On 22/08/16 02:10, Jay Hart wrote:
Hello gents,
First time poster here!
Current system running Centos 6.8. Buddy of mine posted a few days back about me wanting to move from Postfix 2.6.x to 2.8 to above, still under centos 6.8. I might move over to 7, but probably not for a while, don't have the resources presently to make this happen.
Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box fully patched using stable repos.
____ISSUE_____
Logwatch is reporting this error, which I'm going to assume has been occurring for a few years but doesn't affect sending/receiving emails, so I haven't chased it down, now I'm looking to fix that.
1 (06498-19) ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (1)
Since this is reported by "ClamAV-clamd", I am assuming this is coming from amavisd.conf. My logic on this is that a grep search for that particular string only shows up in the /etc/amavisd.conf file, when its calling the scanner. Pasted code from file below:
@av_scanners = ( ['ClamAV-clamd', &ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not sure what is causing this or why, or how to fix.
and what does clamd.conf say:
cat /etc/clamd.conf | grep 'clamd.sock'
Does it match the "/var/spool/amavisd/clamd.sock" entry above?
Yes, it matches:
[sysconfig]# cat /etc/clamd.conf |grep "clamd.sock" LocalSocket /var/spool/amavisd/clamd.sock
Here is /var/spool/amavisd contents:
[run]# ls -al /var/spool/amavisd/ total 64 drwxr-x--- 7 amavis amavis 4096 Aug 21 19:10 . drwxr-xr-x. 15 root root 4096 Mar 15 2012 .. srwxr-x--- 1 amavis amavis 0 Aug 21 19:10 amavisd.sock srw-rw-rw- 1 amavis amavis 0 Aug 21 19:10 clamd.sock drwxr-x--- 2 amavis amavis 4096 Aug 21 19:10 db drwxr-x--- 2 amavis amavis 36864 Aug 21 19:50 quarantine drwxr-x--- 2 amavis amavis 4096 Aug 21 09:23 .razor drwx------ 2 amavis amavis 4096 Aug 21 20:42 .spamassassin drwxr-x--- 4 amavis amavis 4096 Aug 21 20:42 tmp
Seems to be owned by the right group, I rebooted at 19.10 today hence timestamp date/time.
Is the clamav user a member of the amavis group? i.e, does the user clam runs under have access to the socket?
clam:x:489: amavis:x:488:clam
Should I amavis to the clam group?
To your second question, how can I determine this?
So, my question is, what do I need to do to eliminate this error? How can I chase it down?
Check the two most common causes above :-)
TIA,
Jay
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos