Hi,
Have you checked the directory permissions:
ls -ld /var/run/clamd.scan /run/clamd.scan
Regards
Mark.
On 07/11/17 19:15, Colony.three wrote:
Trying to make milter see the clam daemon but can't figure out what's wrong.
CentOS7.
In /etc/clamd.d/clamd.conf:
LocalSocket /var/run/clamd.scan/clamd.sock
LocalSocketGroup virusgroup
LocalSocketMode 660
FixStaleSocket yes
AllowSupplementaryGroups yes
and you need that too in the milter configuration and postfix needs to
be in the same group, at least when you start everything with as less as
possible permissions, hence i made the comments years ago after figure
it out
cat /etc/mail/clamav-milter.conf
Postfix Milter-Konfiguration
Pre-Queue Virenscanner
Postfix muss in die "clamilt"-Usergruppe
usermod -a -G clamilt postfix
usermod -a -G sa-milt postfix
User clamilt
AllowSupplementaryGroups yes
Thanks, but unfortunately 'AllowSupplementaryGroups yes' is enabled in both
clamd.conf and clamav.conf. I've now added postfix to the additional groups.
Of course both daemons are running.
# systemctl status clamd\@scan.service
● clamd@scan.service - clamd scanner (scan) daemon
Loaded: loaded (/usr/local/lib/systemd/system/clamd@.service; static;
vendor preset: disabled)
Active: active (running) since Tue 2017-11-07 10:29:19 PST; 8s ago
Main PID: 49318 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
└─49318 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes
Nov 07 10:29:19 quantum.localdomain systemd[1]: Started clamd scanner (scan)
daemon.
Nov 07 10:29:19 quantum.localdomain systemd[1]: Starting clamd scanner (scan)
daemon...
# systemctl status clamav-milter
● clamav-milter.service - Milter module for the Clam Antivirus scanner
Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; enabled;
vendor preset: disabled)
Active: active (running) since Tue 2017-11-07 10:29:38 PST; 5s ago
Main PID: 49331 (clamav-milter)
CGroup: /system.slice/clamav-milter.service
└─49331 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
--foreground=yes
Nov 07 10:29:38 quantum.localdomain systemd[1]: Started Milter module for the
Clam Antivirus scanner.
Nov 07 10:29:38 quantum.localdomain systemd[1]: Starting Milter module for the
Clam Antivirus scanner...
Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: +++ Started at Tue
Nov 7 10:29:38 2017
Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: WARNING: No clamd
server appears to be available
Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: No clamd server
appears to be available
I am at a loss. I've tried restarting -milter after clamd has had plenty of
time up download its database.
Anyone have any ideas? This is a showstopper.
According to clamd's logfile: "Tue Nov 7 10:29:31 2017 -> LOCAL: Unix socket file
/run/clamd.scan/clamd.sock"
... so it seems to be binding fine to the socket.
The -milter log says:
Tue Nov 7 11:09:47 2017 -> connect failed: Permission denied
Tue Nov 7 11:09:47 2017 -> Probe for slot 1 returned: failed
Tue Nov 7 11:09:47 2017 -> WARNING: No clamd server appears to be available
Huh?
# cat /etc/group
virusgroup:x:990:clamupdate,clamilt,postfix
clamilt:x:989:postfix,clamilt
In /etc/mail/clamav-milter.conf
MilterSocketGroup virusgroup
AllowSupplementaryGroups yes
# ll /run/clamd.scan/
srw-rw----. 1 root virusgroup 0 Nov 7 10:29 clamd.sock
I thought it might be an selinux problem with my self-created .sock file, but I
ran a restorecon -r on /run
Baffling.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
