On Sep 21, 2013, at 18:02, David Benfell <dbenf...@gmail.com> wrote: > On 09/21/2013 07:36 AM, Scott Kitterman wrote: >> On Saturday, September 21, 2013 03:34:57 David Benfell wrote: >>> Hi all, >>> >>> As near as I can tell debian's clamav is just broken. It keeps >>> whining about clamd.ctl and nothing I can find on the web fixes >>> it. >> >> You didn't post your original configuration, so I don't know what >> your original problem was. If you're using a Unix socket and >> having a Debian specific problem, it's probably a matter of the >> socket not being available in the chroot that postfix, on Debian, >> uses by default. Assuming this was your original problem, there >> are three ways to solve it: >> >> 1. Make the socket available in the chroot (/var/spool/postfix/). >> 2. Take postfix out of the chroot. 3. Using TCP sockets instead. > > The lines I had taken out in main.cf, based on something I found on > the web, are: > > #content_filter = scan:127.0.0.1:10026 > #receive_override_options = no_address_mappings > > And out of master.cf are: > > #127.0.0.1:10025 inet n - n - 16 smtpd > #-o content_filter= > #-o > receive_override_options=no_unknown_recipient_checks,no_header_body_checks > #-o smtpd_helo_restrictions= > #-o smtpd_client_restrictions= > #-o smtpd_sender_restrictions= > #-o smtpd_recipient_restrictions=permit_mynetworks,reject > #-o mynetworks_style=host > #-o smtpd_authorized_xforward_hosts=127.0.0.0/8 > > I think of the three choices you offer, I would prefer to take postfix > out of the chroot. Postfix's configuration is already far more > complicated than I can even begin to make any sense of, the > configuration, copied over from a hosed Arch installation (thanks > systemd upgrade), was not written for it (looking at > https://we.riseup.net/debian/authenticated-smtp it appears the > question becomes what else do I need to do to kill the chroot), and I > would prefer to move in the direction of simplicity. > >> I use the Debian clamav packages every day. I also maintain them >> for the distro. If you are having problems, I encourage you to >> file bugs in the Debian BTS. I do look at them and try to solve >> them. > > If this were back in the 1970s or early 1980s, when I was a > programmer, I might be able to discern what is and is not a bug. The > world has moved quite a ways since then, often leaving me in a state > of fury, because what everybody else thinks is correct behavior I see > as absolutely broken. (And systemd on Arch is not the example I would > choose here: it may be a good idea but it's just not stable yet, it > obscures far too much, and it's a mistake for me to rely on it.) > There's no reconciling those worldviews. I can't tell a bug from > design behavior these days. I just want it to work so I can go back to > focusing on my Ph.D. program which is *not* technology related.
While the desire to have it 'just work' is recognizable, you cannot expect it to always do so if you copy bits and pieces from here to there without understanding what they actually do. Especially if you have copied an older configuration from a different distro that may have its own quirks. We use Postfix on Debian in its 'stock' Debian chroot setup, with clamav-milter as the bridge between Postfix and clamd. This requires no configuration in 'master.cf' and only two lines in 'main.cf'; smtpd_milters = unix:/clamav/clamav-milter.ctl milter_default_action = accept Permissions is where it gets tricky, because the socket needs to be writable by both processes. As our own ClamAV setup is up for review anyway, I don't mind writing up a bit of a how-to for it that you can use to reimplement virus scanning with ClamAV, if you are still interested in doing so? Mvg, Joni
