)run_av (ClamAV-clamd)
FAILED - unexpected ,
output="/var/spool/amavisd/tmp/amavis-20130130T141411-06756/parts:
lstat() failed: Permission denied. ERROR\n"
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!)ClamAV-clamd
av-scanner FAILED: CODE(0x9fff7b8) unexpected ,
output="/var/spool/amavisd/tmp/amavis-20130130T141411-06756/parts:
lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594.
Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!!)WARN: all primary
virus scanners failed, considering backups
Jan 30 14:14:21 test1 amavis[6756]: (06756-01) Blocked INFECTED
(Eicar-Test-Signature), <root(a)test1.test.htt-consult.com> ->
<faxit(a)test.htt-consult.com>, Message-ID:
<20130130191410.DA8082A099B(a)test1.test.htt-consult.com>, mail_id:
95-+1-aqz4Cb, Hits: -, size: 446, 10352 ms
Jan 30 14:14:21 test1 postfix/lmtp[6777]: DA8082A099B:
to=<faxit(a)test.htt-consult.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=11, delays=0.19/0.01/0.01/10, dsn=2.7.0, status=sent (250 2.7.0
Ok, discarded, id=06756-01 - INFECTED: Eicar-Test-Signature)
Jan 30 14:14:21 test1 postfix/qmgr[6683]: DA8082A099B: removed
Jan 30 14:18:37 test1 postfix/pickup[6682]: 6E6342A099C: uid=0 from=<root>
Jan 30 14:18:37 test1 postfix/cleanup[6807]: 6E6342A099C:
message-id=<GTUBE1.1010101(a)example.net>
Jan 30 14:18:37 test1 postfix/qmgr[6683]: 6E6342A099C:
from=<root(a)test1.test.htt-consult.com>, size=947, nrcpt=1 (queue active)
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) LMTP::10024
/var/spool/amavisd/tmp/amavis-20130130T141837-06755:
<root(a)test1.test.htt-consult.com> -> <faxit(a)test.htt-consult.com>
SIZE=947 Received: from
test1.test.htt-consult.com ([127.0.0.1]) by
localhost (
test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port
10024) with LMTP for <faxit(a)test.htt-consult.com>; Wed, 30 Jan 2013
14:18:37 -0500 (EST)
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) Checking: iVLEI2wVyvfc
<root(a)test1.test.htt-consult.com> -> <faxit(a)test.htt-consult.com>
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!)run_av (ClamAV-clamd)
FAILED - unexpected ,
output="/var/spool/amavisd/tmp/amavis-20130130T141837-06755/parts:
lstat() failed: Permission denied. ERROR\n"
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!)ClamAV-clamd
av-scanner FAILED: CODE(0x9fff7b8) unexpected ,
output="/var/spool/amavisd/tmp/amavis-20130130T141837-06755/parts:
lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594.
Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!!)WARN: all primary
virus scanners failed, considering backups
Jan 30 14:19:01 test1 amavis[6755]: (06755-01) Blocked SPAM,
<root(a)test1.test.htt-consult.com> -> <faxit(a)test.htt-consult.com>,
Message-ID: <GTUBE1.1010101(a)example.net>, mail_id: iVLEI2wVyvfc, Hits:
1005.069, size: 947, 23998 ms
Jan 30 14:19:01 test1 postfix/lmtp[6811]: 6E6342A099C:
to=<faxit(a)test.htt-consult.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=24, delays=0.13/0.01/0.01/24, dsn=2.7.0, status=sent (250 2.7.0
Ok, discarded, id=06755-01 - SPAM)
Jan 30 14:19:01 test1 postfix/qmgr[6683]: 6E6342A099C: removed
Note the permissions denied above. I am really unsure of how clamav is
running. The howto references a userid of clamav, but the rpm from epel
sets up a user of clam and that is what I believe I have adjusted for.
Then there are the conf files:
/etc/clamd.conf
/etc/clamd.d/amavisd.conf
/etc/amavisd.conf
Getting the .pid and .sock for clam all correct for these three took a
bit. One would think that since they came from the same repo, things
would line up better. I *believe* that clamd is running under userid
clam and I have added clam to the amavis group.
So I hope I have come to the right place that can help me get this working.
thank you