> Trying to make milter see the clam daemon but can't figure out what's wrong. > CentOS7. > >>>> In /etc/clamd.d/clamd.conf: >>>> LocalSocket /var/run/clamd.scan/clamd.sock >>>> LocalSocketGroup virusgroup >>>> LocalSocketMode 660 >>>> FixStaleSocket yes >>>> >>>> AllowSupplementaryGroups yes >>>> >>>> and you need that too in the milter configuration and postfix needs to >>>> be in the same group, at least when you start everything with as less as >>>> possible permissions, hence i made the comments years ago after figure >>>> it out >>>> >>>> cat /etc/mail/clamav-milter.conf >>> >>> Postfix Milter-Konfiguration >>> >>> Pre-Queue Virenscanner >>> >>> Postfix muss in die "clamilt"-Usergruppe >>> >>> usermod -a -G clamilt postfix >>> >>> usermod -a -G sa-milt postfix >>> >>> User clamilt >>> AllowSupplementaryGroups yes >> >> Thanks, but unfortunately 'AllowSupplementaryGroups yes' is enabled in both >> clamd.conf and clamav.conf. I've now added postfix to the additional groups. > > Of course both daemons are running. > # systemctl status clamd\@scan.service > ● clamd@scan.service - clamd scanner (scan) daemon > Loaded: loaded (/usr/local/lib/systemd/system/clamd@.service; static; > vendor preset: disabled) > Active: active (running) since Tue 2017-11-07 10:29:19 PST; 8s ago > Main PID: 49318 (clamd) > CGroup: /system.slice/system-clamd.slice/clamd@scan.service > └─49318 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes > > Nov 07 10:29:19 quantum.localdomain systemd[1]: Started clamd scanner (scan) > daemon. > Nov 07 10:29:19 quantum.localdomain systemd[1]: Starting clamd scanner (scan) > daemon... > > # systemctl status clamav-milter > ● clamav-milter.service - Milter module for the Clam Antivirus scanner > Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; enabled; > vendor preset: disabled) > Active: active (running) since Tue 2017-11-07 10:29:38 PST; 5s ago > Main PID: 49331 (clamav-milter) > CGroup: /system.slice/clamav-milter.service > └─49331 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf > --foreground=yes > > Nov 07 10:29:38 quantum.localdomain systemd[1]: Started Milter module for the > Clam Antivirus scanner. > Nov 07 10:29:38 quantum.localdomain systemd[1]: Starting Milter module for > the Clam Antivirus scanner... > Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: +++ Started at Tue > Nov 7 10:29:38 2017 > Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: WARNING: No clamd > server appears to be available > Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: No clamd server > appears to be available > > I am at a loss. I've tried restarting -milter after clamd has had plenty of > time up download its database. > > Anyone have any ideas? This is a showstopper.
According to clamd's logfile: "Tue Nov 7 10:29:31 2017 -> LOCAL: Unix socket file /run/clamd.scan/clamd.sock" ... so it seems to be binding fine to the socket. The -milter log says: Tue Nov 7 11:09:47 2017 -> connect failed: Permission denied Tue Nov 7 11:09:47 2017 -> Probe for slot 1 returned: failed Tue Nov 7 11:09:47 2017 -> WARNING: No clamd server appears to be available Huh? # cat /etc/group virusgroup:x:990:clamupdate,clamilt,postfix clamilt:x:989:postfix,clamilt In /etc/mail/clamav-milter.conf MilterSocketGroup virusgroup AllowSupplementaryGroups yes # ll /run/clamd.scan/ srw-rw----. 1 root virusgroup 0 Nov 7 10:29 clamd.sock I thought it might be an selinux problem with my self-created .sock file, but I ran a restorecon -r on /run Baffling. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
