[CentOS] Email pid issue

Mon Aug 22 10:19:37 UTC 2016
Jay Hart <jhart at kevla.org>


>
>
> On 22/08/16 02:10, Jay Hart wrote:
>> Hello gents,
>>
>> First time poster here!
>>
>> Current system running Centos 6.8. Buddy of mine posted a few days back about me wanting to move
>> from Postfix 2.6.x to 2.8 to above, still under centos 6.8.  I might move over to 7, but
>> probably
>> not for a while, don't have the resources presently to make this happen.
>>
>> Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box fully patched using
>> stable
>> repos.
>>
>> ____ISSUE_____
>>
>> Logwatch is reporting this error, which I'm going to assume has been occurring for a few years
>> but
>> doesn't affect sending/receiving emails, so I haven't chased it down, now I'm looking to fix
>> that.
>>
>> 1   (06498-19) ClamAV-clamd: All attempts (1) failed connecting to
>> /var/spool/amavisd/clamd.sock, retrying (1)
>>
>> Since this is reported by "ClamAV-clamd", I am assuming this is coming from amavisd.conf.  My
>> logic on this is that a grep search for that particular string only shows up in the
>> /etc/amavisd.conf file, when its calling the scanner.  Pasted code from file below:
>>
>> @av_scanners = (
>> ['ClamAV-clamd',
>>   \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"],
>>   qr/\bOK$/m, qr/\bFOUND$/m,
>>   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>>
>> Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not sure what is causing
>> this
>> or why, or how to fix.
>>
>
> and what does clamd.conf say:
>
> cat /etc/clamd.conf | grep 'clamd.sock'
>
>
> Does it match the "/var/spool/amavisd/clamd.sock" entry above?

Yes, it matches:

[sysconfig]# cat /etc/clamd.conf |grep "clamd.sock"
LocalSocket /var/spool/amavisd/clamd.sock

>
>> Here is /var/spool/amavisd contents:
>>
>> [run]# ls -al /var/spool/amavisd/
>> total 64
>> drwxr-x---   7 amavis amavis  4096 Aug 21 19:10 .
>> drwxr-xr-x. 15 root   root    4096 Mar 15  2012 ..
>> srwxr-x---   1 amavis amavis     0 Aug 21 19:10 amavisd.sock
>> srw-rw-rw-   1 amavis amavis     0 Aug 21 19:10 clamd.sock
>> drwxr-x---   2 amavis amavis  4096 Aug 21 19:10 db
>> drwxr-x---   2 amavis amavis 36864 Aug 21 19:50 quarantine
>> drwxr-x---   2 amavis amavis  4096 Aug 21 09:23 .razor
>> drwx------   2 amavis amavis  4096 Aug 21 20:42 .spamassassin
>> drwxr-x---   4 amavis amavis  4096 Aug 21 20:42 tmp
>>
>>
>> Seems to be owned by the right group, I rebooted at 19.10 today hence timestamp date/time.
>>
>
> Is the clamav user a member of the amavis group? i.e, does the user clam
> runs under have access to the socket?

clam:x:489:
amavis:x:488:clam

Should I amavis to the clam group?

To your second question, how can I determine this?

>
>> So, my question is, what do I need to do to eliminate this error?  How can I chase it down?
>>
>
> Check the two most common causes above :-)
>
>> TIA,
>>
>> Jay
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>