[postfix-users] Clamav dan Amavis

Tue, 01 Apr 2008 17:22:02 -0700 

DH

Saya coba lihat mail.log sambil mengirim email dari sini ke mail
server saya, ada seperti ini :

Apr  1 22:20:54 mail amavis[15068]: (15068-08) (!)ClamAV-clamd: Can't
connect to UNIX socket /usr/sbin/clamd: Permission denied, retrying
(2)
Apr  1 22:21:00 mail amavis[15068]: (15068-08) (!)run_av
(ClamAV-clamd, built-in i/f): Too many retries to talk to
/usr/sbin/clamd (Can't connect to UNIX socket /usr/sbin/clamd:
Permission denied) at (eval 70) line 310.
Apr  1 22:21:00 mail amavis[15068]: (15068-08) (!!)ClamAV-clamd
av-scanner FAILED: CODE(0x8142a74) Too many retries to talk to
/usr/sbin/clamd (Can't connect to UNIX socket /usr/sbin/clamd:
Permission denied) at (eval 70) line 310. at (eval 70) line 511.
Apr  1 22:21:00 mail amavis[15068]: (15068-08) (!!)WARN: all primary
virus scanners failed, considering backups

Dari log di atas, dugaan awal saya adalah masalah ownership atau permission.

Sebelumnya sudah saya lakukan :

chown -R amavis:amavis /var/run/clamav

Lalu saya coba :

chown -R amavis:clamav /var/run/clamav
chown -R clamav:amavis /var/run/clamav
chown -R clamav:clamav /var/run/clamav

Tetapi hasilnya masih sama.

Kemudian saya coba cek konfigurasi clamav dan amavis.

Konfigurasi clamd.conf seperti berikut :

mail ~ # cat /etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
ReadTimeout 300
User amavis
AllowSupplementaryGroups yes
ArchiveMaxRecursion 5
ArchiveMaxCompressionRatio 200
mail ~ #

potongan konfigurasi amavisd.conf yang ada hubungannya dengan clamav :

# ### http://www.clamav.net/
 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# #   uid such as clamav, add user clamav to the amavis group, and then add
# #   AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# #   this entry; when running chrooted one may prefer socket "$MYHOME/clamd".

Kelihatannya ada ketidakcocokan antara socket di amavis dan socket di
clamav, saya coba ubah konfigurasi di amavis


   #\&ask_daemon, ["CONTSCAN {}\n", "/usr/sbin/clamd"], <-- commented out

saya ganti dengan :

   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],


Kemudian saya coba lagi kirim email, dan ada log berikut ini  :

Apr  2 08:38:28 mail amavis[20057]: (20057-10) Passed CLEAN,
[209.85.198.184] [209.85.198.184] <[EMAIL PROTECTED]> ->
<[EMAIL PROTECTED]>, Message-ID:
<[EMAIL PROTECTED]>,
mail_id: 6aLIabjHWmly, Hits: 0.247, size: 1780, queued_as: 386A3619B4,
3010 ms

Sebelum perubahan di amavis, di log clamd.log ada berikut ini :

Tue Apr  1 17:45:07 2008 -> +++ Started at Tue Apr  1 17:45:07 2008
Tue Apr  1 17:45:07 2008 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH:
i386, CPU: i686)
Tue Apr  1 17:45:07 2008 -> Running as user amavis (UID 102, GID 442)
Tue Apr  1 17:45:07 2008 -> Log file size limited to 2097152 bytes.
Tue Apr  1 17:45:07 2008 -> Reading databases from /var/lib/clamav
Tue Apr  1 17:45:07 2008 -> Not loading PUA signatures.
Tue Apr  1 17:45:11 2008 -> Loaded 410490 signatures.
Tue Apr  1 17:45:11 2008 -> ERROR: Socket file
/var/run/clamav/clamd.sock could not be bound: Permission denied

Setelah perubahan di amavis :

Tue Apr  1 22:25:53 2008 -> +++ Started at Tue Apr  1 22:25:53 2008
Tue Apr  1 22:25:53 2008 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH:
i386, CPU: i686)
Tue Apr  1 22:25:53 2008 -> Running as user amavis (UID 102, GID 442)
Tue Apr  1 22:25:53 2008 -> Log file size limited to 2097152 bytes.
Tue Apr  1 22:25:53 2008 -> Reading databases from /var/lib/clamav
Tue Apr  1 22:25:53 2008 -> Not loading PUA signatures.
Tue Apr  1 22:25:57 2008 -> Loaded 410490 signatures.
Tue Apr  1 22:25:57 2008 -> Unix socket file /var/run/clamav/clamd.sock

Mohon pencerahannya, apakah yang saya lakukan sudah benar.

CMIIW please.

Terima kasih

br

tm

Reply via email to