Re: ClamAV plugin and SpamAssassin

Wed, 08 Jun 2016 03:11:45 -0700 


Am 08.06.2016 um 12:02 schrieb Carlo Manuali:

I’ve installed the ClamAV plugin (v1.93, with v0.99.2 as ClamAV engine) 
according to: https://wiki.apache.org/spamassassin/ClamAVPlugin. All has gone 
well, it works.

In particular I’ve adopted the local mode, that uses a local socket (file) in 
order to establish the communication between them.

Now, I need to put both (clamd -the daemon- and the SpamAssassin service) 
starting at boot, keeping in mind, of course, that SpamAssassin needs clamd to 
be up un running in order to load the related plugin. So:

- I tried to put clamd on rc.local then moving SpamAssassin after: all the services 
started but the plugin do not "attach the daemon” (no filtering viruses);
- I tried to put clamd followed by a ‘SpamAssassin restart' on rc.local: the 
same, all seems ok but no success.

Only when I restart SpamAssassin manually from a shell (with the clamd started) 
all goes well. As a matter of fact, I receive on the clamd logfile the message:

stream(127.0.0.1@1858): OK.

Then the filtering is ok.

Any idea on how to proceed?



"clamd" needs a relatve long time to start because reading and verify 
signatures (no sleep 15 is not a solution, it only masks the problem)



so it needs to be "Type=forking" instead "Type=simple" (the Fedora 
systemd-units are plain wrong) to make the ordering really working



no idea how to do this *sane* on a non systemd-os since i did not touch 
such setups the last 5 years and now after even Debian switches....


see systemd-analyze at bottom
____________________________________________

[root@mail-gw:~]$ cat /etc/systemd/system/clamd-sa.service
[Unit]
Description=ClamAV Scanner Daemon for SpamAssassin
Before=spamassassin.service

[Service]
Type=forking
Environment="TMPDIR=/tmp"
Environment="LANG=en_GB.UTF-8"
ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan-sa.conf
ExecReload=/usr/bin/kill -SIGUSR2 $MAINPID
Restart=always
RestartSec=1
User=clamscan
Group=clamilt
PrivateTmp=yes
PrivateDevices=yes
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_KILL
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
____________________________________________


[root@mail-gw:~]$ systemd-analyze

Startup finished in 366ms (kernel) + 539ms (initrd) + 8.907s (userspace) 
= 9.813s


[root@mail-gw:~]$ systemd-analyze blame
          6.882s clamd.service
          6.313s clamd-sa.service
          3.250s sa-update.service
          1.194s bayes.service
           527ms postfix.service
           420ms network.service
           361ms spamassassin.service
           281ms mailgraph.service
           245ms dev-sdb1.device
           205ms iptables.service





Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to