Centos

centos 6.4 amavis-new,clamav 不起作用

  • January 6, 2017

我安裝在 centos 6.4 amavis-new 和 clamav

/etc/clamd.d/amavisd

# cat amavisd.conf
# Use system logger.
LogSyslog yes

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
LogFacility LOG_MAIL

# This option allows you to save a process identifier of the listening
# daemon (main thread).
PidFile /var/run/amavisd/clamd.pid

# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket yes

# Run as a selected user (clamd must be started by root).
User amavis

# Path to a local socket file the daemon will listen on.
LocalSocket /var/spool/amavisd/clamd.sock

/etc/amavisd/amavisd.conf

['ClamAV-clamd',
 \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
 qr/\bOK$/, qr/\bFOUND$/,
 qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

但是如果我在 /var/log/maillog 中使用病毒進行測試,我會看到

Jul 16 09:46:24 server postfix/qmgr[15064]: 36F0A19F5: from=<root@itzena.cz>, size=407, nrcpt=1 (queue active)
Jul 16 09:46:24 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: 2
Jul 16 09:46:25 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory
Jul 16 09:46:25 server amavis[16208]: (16208-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2)
Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory
Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/spool/amavisd/clamd.sock (All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock) at (eval 113) line 600.\n
Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)WARN: all primary virus scanners failed, considering backups
Jul 16 09:46:36 server amavis[16208]: (16208-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedInbound,Quarantined}, <root@itzena.cz> -> <mardon@itzena.cz>, Message-ID: <20130716074624.36F0A19F5@server.itzena.cz>, mail_id: yDd_Z6Hv2PEK, Hits: -, size: 407, 12624 ms
Jul 16 09:46:36 server postfix/lmtp[16336]: 36F0A19F5: to=<mardon@itzena.cz>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=0.11/0/0/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=16208-01 - INFECTED: Eicar-Test-Signature)
Jul 16 09:46:36 server postfix/qmgr[15064]: 36F0A19F5: removed

clamd 正在執行,但在 /var/spool/amavisd isni clamd.sock

ps ax | grep clam
16509 ?        Ssl    0:00 clamd
16517 pts/2    S+     0:00 grep clam




# ls /var/spool/amavisd/
amavisd.sock  db  quarantine  tmp

答案是這樣的:LocalSocket /var/spool/amavisd/clamd.sock不等於這樣:["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],,你需要決定要使用哪一個,然後設置兩個程序都使用它。

一開始, /var/spool/amavisd/目錄中沒有clamd.sock文件。如果您更改LocalSocket /var/spool/amavisd/clamd.sock的路徑或***$$ “CONTSCAN {}\n”,"/var/run/clamav/clamd.sock" $$***如上面的答案,它會給出一個錯誤,

[root@hostname ~]# /etc/init.d/clamd.amavisd restart
Starting clamd.amavisd: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.
                                                          [FAILED]
[root@hostname ~]#

不需要像上面那樣改變。我有同樣的問題。所以我只是啟動 clamd.amavisd 服務。然後它工作正常。問題是我們沒有啟動clamd.amavisd 服務,我們只啟動 clamd 服務。

[root@hostname ~]# /etc/init.d/clamd.amavisd start
Starting clamd.amavisd:                                    [  OK  ]
[root@hostname ~]#

然後它會在 /var/spool/amavisd/ 中自動創建 clamd.sock 文件。

引用自:https://serverfault.com/questions/523617