CentOS - Aug 2016 - Email pid issue

Hello gents,

First time poster here!

Current system running Centos 6.8. Buddy of mine posted a few days back about me
wanting to move
from Postfix 2.6.x to 2.8 to above, still under centos 6.8.  I might move over
to 7, but probably
not for a while, don't have the resources presently to make this happen.

Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box fully
patched using stable
repos.

____ISSUE_____

Logwatch is reporting this error, which I'm going to assume has been
occurring for a few years but
doesn't affect sending/receiving emails, so I haven't chased it down,
now I'm looking to fix that.

1   (06498-19) ClamAV-clamd: All attempts (1) failed connecting to
/var/spool/amavisd/clamd.sock, retrying (1)

Since this is reported by "ClamAV-clamd", I am assuming this is coming
from amavisd.conf.  My
logic on this is that a grep search for that particular string only shows up in
the
/etc/amavisd.conf file, when its calling the scanner.  Pasted code from file
below:

@av_scanners = (
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n",
"/var/spool/amavisd/clamd.sock"],
  qr/\bOK$/m, qr/\bFOUND$/m,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not sure
what is causing this
or why, or how to fix.

Here is /var/spool/amavisd contents:

[run]# ls -al /var/spool/amavisd/
total 64
drwxr-x---   7 amavis amavis  4096 Aug 21 19:10 .
drwxr-xr-x. 15 root   root    4096 Mar 15  2012 ..
srwxr-x---   1 amavis amavis     0 Aug 21 19:10 amavisd.sock
srw-rw-rw-   1 amavis amavis     0 Aug 21 19:10 clamd.sock
drwxr-x---   2 amavis amavis  4096 Aug 21 19:10 db
drwxr-x---   2 amavis amavis 36864 Aug 21 19:50 quarantine
drwxr-x---   2 amavis amavis  4096 Aug 21 09:23 .razor
drwx------   2 amavis amavis  4096 Aug 21 20:42 .spamassassin
drwxr-x---   4 amavis amavis  4096 Aug 21 20:42 tmp


Seems to be owned by the right group, I rebooted at 19.10 today hence timestamp
date/time.

So, my question is, what do I need to do to eliminate this error?  How can I
chase it down?

TIA,

Jay

On 22/08/16 02:10, Jay Hart wrote:
> Hello gents,
>
> First time poster here!
>
> Current system running Centos 6.8. Buddy of mine posted a few days back
about me wanting to move
> from Postfix 2.6.x to 2.8 to above, still under centos 6.8.  I might move
over to 7, but probably
> not for a while, don't have the resources presently to make this
happen.
>
> Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box
fully patched using stable
> repos.
>
> ____ISSUE_____
>
> Logwatch is reporting this error, which I'm going to assume has been
occurring for a few years but
> doesn't affect sending/receiving emails, so I haven't chased it
down, now I'm looking to fix that.
>
> 1   (06498-19) ClamAV-clamd: All attempts (1) failed connecting to
> /var/spool/amavisd/clamd.sock, retrying (1)
>
> Since this is reported by "ClamAV-clamd", I am assuming this is
coming from amavisd.conf.  My
> logic on this is that a grep search for that particular string only shows
up in the
> /etc/amavisd.conf file, when its calling the scanner.  Pasted code from
file below:
>
> @av_scanners = (
> ['ClamAV-clamd',
>   \&ask_daemon, ["CONTSCAN {}\n",
"/var/spool/amavisd/clamd.sock"],
>   qr/\bOK$/m, qr/\bFOUND$/m,
>   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>
> Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not
sure what is causing this
> or why, or how to fix.
>
and what does clamd.conf say:

cat /etc/clamd.conf | grep 'clamd.sock'


Does it match the "/var/spool/amavisd/clamd.sock" entry above?
> Here is /var/spool/amavisd contents:
>
> [run]# ls -al /var/spool/amavisd/
> total 64
> drwxr-x---   7 amavis amavis  4096 Aug 21 19:10 .
> drwxr-xr-x. 15 root   root    4096 Mar 15  2012 ..
> srwxr-x---   1 amavis amavis     0 Aug 21 19:10 amavisd.sock
> srw-rw-rw-   1 amavis amavis     0 Aug 21 19:10 clamd.sock
> drwxr-x---   2 amavis amavis  4096 Aug 21 19:10 db
> drwxr-x---   2 amavis amavis 36864 Aug 21 19:50 quarantine
> drwxr-x---   2 amavis amavis  4096 Aug 21 09:23 .razor
> drwx------   2 amavis amavis  4096 Aug 21 20:42 .spamassassin
> drwxr-x---   4 amavis amavis  4096 Aug 21 20:42 tmp
>
>
> Seems to be owned by the right group, I rebooted at 19.10 today hence
timestamp date/time.
>
Is the clamav user a member of the amavis group? i.e, does the user clam 
runs under have access to the socket?
> So, my question is, what do I need to do to eliminate this error?  How can
I chase it down?
>
Check the two most common causes above :-)
> TIA,
>
> Jay
>

