I should probably find either the amavis or clam list(s) and take this there? Anyway, I have totally rebuilt my machine with clean installs. I have spent time carefully (I hope!) studying the amavis and clamav conf files before starting them and running the tests. Here is what I am getting: Jan 30 14:14:10 test1 postfix/pickup[6682]: DA8082A099B: uid=0 from=<root> Jan 30 14:14:10 test1 postfix/cleanup[6773]: DA8082A099B: message-id=<20130130191410.DA8082A099B at test1.test.htt-consult.com> Jan 30 14:14:10 test1 postfix/qmgr[6683]: DA8082A099B: from=<root at test1.test.htt-consult.com>, size=446, nrcpt=1 (queue active) Jan 30 14:14:11 test1 amavis[6756]: (06756-01) LMTP::10024 /var/spool/amavisd/tmp/amavis-20130130T141411-06756: <root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com> SIZE=446 Received: from test1.test.htt-consult.com ([127.0.0.1]) by localhost (test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP for <faxit at test.htt-consult.com>; Wed, 30 Jan 2013 14:14:11 -0500 (EST) Jan 30 14:14:11 test1 amavis[6756]: (06756-01) Checking: 95-+1-aqz4Cb <root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com> Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130130T141411-06756/parts: lstat() failed: Permission denied. ERROR\n" Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0x9fff7b8) unexpected , output="/var/spool/amavisd/tmp/amavis-20130130T141411-06756/parts: lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594. Jan 30 14:14:11 test1 amavis[6756]: (06756-01) (!!)WARN: all primary virus scanners failed, considering backups Jan 30 14:14:21 test1 amavis[6756]: (06756-01) Blocked INFECTED (Eicar-Test-Signature), <root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com>, Message-ID: <20130130191410.DA8082A099B at test1.test.htt-consult.com>, mail_id: 95-+1-aqz4Cb, Hits: -, size: 446, 10352 ms Jan 30 14:14:21 test1 postfix/lmtp[6777]: DA8082A099B: to=<faxit at test.htt-consult.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=11, delays=0.19/0.01/0.01/10, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=06756-01 - INFECTED: Eicar-Test-Signature) Jan 30 14:14:21 test1 postfix/qmgr[6683]: DA8082A099B: removed Jan 30 14:18:37 test1 postfix/pickup[6682]: 6E6342A099C: uid=0 from=<root> Jan 30 14:18:37 test1 postfix/cleanup[6807]: 6E6342A099C: message-id=<GTUBE1.1010101 at example.net> Jan 30 14:18:37 test1 postfix/qmgr[6683]: 6E6342A099C: from=<root at test1.test.htt-consult.com>, size=947, nrcpt=1 (queue active) Jan 30 14:18:37 test1 amavis[6755]: (06755-01) LMTP::10024 /var/spool/amavisd/tmp/amavis-20130130T141837-06755: <root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com> SIZE=947 Received: from test1.test.htt-consult.com ([127.0.0.1]) by localhost (test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP for <faxit at test.htt-consult.com>; Wed, 30 Jan 2013 14:18:37 -0500 (EST) Jan 30 14:18:37 test1 amavis[6755]: (06755-01) Checking: iVLEI2wVyvfc <root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com> Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130130T141837-06755/parts: lstat() failed: Permission denied. ERROR\n" Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0x9fff7b8) unexpected , output="/var/spool/amavisd/tmp/amavis-20130130T141837-06755/parts: lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594. Jan 30 14:18:37 test1 amavis[6755]: (06755-01) (!!)WARN: all primary virus scanners failed, considering backups Jan 30 14:19:01 test1 amavis[6755]: (06755-01) Blocked SPAM, <root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com>, Message-ID: <GTUBE1.1010101 at example.net>, mail_id: iVLEI2wVyvfc, Hits: 1005.069, size: 947, 23998 ms Jan 30 14:19:01 test1 postfix/lmtp[6811]: 6E6342A099C: to=<faxit at test.htt-consult.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=24, delays=0.13/0.01/0.01/24, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=06755-01 - SPAM) Jan 30 14:19:01 test1 postfix/qmgr[6683]: 6E6342A099C: removed I should also see what I might change so that instead of blocking and dropping, it will tag and let through so I can see it for now at least. Oh, I have not applied the updated policy rpms that Dan Walsh pointed me to. This is all 'out of the box' rpms, following the amavis/clamav recommendations from: http://wiki.centos.org/HowTos/Amavisd