View Single Post
  #1  
Old 25th January 2010, 11:30
prisfeo prisfeo is offline
Member
 
Join Date: Jan 2010
Posts: 38
Thanks: 3
Thanked 2 Times in 2 Posts
Default amavis & clamav - strange behaviour?! misconfiguration ?

hi i am newbie here
i have installed perfectly without any errors or warnings ISP 3.0.1.6 onto Centos 5.4 server; following the perfect related guide at your site!

i have tested sending a virus message(eicar test file attached) to a test user @ domain newly created inside ispconfig in order to check spam/virus detections;
well, seeing /var/log/maillog i can see virus is correctly detected and blocked
("Blocked INFECTED (Eicar-Test-Signature)")
but a line log before i see:

"amavis[31018]: (31018-03) (!!)WARN: all primary virus scanners failed, considering backups"

(i have removed my sensible server data name)

so i have goggled for a solution ad i saw it is related to privileges of user "clamav" in relation to amavis group..
so i checked, but user "clamav" is correctly already a member of "amavis" group;
so i checked the socket configuration:
in /etc/clamd.conf
-> LocalSocket /var/run/clamav/clamd.sock

and /etc/amavisd/amavisd.conf
->
# ### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],


and you can see that they match.

..so where is the problem ?
..
another "wrong" thing is that in /var/log/maillog
i saw the system tries to send email from=<virusalert@example.com>
but i have configured in ispconfig mydomain that is not "example.com"
if i check /etc/amavisd/amavisd.conf
i can see:
$mydomain = 'websites.nameofmydomain.it'; # a convenient default for other settings

so it is correct!
but i have discovered another configuration file in /etc:
/etc/amavisd.conf
and inside it there is:
$mydomain = 'example.com'; # a convenient default for other settings

so it seems,
there are two amavis configuration files ..so my question is:
what configuration file is used from ispconfig and by the server ?

in addition, i saw that (obviously i think)
in "second" amavis config file: /etc/amavisd.conf
the "clamav" related configuration is all commented


thanks in advance..,
bye,
prisfeo.

p.s.: forgive my poor english, i am not english.

Last edited by prisfeo; 25th January 2010 at 12:20.
Reply With Quote
Sponsored Links