>
>
> On 22/08/16 02:10, Jay Hart wrote:
>> Hello gents,
>>
>> First time poster here!
>>
>> Current system running Centos 6.8. Buddy of mine posted a few days back
about me wanting to move
>> from Postfix 2.6.x to 2.8 to above, still under centos 6.8.  I might
move over to 7, but
>> probably
>> not for a while, don't have the resources presently to make this
happen.
>>
>> Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box
fully patched using
>> stable
>> repos.
>>
>> ____ISSUE_____
>>
>> Logwatch is reporting this error, which I'm going to assume has
been occurring for a few years
>> but
>> doesn't affect sending/receiving emails, so I haven't chased it
down, now I'm looking to fix
>> that.
>>
>> 1   (06498-19) ClamAV-clamd: All attempts (1) failed connecting to
>> /var/spool/amavisd/clamd.sock, retrying (1)
>>
>> Since this is reported by "ClamAV-clamd", I am assuming this
is coming from amavisd.conf.  My
>> logic on this is that a grep search for that particular string only
shows up in the
>> /etc/amavisd.conf file, when its calling the scanner.  Pasted code from
file below:
>>
>> @av_scanners = (
>> ['ClamAV-clamd',
>>   \&ask_daemon, ["CONTSCAN {}\n",
"/var/spool/amavisd/clamd.sock"],
>>   qr/\bOK$/m, qr/\bFOUND$/m,
>>   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>>
>> Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not
sure what is causing
>> this
>> or why, or how to fix.
>>
>
> and what does clamd.conf say:
>
> cat /etc/clamd.conf | grep 'clamd.sock'
>
>
> Does it match the "/var/spool/amavisd/clamd.sock" entry above?
Yes, it matches:

[sysconfig]# cat /etc/clamd.conf |grep "clamd.sock"
LocalSocket /var/spool/amavisd/clamd.sock
>
>> Here is /var/spool/amavisd contents:
>>
>> [run]# ls -al /var/spool/amavisd/
>> total 64
>> drwxr-x---   7 amavis amavis  4096 Aug 21 19:10 .
>> drwxr-xr-x. 15 root   root    4096 Mar 15  2012 ..
>> srwxr-x---   1 amavis amavis     0 Aug 21 19:10 amavisd.sock
>> srw-rw-rw-   1 amavis amavis     0 Aug 21 19:10 clamd.sock
>> drwxr-x---   2 amavis amavis  4096 Aug 21 19:10 db
>> drwxr-x---   2 amavis amavis 36864 Aug 21 19:50 quarantine
>> drwxr-x---   2 amavis amavis  4096 Aug 21 09:23 .razor
>> drwx------   2 amavis amavis  4096 Aug 21 20:42 .spamassassin
>> drwxr-x---   4 amavis amavis  4096 Aug 21 20:42 tmp
>>
>>
>> Seems to be owned by the right group, I rebooted at 19.10 today hence
timestamp date/time.
>>
>
> Is the clamav user a member of the amavis group? i.e, does the user clam
> runs under have access to the socket?
clam:x:489:
amavis:x:488:clam

Should I amavis to the clam group?

To your second question, how can I determine this?
>
>> So, my question is, what do I need to do to eliminate this error?  How
can I chase it down?
>>
>
> Check the two most common causes above :-)
>
>> TIA,
>>
>> Jay
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

>> Logwatch is reporting this error, which I'm going to assume has
been
>> occurring for a few years but
>> doesn't affect sending/receiving emails, so I haven't chased it
down, now
>> I'm looking to fix that.
>> 
>> 1   (06498-19) ClamAV-clamd: All attempts (1) failed connecting to
>> /var/spool/amavisd/clamd.sock, retrying (1)
Since logwatch is reporting this it makes me wonder if it isnt rotating 
cleanly by logrotate and/or if the socket isn't being cleaned up properly 
so when it goe to create it, it can't because it is already there, but 
because all of the details are the same it works.

I have been able to resolve all my issues. I had three different permissions
based issues, one
included needing to point the pid file to a different location.  I'm happy
to report this is
resolved.

Jay
> Hello gents,
>
> First time poster here!
>
> Current system running Centos 6.8. Buddy of mine posted a few days back
about me wanting to move
> from Postfix 2.6.x to 2.8 to above, still under centos 6.8.  I might move
over to 7, but probably
> not for a while, don't have the resources presently to make this
happen.
>
> Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box
fully patched using stable
> repos.
>
> ____ISSUE_____
>
> Logwatch is reporting this error, which I'm going to assume has been
occurring for a few years but
> doesn't affect sending/receiving emails, so I haven't chased it
down, now I'm looking to fix that.
>
> 1   (06498-19) ClamAV-clamd: All attempts (1) failed connecting to
> /var/spool/amavisd/clamd.sock, retrying (1)
>
> Since this is reported by "ClamAV-clamd", I am assuming this is
coming from amavisd.conf.  My
> logic on this is that a grep search for that particular string only shows
up in the
> /etc/amavisd.conf file, when its calling the scanner.  Pasted code from
file below:
>
> @av_scanners = (
> ['ClamAV-clamd',
>   \&ask_daemon, ["CONTSCAN {}\n",
"/var/spool/amavisd/clamd.sock"],
>   qr/\bOK$/m, qr/\bFOUND$/m,
>   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>
> Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not
sure what is causing this
> or why, or how to fix.
>
> Here is /var/spool/amavisd contents:
>
> [run]# ls -al /var/spool/amavisd/
> total 64
> drwxr-x---   7 amavis amavis  4096 Aug 21 19:10 .
> drwxr-xr-x. 15 root   root    4096 Mar 15  2012 ..
> srwxr-x---   1 amavis amavis     0 Aug 21 19:10 amavisd.sock
> srw-rw-rw-   1 amavis amavis     0 Aug 21 19:10 clamd.sock
> drwxr-x---   2 amavis amavis  4096 Aug 21 19:10 db
> drwxr-x---   2 amavis amavis 36864 Aug 21 19:50 quarantine
> drwxr-x---   2 amavis amavis  4096 Aug 21 09:23 .razor
> drwx------   2 amavis amavis  4096 Aug 21 20:42 .spamassassin
> drwxr-x---   4 amavis amavis  4096 Aug 21 20:42 tmp
>
>
> Seems to be owned by the right group, I rebooted at 19.10 today hence
timestamp date/time.
>
> So, my question is, what do I need to do to eliminate this error?  How can
I chase it down?
>
> TIA,
>
> Jay
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>