# Postfix & Amavis (with clamd)

## CowMike

Hi, I'm trying to install amavis on my gentoo-box running postfix (for virusscan on mailserver)

I've set up main.cf:

```
content_filter = vscan:
```

and master.cf:

```
vscan            unix  -  n  n  -  10  pipe user=amavis argv=/usr/sbin/amavis ${sender} ${recipient}

localhost:10025  inet  n  -  n  -  -   smtpd -o content_filter=             

```

When I try to send an (test)-email, the following error appears in my mail.log:

```
Jul  8 10:56:24 muhlenbaumer amavisd[13340]: starting.  amavis 0.3.12 Tue Jul  8 00:31:10 CEST 2003

Jul  8 10:56:25 muhlenbaumer amavisd[13340]: Virus scanner failure: Clamd - can't connect to daemon

Jul  8 10:56:55 muhlenbaumer amavisd[13340]: mail forwarding failed, retry: Failure to connect to local SMTP port: Bad file descriptor at /usr/sbin/amavis line 565, <GEN0> line 13. (message-id=<20030708084024.GA11846@muhlenbaumer.com>)

Jul  8 10:56:55 muhlenbaumer amavisd[13340]: do_exit:433 - ending execution with 75

```

Clamd is running properly on port 10025..

Also, I can't find the .conf file for Amavis ?

----------

## psp

I'd try amavis-new if I were you. Not in the portage tree as of yet   :Crying or Very sad: 

----------

## Genone

Well, I might have written an ebuild for amavisd-new if I could get the damn clamd to work but it keeps crashing on a undocumented function and I have no clue why. After two days of trying to get it to work without any progress I gave up.

----------

## CowMike

I'm trying amavisd-new now, and it's almost working  :Smile: 

The only error I get is this one:

```
Jul  9 18:09:13 muhlenbaumer amavis[12969]: (12969-01) Clam Antivirus-clamd: Can't connect to UNIX socket /usr/sbin/clamd: Permission denied, retrying (1)

Jul  9 18:09:14 muhlenbaumer amavis[12969]: (12969-01) Clam Antivirus-clamd: Can't connect to UNIX socket /usr/sbin/clamd: Permission denied, retrying (2)

Jul  9 18:09:20 muhlenbaumer amavis[12969]: (12969-01) Clam Antivirus-clamd: Can't connect to UNIX socket /usr/sbin/clamd: Permission denied, retrying (3)

Jul  9 18:09:31 muhlenbaumer amavis[12969]: (12969-01) Clam Antivirus-clamd av-scanner FAILED: Too many retries to talk to /usr/sbin/clamd (Can't connect to UNIX socket /usr/sbin/clamd: Permission denied) at (eval 50) line 178.
```

Scanning is working (via telnet port 10024) with eicar-test-virus string...

----------

## CowMike

it's working, but not with the primary av.. using clamscan now (secondary)... let's see if we can fix that primary av  :Smile: 

----------

## psp

Hello,

Are you running amavis-new and clamd as the same user and is the path to the socket file correct?

Hope this helps...

----------

## CowMike

 *psp wrote:*   

> Hello,
> 
> Are you running amavis-new and clamd as the same user and is the path to the socket file correct?
> 
> Hope this helps...

 How can I run those two under the same user? I want clamd running under amavis.amavis, but where do I enter that? In /etc/init.d/clamd you can, but then the start fails :/

----------

## CowMike

Fixed it (in /etc/clamav.conf)  :Smile: 

But next error (after restart of amavis):

```
Jul 10 20:14:48 muhlenbaumer amavis[22580]: Net::Server: Process Backgrounded

Jul 10 20:14:48 muhlenbaumer amavis[22580]: Net::Server: 2003/07/10-20:14:48 Amavis (type Net::Server::PreForkSimple) starting! pid(22580)

Jul 10 20:14:48 muhlenbaumer amavis[22580]: Net::Server: Binding to UNIX socket file /var/amavis/amavis.sock using SOCK_STREAM

Jul 10 20:14:48 muhlenbaumer amavis[22580]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1

Jul 10 20:14:48 muhlenbaumer amavis[22580]: Net::Server: Setting gid to "10025 10025"

Jul 10 20:14:48 muhlenbaumer amavis[22580]: Net::Server: Setting uid to "10025"

Jul 10 20:14:48 muhlenbaumer amavis[22580]: Net::Server: Couldn't POSIX::setuid to "10025" [Illegal seek]
```

?

----------

## big_pig

 *CowMike wrote:*   

>  *psp wrote:*   Hello,
> 
> Are you running amavis-new and clamd as the same user and is the path to the socket file correct?
> 
> Hope this helps... How can I run those two under the same user? I want clamd running under amavis.amavis, but where do I enter that? In /etc/init.d/clamd you can, but then the start fails :/

 

From the man clamav.conf:

```

       User STRING

              When started by root, drop priviledges to a specified user.

              Default: disabled.

```

An example from my clamav.conf

```

<snip>

# Run as selected user (clamd must be started by root).

# By default it doesn't drop privileges.

User vscan

</snip>

```

----------

## big_pig

 *CowMike wrote:*   

> Fixed it (in /etc/clamav.conf) 
> 
> But next error (after restart of amavis):
> 
> ```
> ...

 

Burried in the amavis-ng release notes is the following comment:

 *Quote:*   

> 
> 
> - with Net::Server 0.85 you may see a message:
> 
>     Net::Server: Couldn't POSIX::setuid to ... []
> ...

 

I see the same error in my logs when I restart amavis-ng, but I haven't seen any problems. "ps -aux" show that amavis is running as the designated user.

----------

## psp

 *CowMike wrote:*   

>  *psp wrote:*   Hello,
> 
> Are you running amavis-new and clamd as the same user and is the path to the socket file correct?
> 
> Hope this helps... How can I run those two under the same user? I want clamd running under amavis.amavis, but where do I enter that? In /etc/init.d/clamd you can, but then the start fails :/

 

Erk   :Embarassed:   I didn't even look in the portage tree for clamav - I just presumed that since amavis-new isn't there clamav won't be either.

There are two things you can do:

1) Make amavis-new run as the clamav user and group (EASY) OR

2) Make clamav run as the amavis user and group (HARDER).

Note: This make break your system please beware. I cannot take responsibilty if it does!

Issues:

Currently freshclam uses a compile time user (clamav) to run freshclam (clamd seems fine).  You could just change some permission on your system, and clamd will run fine on your system, but freshclam will fail (kinda pointless as an out-of-date antivirus tool is almost as useless as no antivirus tool at all). You can either patch your ebuild file or download and use the unstable version of clamav. From the Changelog:

 *Quote:*   

> 
> 
>   * freshclam: new option --user (-u) USER - run as USER instead of the
> 
> 	       default 'clamav' user. Patch by Damien Curtain.
> ...

 

Changing permissions and having a broken freshclam:

Keep in mind that if you change the user/group that clamav runs as then you will also have to change the permissions for the directories where clamav needs write permissions: /usr/share/clamav by portage default. You will also have to change the /etc/clamav.conf file. Modify the 'User clamav' line to 'User amavis'. With these two changes I could run clamav as the amavis user.

```

# ls -lad /usr/share/clamav

# ps axu | grep clamd

amavis   10285  0.0  4.8  9656 6180 ?        S    05:41   0:00 /usr/sbin/clamd

amavis   10286  0.0  4.8  9656 6180 ?        S    05:41   0:00 /usr/sbin/clamd

amavis   10287  0.0  4.8  9656 6180 ?        S    05:41   0:00 /usr/sbin/clamd

```

Patching the ebuild to run as amavis and having a happy system:

You can patch the ebuild (0.60). Note these are only the changed functions, the rest of the ebuild stays the same. I normally do this in my own PORTDIR_OVERLAY.

I've noticed that clamd's default is to try write it's pid file to the /var/run directory, but it seems to drop root permissions before doing this causing the write to fail. This makes the '/etc/init.d/clamd stop' command fail as the pid file does not exist (this happens to me with the unpatched and patched versions).  I've added a pkg_postinst function to change the permissions on the /usr/share/clamav directory. (I'll have to post a bug about these).

Note: I'm not a portage developer, so I'm not too sure if this is the correct way of doing things.

 *Quote:*   

> 
> 
> pkg_setup() {
> 
>         enewgroup clamav
> ...

 

Change to:

 *Quote:*   

> 
> 
> pkg_setup() {
> 
>         enewgroup amavis
> ...

 

You will need to edit the $PORTDIR/net-mail/clamav/files/clamd.rc file. You will need to change the start() and stop() functions. In the start() function change the 'chown' lines from the clamav user/group to the amavis user/group. In the stop() function you need to change the location of the pid file from: /var/run/clamd.pid to: /var/run/clamav/clamd.pid.

You can now emerge clamav

Installing amavis-new as clamav user:

Proceed with the install instuctions but use the clamav user instead of amavis. It's that simple.

Hope this helps...

----------

## NrG

postfix amavisd-new f-prot and spamassasin.

Works great together  :Smile: 

NrG

----------

## CowMike

damn psp! nice tutorial!

trying it now  :Smile: 

----------

## psp

Thanks.

I was doing this anyway - I just had to copy 'n paste my docs...   :Wink: 

Let me know how it goes...

----------

## fred24

After updating amavis from amavis-0.3.12pre8 to amavis-0.3.12 I got error messages like:

amavisd[9122]: Virus scanner failure: Clamd - can't connect to daemon

amavisd[9122]: Virus scanner failure: /opt/f-prot/f-prot (error code: 1)  

the reason ist I am using clamav and not clamd even f-prot was not emergeed at all.

I fixed the problem by editing:

/usr/sbin/amavis

# FRISK F-Prot

$fprot = "";

# Clam Antivirus

$clamscan = "/usr/bin/clamscan";

$clamd = "";

----------

