[clamav-users] clamav-milter Can't Find Clamd

Mark Fortescue mark.lists at thurning-instruments.co.uk
Tue Nov 7 19:20:55 UTC 2017 

Hi,

Have you checked the directory permissions:

  ls -ld /var/run/clamd.scan /run/clamd.scan

Regards
	Mark.

On 07/11/17 19:15, Colony.three wrote:
>> Trying to make milter see the clam daemon but can't figure out what's wrong. CentOS7.
>>
>>>>> In /etc/clamd.d/clamd.conf:
>>>>> LocalSocket /var/run/clamd.scan/clamd.sock
>>>>> LocalSocketGroup virusgroup
>>>>> LocalSocketMode 660
>>>>> FixStaleSocket yes
>>>>>
>>>>> AllowSupplementaryGroups yes
>>>>>
>>>>> and you need that too in the milter configuration and postfix needs to
>>>>> be in the same group, at least when you start everything with as less as
>>>>> possible permissions, hence i made the comments years ago after figure
>>>>> it out
>>>>>
>>>>> cat /etc/mail/clamav-milter.conf
>>>>
>>>> Postfix Milter-Konfiguration
>>>>
>>>> Pre-Queue Virenscanner
>>>>
>>>> Postfix muss in die "clamilt"-Usergruppe
>>>>
>>>> usermod -a -G clamilt postfix
>>>>
>>>> usermod -a -G sa-milt postfix
>>>>
>>>> User clamilt
>>>> AllowSupplementaryGroups yes
>>>
>>> Thanks, but unfortunately 'AllowSupplementaryGroups yes' is enabled in both clamd.conf and clamav.conf.  I've now added postfix to the additional groups.
>>
>> Of course both daemons are running.
>> # systemctl status clamd\@scan.service
>>clamd at scan.service - clamd scanner (scan) daemon
>>     Loaded: loaded (/usr/local/lib/systemd/system/clamd at .service; static; vendor preset: disabled)
>>     Active: active (running) since Tue 2017-11-07 10:29:19 PST; 8s ago
>> Main PID: 49318 (clamd)
>>     CGroup: /system.slice/system-clamd.slice/clamd at scan.service
>>             └─49318 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --foreground=yes
>>
>> Nov 07 10:29:19 quantum.localdomain systemd[1]: Started clamd scanner (scan) daemon.
>> Nov 07 10:29:19 quantum.localdomain systemd[1]: Starting clamd scanner (scan) daemon...
>>
>> # systemctl status clamav-milter
>> ● clamav-milter.service - Milter module for the Clam Antivirus scanner
>>     Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; enabled; vendor preset: disabled)
>>     Active: active (running) since Tue 2017-11-07 10:29:38 PST; 5s ago
>> Main PID: 49331 (clamav-milter)
>>     CGroup: /system.slice/clamav-milter.service
>>             └─49331 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf --foreground=yes
>>
>> Nov 07 10:29:38 quantum.localdomain systemd[1]: Started Milter module for the Clam Antivirus scanner.
>> Nov 07 10:29:38 quantum.localdomain systemd[1]: Starting Milter module for the Clam Antivirus scanner...
>> Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: +++ Started at Tue Nov  7 10:29:38 2017
>> Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: WARNING: No clamd server appears to be available
>> Nov 07 10:29:38 quantum.localdomain clamav-milter[49331]: No clamd server appears to be available
>>
>> I am at a loss.  I've tried restarting -milter after clamd has had plenty of time up download its database.
>>
>> Anyone have any ideas?  This is a showstopper.
>
> According to clamd's logfile:  "Tue Nov  7 10:29:31 2017 -> LOCAL: Unix socket file /run/clamd.scan/clamd.sock"
> ... so it seems to be binding fine to the socket.
>
> The -milter log says:
> Tue Nov  7 11:09:47 2017 -> connect failed: Permission denied
> Tue Nov  7 11:09:47 2017 -> Probe for slot 1 returned: failed
> Tue Nov  7 11:09:47 2017 -> WARNING: No clamd server appears to be available
>
> Huh?
> # cat /etc/group
> virusgroup:x:990:clamupdate,clamilt,postfix
> clamilt:x:989:postfix,clamilt
>
> In /etc/mail/clamav-milter.conf
> MilterSocketGroup virusgroup
> AllowSupplementaryGroups yes
>
> # ll /run/clamd.scan/
> srw-rw----. 1 root virusgroup 0 Nov  7 10:29 clamd.sock
>
> I thought it might be an selinux problem with my self-created .sock file, but I ran a restorecon -r on /run
>
> Baffling.
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

More information about the clamav-users mailing list