Centos
centos 6.4 amavis-new,clamav 不起作用
我安裝在 centos 6.4 amavis-new 和 clamav
/etc/clamd.d/amavisd
# cat amavisd.conf # Use system logger. LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. LogFacility LOG_MAIL # This option allows you to save a process identifier of the listening # daemon (main thread). PidFile /var/run/amavisd/clamd.pid # Remove stale socket after unclean shutdown. # Default: disabled FixStaleSocket yes # Run as a selected user (clamd must be started by root). User amavis # Path to a local socket file the daemon will listen on. LocalSocket /var/spool/amavisd/clamd.sock
/etc/amavisd/amavisd.conf
['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
但是如果我在 /var/log/maillog 中使用病毒進行測試,我會看到
Jul 16 09:46:24 server postfix/qmgr[15064]: 36F0A19F5: from=<root@itzena.cz>, size=407, nrcpt=1 (queue active) Jul 16 09:46:24 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: 2 Jul 16 09:46:25 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory Jul 16 09:46:25 server amavis[16208]: (16208-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2) Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/spool/amavisd/clamd.sock (All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock) at (eval 113) line 600.\n Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)WARN: all primary virus scanners failed, considering backups Jul 16 09:46:36 server amavis[16208]: (16208-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedInbound,Quarantined}, <root@itzena.cz> -> <mardon@itzena.cz>, Message-ID: <20130716074624.36F0A19F5@server.itzena.cz>, mail_id: yDd_Z6Hv2PEK, Hits: -, size: 407, 12624 ms Jul 16 09:46:36 server postfix/lmtp[16336]: 36F0A19F5: to=<mardon@itzena.cz>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=0.11/0/0/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=16208-01 - INFECTED: Eicar-Test-Signature) Jul 16 09:46:36 server postfix/qmgr[15064]: 36F0A19F5: removed
clamd 正在執行,但在 /var/spool/amavisd isni clamd.sock
ps ax | grep clam 16509 ? Ssl 0:00 clamd 16517 pts/2 S+ 0:00 grep clam # ls /var/spool/amavisd/ amavisd.sock db quarantine tmp
答案是這樣的:
LocalSocket /var/spool/amavisd/clamd.sock
不等於這樣:["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
,你需要決定要使用哪一個,然後設置兩個程序都使用它。
一開始, /var/spool/amavisd/目錄中沒有clamd.sock文件。如果您更改LocalSocket /var/spool/amavisd/clamd.sock的路徑或***$$ “CONTSCAN {}\n”,"/var/run/clamav/clamd.sock" $$***如上面的答案,它會給出一個錯誤,
[root@hostname ~]# /etc/init.d/clamd.amavisd restart Starting clamd.amavisd: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process. [FAILED] [root@hostname ~]#
不需要像上面那樣改變。我有同樣的問題。所以我只是啟動 clamd.amavisd 服務。然後它工作正常。問題是我們沒有啟動clamd.amavisd 服務,我們只啟動 clamd 服務。
[root@hostname ~]# /etc/init.d/clamd.amavisd start Starting clamd.amavisd: [ OK ] [root@hostname ~]#
然後它會在 /var/spool/amavisd/ 中自動創建 clamd.sock 文件。