[CentOS] Email pid issue

Mon Aug 22 06:19:20 UTC 2016
Ned Slider <ned at unixmail.co.uk>


On 22/08/16 02:10, Jay Hart wrote:
> Hello gents,
>
> First time poster here!
>
> Current system running Centos 6.8. Buddy of mine posted a few days back about me wanting to move
> from Postfix 2.6.x to 2.8 to above, still under centos 6.8.  I might move over to 7, but probably
> not for a while, don't have the resources presently to make this happen.
>
> Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box fully patched using stable
> repos.
>
> ____ISSUE_____
>
> Logwatch is reporting this error, which I'm going to assume has been occurring for a few years but
> doesn't affect sending/receiving emails, so I haven't chased it down, now I'm looking to fix that.
>
> 1   (06498-19) ClamAV-clamd: All attempts (1) failed connecting to
> /var/spool/amavisd/clamd.sock, retrying (1)
>
> Since this is reported by "ClamAV-clamd", I am assuming this is coming from amavisd.conf.  My
> logic on this is that a grep search for that particular string only shows up in the
> /etc/amavisd.conf file, when its calling the scanner.  Pasted code from file below:
>
> @av_scanners = (
> ['ClamAV-clamd',
>   \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"],
>   qr/\bOK$/m, qr/\bFOUND$/m,
>   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>
> Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not sure what is causing this
> or why, or how to fix.
>

and what does clamd.conf say:

cat /etc/clamd.conf | grep 'clamd.sock'


Does it match the "/var/spool/amavisd/clamd.sock" entry above?

> Here is /var/spool/amavisd contents:
>
> [run]# ls -al /var/spool/amavisd/
> total 64
> drwxr-x---   7 amavis amavis  4096 Aug 21 19:10 .
> drwxr-xr-x. 15 root   root    4096 Mar 15  2012 ..
> srwxr-x---   1 amavis amavis     0 Aug 21 19:10 amavisd.sock
> srw-rw-rw-   1 amavis amavis     0 Aug 21 19:10 clamd.sock
> drwxr-x---   2 amavis amavis  4096 Aug 21 19:10 db
> drwxr-x---   2 amavis amavis 36864 Aug 21 19:50 quarantine
> drwxr-x---   2 amavis amavis  4096 Aug 21 09:23 .razor
> drwx------   2 amavis amavis  4096 Aug 21 20:42 .spamassassin
> drwxr-x---   4 amavis amavis  4096 Aug 21 20:42 tmp
>
>
> Seems to be owned by the right group, I rebooted at 19.10 today hence timestamp date/time.
>

Is the clamav user a member of the amavis group? i.e, does the user clam 
runs under have access to the socket?

> So, my question is, what do I need to do to eliminate this error?  How can I chase it down?
>

Check the two most common causes above :-)

> TIA,
>
> Jay
>