[clamav-users] clamav-milter Can't Find Clamd

Tue Nov 7 19:15:43 UTC 2017

> Trying to make milter see the clam daemon but can't figure out what's wrong. CentOS7.
>
>>>> In /etc/clamd.d/clamd.conf:
>>>> LocalSocket /var/run/clamd.scan/clamd.sock
>>>> LocalSocketGroup virusgroup
>>>> LocalSocketMode 660
>>>> FixStaleSocket yes
>>>>
>>>> AllowSupplementaryGroups yes
>>>>
>>>> and you need that too in the milter configuration and postfix needs to
>>>> be in the same group, at least when you start everything with as less as
>>>> possible permissions, hence i made the comments years ago after figure
>>>> it out
>>>>
>>>> cat /etc/mail/clamav-milter.conf
>>>
>>> Postfix Milter-Konfiguration
>>>
>>> Pre-Queue Virenscanner
>>>
>>> Postfix muss in die "clamilt"-Usergruppe
>>>
>>> usermod -a -G clamilt postfix
>>>
>>> usermod -a -G sa-milt postfix
>>>
>>> User clamilt
>>> AllowSupplementaryGroups yes
>>
>> Thanks, but unfortunately 'AllowSupplementaryGroups yes' is enabled in both clamd.conf and clamav.conf.  I've now added postfix to the additional groups.
>
> Of course both daemons are running.
> # systemctl status clamd\@scan.service
> ● clamd at scan.service - clamd scanner (scan) daemon
>    Loaded: loaded (/usr/local/lib/systemd/system/clamd at .service; static; vendor preset: disabled)
>    Active: active (running) since Tue 2017-11-07 10:29:19 PST; 8s ago
> Main PID: 49318 (clamd)
>    CGroup: /system.slice/system-clamd.slice/clamd at scan.service
>            └─49318 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes
>
> Nov 07 10:29:19 quantum.localdomain systemd[1]: Started clamd scanner (scan) daemon.
> Nov 07 10:29:19 quantum.localdomain systemd[1]: Starting clamd scanner (scan) daemon...
>
> # systemctl status clamav-milter
> ● clamav-milter.service - Milter module for the Clam Antivirus scanner
>    Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; enabled; vendor preset: disabled)
>    Active: active (running) since Tue 2017-11-07 10:29:38 PST; 5s ago
> Main PID: 49331 (clamav-milter)
>    CGroup: /system.slice/clamav-milter.service
>            └─49331 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf --foreground=yes
>
> Nov 07 10:29:38 quantum.localdomain systemd[1]: Started Milter module for the Clam Antivirus scanner.
> Nov 07 10:29:38 quantum.localdomain systemd[1]: Starting Milter module for the Clam Antivirus scanner...
> Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: +++ Started at Tue Nov  7 10:29:38 2017
> Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: WARNING: No clamd server appears to be available
> Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: No clamd server appears to be available
>
> I am at a loss.  I've tried restarting -milter after clamd has had plenty of time up download its database.
>
> Anyone have any ideas?  This is a showstopper.

According to clamd's logfile:  "Tue Nov  7 10:29:31 2017 -> LOCAL: Unix socket file /run/clamd.scan/clamd.sock"
... so it seems to be binding fine to the socket.

The -milter log says:
Tue Nov  7 11:09:47 2017 -> connect failed: Permission denied
Tue Nov  7 11:09:47 2017 -> Probe for slot 1 returned: failed
Tue Nov  7 11:09:47 2017 -> WARNING: No clamd server appears to be available

Huh?
# cat /etc/group
virusgroup:x:990:clamupdate,clamilt,postfix
clamilt:x:989:postfix,clamilt

In /etc/mail/clamav-milter.conf
MilterSocketGroup virusgroup
AllowSupplementaryGroups yes

# ll /run/clamd.scan/
srw-rw----. 1 root virusgroup 0 Nov  7 10:29 clamd.sock

I thought it might be an selinux problem with my self-created .sock file, but I ran a restorecon -r on /run

Baffling.