Hi, I was the happy administrator of a email server running on CentOS with postfix and Amavis, ClamAV and SpamAssassin. The problems started when ClamAV processes started to use too much resource (CPU mostly, memory also).
So I want to completely switch off all the potential and eventual anti virus checks (particularly ClamAV) from ever starting or running. While keeping the anti spams checks (particularly SpamAssassin) running. So hopefully the command below # ps -ef | grep clam must only reports the grep process. I have mostly kept the default settings for all the packages. So it is amavisd.service (configured to be enable at boot) that starts [email protected] (configured to be disable at boot), and Amavis process then gives the emails to ClamAV through the unix socket /run/clamd.amavisd/clamd.sock as configured in /etc/clamd.d/amavisd.conf for checks. I have tried all the below actions and all possible combinations of them, to try to reach my goals, but still after amavisd.service starts it still triggers [email protected] to start as well. 1. by pass virus checks by uncomment the relevant line in /etc/amavisd/amavisd.conf @bypass_virus_checks_maps = (1); 2. comment the whole ClamAV-clamd block in the assignations to @av_scanners in /etc/amavisd/amavisd.conf #### ### http://www.clamav.net/ #### ['ClamAV-clamd', #### \&ask_daemon, ["CONTSCAN {}\n", "/run/clamd.amavisd/clamd.sock"], #### qr/\bOK$/m, qr/\bFOUND$/m, #### qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], #### # NOTE: run clamd under the same user as amavisd - or run it under its own #### # uid such as clamav, add user clamav to the amavis group, and then add #### # AllowSupplementaryGroups to clamd.conf; #### # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in #### # this entry; when running chrooted one may prefer a socket under $MYHOME. 3. comment the whole ClamAV-clamscan block in the assignations to @av_scanners_backup in /etc/amavisd/amavisd.conf #### ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV #### ['ClamAV-clamscan', 'clamscan', #### "--stdout --no-summary -r --tempdir=$TEMPBASE {}", #### [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], 4. completely clear @bypass_virus_checks_maps near the end of /etc/amavisd/amavisd.conf @av_scanners = (); @av_scanners_backup = (); 1; # insure a defined return value Trying all the above, still result in clamd@amavisd service being running and consuming resource. Please be aware that I did my homework by reading the official manuals, doc and man pages, reviewing the logs, searching Google... So I have read several threads, web pages, tutorials and similar, but I have not been able to find a suitable solutions. Finally, I will really appreciate any advice, guide or suggestion that can help or lead to a solution and reaching my goals. Best regards, Tshimanga PS: I am sorry for this long message, but I wanted to avail all the relevant information. Still few more added here giving the versions of the related packages, and other actual settings. # cat /etc/centos-release CentOS Linux release 7.8.2003 (Core) # uname -a Linux mail2.example2.com 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux # rpm -q postfix amavis amavis-doc clamav clamd spamassassin perl amavis-2.12.0-9.el7.noarch amavis-doc-2.12.0-9.el7.noarch clamav-0.102.4-1.el7.x86_64 clamd-0.102.4-1.el7.x86_64 spamassassin-3.4.0-5.el7_7.x86_64 perl-5.16.3-295.el7.x86_64 # systemctl status clamd@amavisd amavisd postfix | sed -n '/^● /,/Main PID/p' ● [email protected] - clamd scanner (amavisd) daemon Loaded: loaded (/usr/lib/systemd/system/[email protected]; disabled; vendor preset: disabled) Active: active (running) since Fri 2020-09-25 11:29:48 WAT; 18min ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 1035 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=exited, status=0/SUCCESS) Main PID: 1575 (clamd) ● amavisd.service - Amavis mail content checker Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2020-09-25 11:28:58 WAT; 19min ago Docs: http://www.ijs.si/software/amavisd/#doc Process: 1036 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS) Main PID: 1559 (/usr/sbin/amavi) ● postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2020-09-25 11:28:50 WAT; 19min ago Process: 1080 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS) Process: 1077 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS) Process: 1031 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS) Main PID: 1162 (master)
