On 2013-05-29 11:40, Mark Martinec wrote:
> Simon, > >> I looked at scoring for an email on an SA installation and noticed >> differences between hand scanning with spamc and scanning with spamd. My >> manually scanned email hit CLAMAV sane security, (ignore Bayes because the >> user had Bayes process this and then asked me about this), whilst this spamd >> delivered message did not hit CLAMAV_SANE The local.cf had a timeout of 250 >> seconds (default is 300). The clamav logs did not record any connection from >> SA during the spamd scan, yet did record a connection from spamc when I >> manually scanned the message so I think spamd skipped clamav scans. > >> I'd be really grateful if you could tell me where I could start looking so >> that I can work out why CLAMAV did not get read/called. Running on Debian 6 >> / SpamAssassin 3.3.2 > > Start looking by enabling debugging in spamd. > > Assuming the ClamAVPlugin from SpamAssassin Wiki is used, you could > selectively enable just its debug area in spamd: --debug=ClamAV > > The first suspect would be access rights to the clamd socket > vs. the UID under which a spamd child process is running. > > Mark Hi Mark, The socket seems ok to me: srw-rw-rw- 1 clamav clamav 0 May 14 21:43 /var/run/clamav/clamd.ctl I'll run spamd with the option you mentioned for a little while: /usr/bin/perl -T -w /usr/sbin/spamd --debug=ClamAV --create-prefs -x -q --ipv4 --max-children 2 --timeout-child 180 --sql-config --nouser-config --username spamd --helper-home-dir -s /var/log/spamd.log --virtual-config-dir=/users/%d/%u -d --pidfile=/var/run/spamd.pid Simon -- "I decided that I was a lemon for a couple of weeks. I kept myself amused all that time jumping in and out of a gin and tonic." simon@klunky .co.uk / .org
