I should probably find either the amavis or clam list(s) and take this there?
Anyway, I have totally rebuilt my machine with clean installs. I have spent time carefully (I hope!) studying the amavis and clamav conf files before starting them and running the tests. Here is what I am getting:
Jan 30 14:14:10 test1 postfix/pickup[6682]: DA8082A099B: uid=0 from=<root> Jan 30 14:14:10 test1 postfix/cleanup[6773]: DA8082A099B: message-id=20130130191410.DA8082A099B@test1.test.htt-consult.com Jan 30 14:14:10 test1 postfix/qmgr[6683]: DA8082A099B: from=root@test1.test.htt-consult.com, size=446, nrcpt=1 (queue active) Jan 30 14:14:11 test1 amavis[6756]: (06756-01) LMTP::10024 /var/spool/amavisd/tmp/amavis-20130130T141411-06756: root@test1.test.htt-consult.com -> faxit@test.htt-consult.com SIZE=446 Received: from test1.test.htt-consult.com ([127.0.0.1]) by localhost (test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP for faxit@test.htt-consult.com; Wed, 30 Jan 2013 14:14:11 -0500 (EST) Jan 30 14:14:11 test1 amavis[6756]: (06756-01) Checking: 95-+1-aqz4Cb root@test1.test.htt-consult.com -> faxit@test.htt-consult.com Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130130T141411-06756/parts: lstat() failed: Permission denied. ERROR\n" Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0x9fff7b8) unexpected , output="/var/spool/amavisd/tmp/amavis-20130130T141411-06756/parts: lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594. Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!!)WARN: all primary virus scanners failed, considering backups Jan 30 14:14:21 test1 amavis[6756]: (06756-01) Blocked INFECTED (Eicar-Test-Signature), root@test1.test.htt-consult.com -> faxit@test.htt-consult.com, Message-ID: 20130130191410.DA8082A099B@test1.test.htt-consult.com, mail_id: 95-+1-aqz4Cb, Hits: -, size: 446, 10352 ms Jan 30 14:14:21 test1 postfix/lmtp[6777]: DA8082A099B: to=faxit@test.htt-consult.com, relay=127.0.0.1[127.0.0.1]:10024, delay=11, delays=0.19/0.01/0.01/10, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=06756-01 - INFECTED: Eicar-Test-Signature) Jan 30 14:14:21 test1 postfix/qmgr[6683]: DA8082A099B: removed
Jan 30 14:18:37 test1 postfix/pickup[6682]: 6E6342A099C: uid=0 from=<root> Jan 30 14:18:37 test1 postfix/cleanup[6807]: 6E6342A099C: message-id=GTUBE1.1010101@example.net Jan 30 14:18:37 test1 postfix/qmgr[6683]: 6E6342A099C: from=root@test1.test.htt-consult.com, size=947, nrcpt=1 (queue active) Jan 30 14:18:37 test1 amavis[6755]: (06755-01) LMTP::10024 /var/spool/amavisd/tmp/amavis-20130130T141837-06755: root@test1.test.htt-consult.com -> faxit@test.htt-consult.com SIZE=947 Received: from test1.test.htt-consult.com ([127.0.0.1]) by localhost (test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP for faxit@test.htt-consult.com; Wed, 30 Jan 2013 14:18:37 -0500 (EST) Jan 30 14:18:37 test1 amavis[6755]: (06755-01) Checking: iVLEI2wVyvfc root@test1.test.htt-consult.com -> faxit@test.htt-consult.com Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130130T141837-06755/parts: lstat() failed: Permission denied. ERROR\n" Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0x9fff7b8) unexpected , output="/var/spool/amavisd/tmp/amavis-20130130T141837-06755/parts: lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594. Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!!)WARN: all primary virus scanners failed, considering backups Jan 30 14:19:01 test1 amavis[6755]: (06755-01) Blocked SPAM, root@test1.test.htt-consult.com -> faxit@test.htt-consult.com, Message-ID: GTUBE1.1010101@example.net, mail_id: iVLEI2wVyvfc, Hits: 1005.069, size: 947, 23998 ms Jan 30 14:19:01 test1 postfix/lmtp[6811]: 6E6342A099C: to=faxit@test.htt-consult.com, relay=127.0.0.1[127.0.0.1]:10024, delay=24, delays=0.13/0.01/0.01/24, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=06755-01 - SPAM) Jan 30 14:19:01 test1 postfix/qmgr[6683]: 6E6342A099C: removed
I should also see what I might change so that instead of blocking and dropping, it will tag and let through so I can see it for now at least.
Oh, I have not applied the updated policy rpms that Dan Walsh pointed me to. This is all 'out of the box' rpms, following the amavis/clamav recommendations from: http://wiki.centos.org/HowTos/Amavisd