2014年9月10日 / 最終更新日 : 2014年9月10日 aa145enyhh Linux

ウィルスチェックでエラー！amavisd-newとClamAvの連携がはずれた。。[Linux]

くまかけです。

レンタルメールサーバーでウィルスチェックとして、Spamassasin／amavisd-new／ClamAVを利用しているのですが、/var/log/maillogで下記のようなエラーが。。


amavis[9579]: (09579-16) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: 111
postfix/smtpd[11014]: disconnect from unknown[80.77.55.83]
amavis[9579]: (09579-16) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: \346\216\245\347\266\232\343\202\222\346\213\222\345\220\246\343\201\225\343\202\214\343\201\276\343\201\227\343\201\237
amavis[9579]: (09579-16) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2)

amavis[9579]: (09579-16) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: 111

postfix/smtpd[11014]: disconnect from unknown[80.77.55.83]

amavis[9579]: (09579-16) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: \346\216\245\347\266\232\343\202\222\346\213\222\345\220\246\343\201\225\343\202\214\343\201\276\343\201\227\343\201\237

amavis[9579]: (09579-16) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2)

これは、amavisdとClamAvのソケットの連携がズレたため発生。。


/etc/amavisd/amavisd.conf
  ### http://www.clamav.net/
  ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"],
    qr/\bOK$/m, qr/\bFOUND$/m,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
  # NOTE: run clamd under the same user as amavisd - or run it under its own
  #   uid such as clamav, add user clamav to the amavis group, and then add
  #   AllowSupplementaryGroups to clamd.conf;
  # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
  #   this entry; when running chrooted one may prefer a socket under $MYHOME.

/etc/clamd.conf
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.sock

/etc/amavisd/amavisd.conf

### http://www.clamav.net/

['ClamAV-clamd',

\&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"],

qr/\bOK$/m, qr/\bFOUND$/m,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

# NOTE: run clamd under the same user as amavisd - or run it under its own

# uid such as clamav, add user clamav to the amavis group, and then add

# AllowSupplementaryGroups to clamd.conf;

# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in

# this entry; when running chrooted one may prefer a socket under $MYHOME.

/etc/clamd.conf

# Path to a local socket file the daemon will listen on.

# Default: disabled (must be specified by a user)

LocalSocket /var/run/clamav/clamd.sock

※最初/etc/clamd.d/amavisd.confをチェックしていたため、ズレている事がわからず、悩んでしまったorz


# Run as a selected user (clamd must be started by root).
User amavis

# Path to a local socket file the daemon will listen on.
LocalSocket /var/spool/amavisd/clamd.sock

# Run as a selected user (clamd must be started by root).

User amavis

# Path to a local socket file the daemon will listen on.

LocalSocket /var/spool/amavisd/clamd.sock

/etc/amavisd/amavisd.confのソケット設定を/etc/clamd.confに合わせる。


#vi /etc/amavisd/amavisd.conf

  ### http://www.clamav.net/
  ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
    qr/\bOK$/m, qr/\bFOUND$/m,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

#vi /etc/amavisd/amavisd.conf

### http://www.clamav.net/

['ClamAV-clamd',

\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],

qr/\bOK$/m, qr/\bFOUND$/m,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

ここで、amavisdとclamdを再起動
。。。clamdが起動できない。。。。
/var/log/maillog


amavis[10964]: (10964-03) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20140910T164312-10964-5RTlH6mu/parts: lstat() failed: Permission denied. ERROR\n"
amavis[10964]: (10964-03) (!)ClamAV-clamd av-scanner FAILED: CODE(0x2f77c50) unexpected , output="/var/spool/amavisd/tmp/amavis-20140910T164312-10964-5RTlH6mu/parts: lstat() failed: Permission denied. ERROR\n" at (eval 122) line 897.
amavis[10964]: (10964-03) (!)WARN: all primary virus scanners failed, considering backups

amavis[10964]: (10964-03) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20140910T164312-10964-5RTlH6mu/parts: lstat() failed: Permission denied. ERROR\n"

amavis[10964]: (10964-03) (!)ClamAV-clamd av-scanner FAILED: CODE(0x2f77c50) unexpected , output="/var/spool/amavisd/tmp/amavis-20140910T164312-10964-5RTlH6mu/parts: lstat() failed: Permission denied. ERROR\n" at (eval 122) line 897.

amavis[10964]: (10964-03) (!)WARN: all primary virus scanners failed, considering backups

clamdって標準では、「User clam」となってるんで、amavisのファイルにアクセスできない。。当たり前(^^;
rootってのもなんなんで、ユーザーを「amavis」にしてみた。
※ついでいTCP関連もコメントアウト


#vi /etc/clamd.conf

# TCP port address.
# Default: no
#####TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world. This option can be specified multiple
# times if you want to listen on multiple IPs. IPv6 is now supported.
# Default: no
######TCPAddr 127.0.0.1

# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
######User clam
User amavis

#vi /etc/clamd.conf

# TCP port address.

# Default: no

#####TCPSocket 3310

# TCP address.

# By default we bind to INADDR_ANY, probably not wise.

# Enable the following to provide some degree of protection

# from the outside world. This option can be specified multiple

# times if you want to listen on multiple IPs. IPv6 is now supported.

# Default: no

######TCPAddr 127.0.0.1

# Run as another user (clamd must be started by root for this option to work)

# Default: don't drop privileges

######User clam

User amavis

clamdを起動。。


# /etc/rc.d/init.d/clamd restart
Stopping Clam AntiVirus Daemon:                            [  OK  ]
Starting Clam AntiVirus Daemon: ERROR: Can't open /var/log/clamav/clamd.log in append mode (check permissions!).
ERROR: Can't initialize the internal logger
                                                           [失敗]

# /etc/rc.d/init.d/clamd restart

Stopping Clam AntiVirus Daemon: [ OK ]

Starting Clam AntiVirus Daemon: ERROR: Can't open /var/log/clamav/clamd.log in append mode (check permissions!).

ERROR: Can't initialize the internal logger

[失敗]

あぅ！ログのパーミッションが・・・
ログのパーミッション変えればいいんですが、今回は、rootで動かす事に。。


# vi /etc/clamd.conf

#User amavis

# vi /etc/clamd.conf

#User amavis

# /etc/rc.d/init.d/clamd restart
Stopping Clam AntiVirus Daemon: [失敗]
Starting Clam AntiVirus Daemon: [ OK ]

無事動いてくれました(^^)

カテゴリー: Linux

タグ: amavis amavisd-new ClamAv clamd

ウィルスチェックでエラー！amavisd-newとClamAvの連携がはずれた。。[Linux]

コメントを残すコメントをキャンセル

MarveriksにしたらnpmがNot Found[OSX]

タイムラプス動画を撮るぜ！Hyperlapse from Instagramのご紹介[iOS]

コメントを残す コメントをキャンセル

MarveriksにしたらnpmがNot Found[OSX]

タイムラプス動画を撮るぜ！Hyperlapse from Instagramのご紹介[iOS]

コメントを残すコメントをキャンセル