Hello gents, First time poster here! Current system running Centos 6.8. Buddy of mine posted a few days back about me wanting to move from Postfix 2.6.x to 2.8 to above, still under centos 6.8. I might move over to 7, but probably not for a while, don't have the resources presently to make this happen. Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box fully patched using stable repos. ____ISSUE_____ Logwatch is reporting this error, which I'm going to assume has been occurring for a few years but doesn't affect sending/receiving emails, so I haven't chased it down, now I'm looking to fix that. 1 (06498-19) ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (1) Since this is reported by "ClamAV-clamd", I am assuming this is coming from amavisd.conf. My logic on this is that a grep search for that particular string only shows up in the /etc/amavisd.conf file, when its calling the scanner. Pasted code from file below: @av_scanners = ( ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not sure what is causing this or why, or how to fix. Here is /var/spool/amavisd contents: [run]# ls -al /var/spool/amavisd/ total 64 drwxr-x--- 7 amavis amavis 4096 Aug 21 19:10 . drwxr-xr-x. 15 root root 4096 Mar 15 2012 .. srwxr-x--- 1 amavis amavis 0 Aug 21 19:10 amavisd.sock srw-rw-rw- 1 amavis amavis 0 Aug 21 19:10 clamd.sock drwxr-x--- 2 amavis amavis 4096 Aug 21 19:10 db drwxr-x--- 2 amavis amavis 36864 Aug 21 19:50 quarantine drwxr-x--- 2 amavis amavis 4096 Aug 21 09:23 .razor drwx------ 2 amavis amavis 4096 Aug 21 20:42 .spamassassin drwxr-x--- 4 amavis amavis 4096 Aug 21 20:42 tmp Seems to be owned by the right group, I rebooted at 19.10 today hence timestamp date/time. So, my question is, what do I need to do to eliminate this error? How can I chase it down? TIA, Jay
On 22/08/16 02:10, Jay Hart wrote:> Hello gents, > > First time poster here! > > Current system running Centos 6.8. Buddy of mine posted a few days back about me wanting to move > from Postfix 2.6.x to 2.8 to above, still under centos 6.8. I might move over to 7, but probably > not for a while, don't have the resources presently to make this happen. > > Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box fully patched using stable > repos. > > ____ISSUE_____ > > Logwatch is reporting this error, which I'm going to assume has been occurring for a few years but > doesn't affect sending/receiving emails, so I haven't chased it down, now I'm looking to fix that. > > 1 (06498-19) ClamAV-clamd: All attempts (1) failed connecting to > /var/spool/amavisd/clamd.sock, retrying (1) > > Since this is reported by "ClamAV-clamd", I am assuming this is coming from amavisd.conf. My > logic on this is that a grep search for that particular string only shows up in the > /etc/amavisd.conf file, when its calling the scanner. Pasted code from file below: > > @av_scanners = ( > ['ClamAV-clamd', > \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"], > qr/\bOK$/m, qr/\bFOUND$/m, > qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], > > Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not sure what is causing this > or why, or how to fix. >and what does clamd.conf say: cat /etc/clamd.conf | grep 'clamd.sock' Does it match the "/var/spool/amavisd/clamd.sock" entry above?> Here is /var/spool/amavisd contents: > > [run]# ls -al /var/spool/amavisd/ > total 64 > drwxr-x--- 7 amavis amavis 4096 Aug 21 19:10 . > drwxr-xr-x. 15 root root 4096 Mar 15 2012 .. > srwxr-x--- 1 amavis amavis 0 Aug 21 19:10 amavisd.sock > srw-rw-rw- 1 amavis amavis 0 Aug 21 19:10 clamd.sock > drwxr-x--- 2 amavis amavis 4096 Aug 21 19:10 db > drwxr-x--- 2 amavis amavis 36864 Aug 21 19:50 quarantine > drwxr-x--- 2 amavis amavis 4096 Aug 21 09:23 .razor > drwx------ 2 amavis amavis 4096 Aug 21 20:42 .spamassassin > drwxr-x--- 4 amavis amavis 4096 Aug 21 20:42 tmp > > > Seems to be owned by the right group, I rebooted at 19.10 today hence timestamp date/time. >Is the clamav user a member of the amavis group? i.e, does the user clam runs under have access to the socket?> So, my question is, what do I need to do to eliminate this error? How can I chase it down? >Check the two most common causes above :-)> TIA, > > Jay >
> > > On 22/08/16 02:10, Jay Hart wrote: >> Hello gents, >> >> First time poster here! >> >> Current system running Centos 6.8. Buddy of mine posted a few days back about me wanting to move >> from Postfix 2.6.x to 2.8 to above, still under centos 6.8. I might move over to 7, but >> probably >> not for a while, don't have the resources presently to make this happen. >> >> Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box fully patched using >> stable >> repos. >> >> ____ISSUE_____ >> >> Logwatch is reporting this error, which I'm going to assume has been occurring for a few years >> but >> doesn't affect sending/receiving emails, so I haven't chased it down, now I'm looking to fix >> that. >> >> 1 (06498-19) ClamAV-clamd: All attempts (1) failed connecting to >> /var/spool/amavisd/clamd.sock, retrying (1) >> >> Since this is reported by "ClamAV-clamd", I am assuming this is coming from amavisd.conf. My >> logic on this is that a grep search for that particular string only shows up in the >> /etc/amavisd.conf file, when its calling the scanner. Pasted code from file below: >> >> @av_scanners = ( >> ['ClamAV-clamd', >> \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"], >> qr/\bOK$/m, qr/\bFOUND$/m, >> qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], >> >> Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not sure what is causing >> this >> or why, or how to fix. >> > > and what does clamd.conf say: > > cat /etc/clamd.conf | grep 'clamd.sock' > > > Does it match the "/var/spool/amavisd/clamd.sock" entry above?Yes, it matches: [sysconfig]# cat /etc/clamd.conf |grep "clamd.sock" LocalSocket /var/spool/amavisd/clamd.sock> >> Here is /var/spool/amavisd contents: >> >> [run]# ls -al /var/spool/amavisd/ >> total 64 >> drwxr-x--- 7 amavis amavis 4096 Aug 21 19:10 . >> drwxr-xr-x. 15 root root 4096 Mar 15 2012 .. >> srwxr-x--- 1 amavis amavis 0 Aug 21 19:10 amavisd.sock >> srw-rw-rw- 1 amavis amavis 0 Aug 21 19:10 clamd.sock >> drwxr-x--- 2 amavis amavis 4096 Aug 21 19:10 db >> drwxr-x--- 2 amavis amavis 36864 Aug 21 19:50 quarantine >> drwxr-x--- 2 amavis amavis 4096 Aug 21 09:23 .razor >> drwx------ 2 amavis amavis 4096 Aug 21 20:42 .spamassassin >> drwxr-x--- 4 amavis amavis 4096 Aug 21 20:42 tmp >> >> >> Seems to be owned by the right group, I rebooted at 19.10 today hence timestamp date/time. >> > > Is the clamav user a member of the amavis group? i.e, does the user clam > runs under have access to the socket?clam:x:489: amavis:x:488:clam Should I amavis to the clam group? To your second question, how can I determine this?> >> So, my question is, what do I need to do to eliminate this error? How can I chase it down? >> > > Check the two most common causes above :-) > >> TIA, >> >> Jay >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
>> Logwatch is reporting this error, which I'm going to assume has been >> occurring for a few years but >> doesn't affect sending/receiving emails, so I haven't chased it down, now >> I'm looking to fix that. >> >> 1 (06498-19) ClamAV-clamd: All attempts (1) failed connecting to >> /var/spool/amavisd/clamd.sock, retrying (1)Since logwatch is reporting this it makes me wonder if it isnt rotating cleanly by logrotate and/or if the socket isn't being cleaned up properly so when it goe to create it, it can't because it is already there, but because all of the details are the same it works.
I have been able to resolve all my issues. I had three different permissions based issues, one included needing to point the pid file to a different location. I'm happy to report this is resolved. Jay> Hello gents, > > First time poster here! > > Current system running Centos 6.8. Buddy of mine posted a few days back about me wanting to move > from Postfix 2.6.x to 2.8 to above, still under centos 6.8. I might move over to 7, but probably > not for a while, don't have the resources presently to make this happen. > > Running Centos 6.8, postfix 2.6.6, clamav 0.99.1. Basic Centos 6.8 box fully patched using stable > repos. > > ____ISSUE_____ > > Logwatch is reporting this error, which I'm going to assume has been occurring for a few years but > doesn't affect sending/receiving emails, so I haven't chased it down, now I'm looking to fix that. > > 1 (06498-19) ClamAV-clamd: All attempts (1) failed connecting to > /var/spool/amavisd/clamd.sock, retrying (1) > > Since this is reported by "ClamAV-clamd", I am assuming this is coming from amavisd.conf. My > logic on this is that a grep search for that particular string only shows up in the > /etc/amavisd.conf file, when its calling the scanner. Pasted code from file below: > > @av_scanners = ( > ['ClamAV-clamd', > \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"], > qr/\bOK$/m, qr/\bFOUND$/m, > qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], > > Best I can determine /var/spool/amavisd/clamd.sock file exists. So, not sure what is causing this > or why, or how to fix. > > Here is /var/spool/amavisd contents: > > [run]# ls -al /var/spool/amavisd/ > total 64 > drwxr-x--- 7 amavis amavis 4096 Aug 21 19:10 . > drwxr-xr-x. 15 root root 4096 Mar 15 2012 .. > srwxr-x--- 1 amavis amavis 0 Aug 21 19:10 amavisd.sock > srw-rw-rw- 1 amavis amavis 0 Aug 21 19:10 clamd.sock > drwxr-x--- 2 amavis amavis 4096 Aug 21 19:10 db > drwxr-x--- 2 amavis amavis 36864 Aug 21 19:50 quarantine > drwxr-x--- 2 amavis amavis 4096 Aug 21 09:23 .razor > drwx------ 2 amavis amavis 4096 Aug 21 20:42 .spamassassin > drwxr-x--- 4 amavis amavis 4096 Aug 21 20:42 tmp > > > Seems to be owned by the right group, I rebooted at 19.10 today hence timestamp date/time. > > So, my question is, what do I need to do to eliminate this error? How can I chase it down? > > TIA, > > Jay > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >