Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Amavis/ClamAV/SA Problem & Question
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
gwong86
n00b
n00b


Joined: 06 Dec 2006
Posts: 12
PostPosted: Sun Mar 04, 2007 1:10 pm    Post subject: Amavis/ClamAV/SA Problem & Question Reply with quote
I configured a server yesterday running Postfix, Amavis, and clamav. I have it acting as a mail gateway where it filters mail and then forwards it to my Exchange server. It is currently working but I have one small problem. Everytime mail passes through Amavis reports the following error:

Mar 4 03:00:34 spam amavis[4350]: (04350-17) (!!) WARN: all primary virus scanners failed, considering backups

I installed clamav by running emerge clamav and then went into /etc/clam.conf and set the user to be amavis. I also ran chown -R amavis:amavis on /var/run/clamav, /var/db/clamav (which didn't exist), and /var/log/clamav

Does anyone have any ideas on how to resolve this problem?

Also, I wish to have the header appended to each email that is filtered and have it forwarded to the mail server. Right now any spam is being forwarded to an email account. I want to have Outlook rules setup to filter mail to user's "Junk Email" folder. I know there is an option to send any spam to an account in the /etc/amavisd.conf but I can't seem to find out where to set it only to append and then forward.

Thanks for all the help.
Back to top
View user's profile Send private message
elgato319
Guru
Guru


Joined: 15 Sep 2005
Posts: 546
PostPosted: Sun Mar 04, 2007 1:53 pm    Post subject: Reply with quote
in amavisd.conf check:

Code:

# ### http://www.clamav.net/
 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# #   uid such as clamav, add user clamav to the amavis group, and then add
# #   AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# #   this entry; when running chrooted one may prefer socket "$MYHOME/clamd".

i think you entry points to the wrong socket path

as for the spam. did you look for something ike that?
Code:

# equivalent to $virus_admin, but for spam admin notifications:
# $spam_admin = "spamalert\@$mydomain";
# $spam_admin = undef;    # do not send spam admin notifications (default)
Back to top
View user's profile Send private message
gwong86
n00b
n00b


Joined: 06 Dec 2006
Posts: 12
PostPosted: Sun Mar 04, 2007 7:02 pm    Post subject: Reply with quote
This is what is in my amavisd.conf file:

Code:
# ### http://www.clamav.net/
# ['ClamAV-clamd',
#   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
#   qr/\bOK$/, qr/\bFOUND$/,
#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: the easiest is to run clamd under the same user as amavisd; match the
# # socket name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

and this is what's in my clamd.conf file:

Code:
# Path to a local socket file the daemon will listen on.
# Default: disabled
LocalSocket /var/run/clamav/clamd


Both files look like they have the same file names. Any other suggestions?
Back to top
View user's profile Send private message
elgato319
Guru
Guru


Joined: 15 Sep 2005
Posts: 546
PostPosted: Sun Mar 04, 2007 7:16 pm    Post subject: Reply with quote
You need to uncomment the section in your amavisd config ;)
Back to top
View user's profile Send private message
gwong86
n00b
n00b


Joined: 06 Dec 2006
Posts: 12
PostPosted: Sun Mar 04, 2007 9:10 pm    Post subject: Reply with quote
Thanks elgato. Virus scanning seems to be working. Except spam messages are still getting quarantined after commenting that line out for the notification. I want spam to flow through, have the header be appended with the appropriate information, and then go to the Exchange server. For emails with viruses, I want those to be quarantined. Any suggestions?
Back to top
View user's profile Send private message
elgato319
Guru
Guru


Joined: 15 Sep 2005
Posts: 546
PostPosted: Mon Mar 05, 2007 7:36 am    Post subject: Reply with quote
i think you need those

Virus-Quarantine:

Code:

# Location to put infected mail into: (applies to 'local:' quarantine method)
#   empty for not quarantining, may be a file (Unix-style mailbox),
#   or a directory (no trailing slash)
#   (the default value is undef, meaning no quarantine)
#
$QUARANTINEDIR = "$MYHOME/quarantine";


$virus_quarantine_to  = 'virus-quarantine';


Spam Delivery:
Code:

$final_spam_destiny       = D_PASS;  # (defaults to D_BOUNCE)
Back to top
View user's profile Send private message
gwong86
n00b
n00b


Joined: 06 Dec 2006
Posts: 12
PostPosted: Mon Mar 05, 2007 6:21 pm    Post subject: Reply with quote
I have made the change but it still seems to be putting spam messages into /var/amavisd/quarantine.

Code:
# using traditional settings of $final_*_destiny variables, relying on a
# default setting of an associative array %final_destiny_by_ccat which is
# backwards compatible and contains references to these traditional variables:
#
#$final_virus_destiny      = D_DISCARD; # (defaults to D_DISCARD)
#$final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
$final_spam_destiny        = D_PASS;    # (defaults to D_BOUNCE)
#$final_spam_destiny       = D_BOUNCE;  # (defaults to D_BOUNCE)
#$final_bad_header_destiny = D_PASS;    # (defaults to D_PASS)

########
#
# Please think about what you are doing when you set these options.
# If necessary, question your origanization's e-mail policies:
#
# D_BOUNCE contributes to the overall spread of virii and spam on the
# internet. Both the envelope and header from addresses can be forged
# accurately with no effort, causing the bounces to go to innocent parties,
# whose addresses have been forged.
#
# D_DISCARD breaks internet mail specifications. However, with a
# properly implemented Quaratine system, the concern for breaking the
# specification is addressed to some extent.
#
# D_PASS is the safest way to handle e-mails. You must implement
# client-side filtering to handle this method.
#
# -Cory Visi <merlin@gentoo.org> 07/28/04
#
#######



# to explicitly list all (or most) possible contents category (ccat) keys:
%final_destiny_by_ccat = (
  CC_VIRUS,      D_DISCARD,
  CC_BANNED,     D_BOUNCE,
  CC_UNCHECKED,  D_PASS,
  CC_SPAM,       D_DISCARD,
  CC_BADH,       D_PASS,
  CC_OVERSIZED,  D_BOUNCE,
  CC_CLEAN,      D_PASS,
  CC_CATCHALL,   D_PASS,
);
Back to top
View user's profile Send private message
elgato319
Guru
Guru


Joined: 15 Sep 2005
Posts: 546
PostPosted: Mon Mar 05, 2007 7:46 pm    Post subject: Reply with quote
try:

Code:

# similar for banned names and bad headers and spam (set to undef to disable)
$spam_quarantine_to       = 'spam-quarantine';       # local quarantine


Code:

$spam_quarantine_to       = undef;
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy