くまかけです。

レンタルメールサーバーでウィルスチェックとして、Spamassasin/amavisd-new/ClamAVを利用しているのですが、/var/log/maillogで下記のようなエラーが。。


amavis[9579]: (09579-16) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: 111
postfix/smtpd[11014]: disconnect from unknown[80.77.55.83]
amavis[9579]: (09579-16) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: \346\216\245\347\266\232\343\202\222\346\213\222\345\220\246\343\201\225\343\202\214\343\201\276\343\201\227\343\201\237
amavis[9579]: (09579-16) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2)

これは、amavisdとClamAvのソケットの連携がズレたため発生。。


/etc/amavisd/amavisd.conf
  ### http://www.clamav.net/
  ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"],
    qr/\bOK$/m, qr/\bFOUND$/m,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
  # NOTE: run clamd under the same user as amavisd - or run it under its own
  #   uid such as clamav, add user clamav to the amavis group, and then add
  #   AllowSupplementaryGroups to clamd.conf;
  # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
  #   this entry; when running chrooted one may prefer a socket under $MYHOME.

/etc/clamd.conf
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.sock

※最初/etc/clamd.d/amavisd.confをチェックしていたため、ズレている事がわからず、悩んでしまったorz


# Run as a selected user (clamd must be started by root).
User amavis

# Path to a local socket file the daemon will listen on.
LocalSocket /var/spool/amavisd/clamd.sock

/etc/amavisd/amavisd.confのソケット設定を/etc/clamd.confに合わせる。


#vi /etc/amavisd/amavisd.conf

  ### http://www.clamav.net/
  ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
    qr/\bOK$/m, qr/\bFOUND$/m,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

ここで、amavisdとclamdを再起動
。。。clamdが起動できない。。。。
/var/log/maillog


amavis[10964]: (10964-03) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20140910T164312-10964-5RTlH6mu/parts: lstat() failed: Permission denied. ERROR\n"
amavis[10964]: (10964-03) (!)ClamAV-clamd av-scanner FAILED: CODE(0x2f77c50) unexpected , output="/var/spool/amavisd/tmp/amavis-20140910T164312-10964-5RTlH6mu/parts: lstat() failed: Permission denied. ERROR\n" at (eval 122) line 897.
amavis[10964]: (10964-03) (!)WARN: all primary virus scanners failed, considering backups

clamdって標準では、「User clam」となってるんで、amavisのファイルにアクセスできない。。当たり前(^^;
rootってのもなんなんで、ユーザーを「amavis」にしてみた。
※ついでいTCP関連もコメントアウト


#vi /etc/clamd.conf

# TCP port address.
# Default: no
#####TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world. This option can be specified multiple
# times if you want to listen on multiple IPs. IPv6 is now supported.
# Default: no
######TCPAddr 127.0.0.1

# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
######User clam
User amavis

clamdを起動。。


# /etc/rc.d/init.d/clamd restart
Stopping Clam AntiVirus Daemon:                            [  OK  ]
Starting Clam AntiVirus Daemon: ERROR: Can't open /var/log/clamav/clamd.log in append mode (check permissions!).
ERROR: Can't initialize the internal logger
                                                           [失敗]

あぅ!ログのパーミッションが・・・
ログのパーミッション変えればいいんですが、今回は、rootで動かす事に。。


# vi /etc/clamd.conf

#User amavis

# /etc/rc.d/init.d/clamd restart
Stopping Clam AntiVirus Daemon: [失敗]
Starting Clam AntiVirus Daemon: [ OK ]

無事動いてくれました(^^)