How to disable Clamav or Spamassassin check in amavis?

[filipealvarez]

Hi everyone, I have a necessity to disable antivirus checks in amavis but I saw /etc/amavis/conf.d files but without success.

Can anyone help me?

Thanks

[till]

Uninstall clamav and restart amavisd.

[esmiz]

Hi Till

By the way. You wrote a great howto last year about this subject.

http://www.faqforge.com/linux/contro...n-ispconfig-3/

Thank you it's been very useful indeed, but I have always wondered if there is any reason why you do not disable spamassasin aswell ?

Regards

[till]

ISPConfig uses amavis (which internally uses the spamassassin libraries) and not spamassassin, so disabling amavis as described in the FAQ disables the spamfilter and antivirus filter.

[esmiz]

Hi Till

Thanks for your answer.
After following the FAQ, I do still have spamassassin running in the background.

Code:

server:~# ps aux | grep spamd
root      2079  0.0  2.1 106068 43648 ?        Ss   Mar23   5:11 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid
root      2657  0.0  0.0   6588   780 pts/0    S+   12:08   0:00 grep spamd
root      3001  0.0  2.0 106068 41572 ?        S    Mar23   0:02 spamd child
root      3004  0.0  2.0 106068 41572 ?        S    Mar23   0:01 spamd child
server:~#

Is this normal, or do I have a misconfigured server?
If it is not going to be used, I guess it should be safe to stop in order to save some resources.

Code:

/etc/init.d/spamassassin stop

Regards

[till]

Quote:

Is this normal, or do I have a misconfigured server?

This is spamd not from ispconfig. You can disable it.

[cbj4074]

I use Amavis and was looking to disable ClamAV, but not SpamAssassin.

First, I tried stopping the ClamAV service, but the following messages appeared in /var/log/mail.log:

Code:

amavis[3188]: (03188-16) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)
amavis[3188]: (03188-16) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 117) line 373.\n
amavis[3188]: (03188-16) (!!)WARN: all primary virus scanners failed, considering backups

Needless to say, I didn't want these messages in my log, even though Amavis appeared to function OK despite them.

So, I tried this approach next:

Quote:

Originally Posted by till

Uninstall clamav and restart amavisd.

But /var/log/mail.log began filling-up with these similar but slightly longer messages:

Code:

amavis[14163]: (14163-01) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)
amavis[14163]: (14163-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 117) line 373.\n
amavis[14163]: (14163-01) (!!)WARN: all primary virus scanners failed, considering backups
amavis[14163]: (14163-01) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED
amavis[14163]: (14163-01) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20120103T111031-14163

Next, I tried what seemed to be a "proper fix", per http://opensource.apple.com/source/a.../amavisd.conf:

Quote:

# COMMONLY ADJUSTED SETTINGS:

# @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code

So, I un-commented the following lines in /etc/amavis/conf.d/15-content_filter_mode:

Code:

#@bypass_virus_checks_maps = (
#   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

and restarted Amavis:

Code:

service amavis restart

Well, this still didn't do the job. The same messages continued to appear in the mail log.

So, as a last resort, I commented-out the following lines (the lines with ##) in /etc/amavis/conf.d/15-av_scanners:

Code:

### http://www.clamav.net/
## ['ClamAV-clamd',
##   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
##   qr/\bOK$/m, qr/\bFOUND$/m,
##   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# NOTE: run clamd under the same user as amavisd, or run it under its own
#   uid such as clamav, add user clamav to the amavis group, and then add
#   AllowSupplementaryGroups to clamd.conf;
# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
#   this entry; when running chrooted one may prefer socket "$MYHOME/clamd".

and, again, restarted Amavis.

I was shocked to find the following in the log, still:

Code:

amavis[17441]: (17441-01) (!!)WARN: all primary virus scanners failed, considering backups
amavis[17441]: (17441-01) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: NO VIRUS SCANNERS AVAILABLE
amavis[17441]: (17441-01) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20120103T113827-17441
postfix/smtp[17600]: B499634E422E: to=<user@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.21, delays=0.12/0.01/0.01/0.08, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=17441-01, virus_scan FAILED: AV: NO VIRUS SCANNERS AVAILABLE (in reply to end of DATA command))

I'm running out of ideas. Does anyone know how to disable virus-checking within Amavis altogether?

[cbj4074]

Well, after making the changes mentioned in my previous post, email ceased to be delivered all together (the mail queue began to fill-up).

Upon further investigation, I realized that I had misread the Amavis documentation: it states that antivirus is disabled by default and that to enable it, un-comment

Code:

# @bypass_virus_checks_maps = (...

In other words, Amavis's behavior should be the default: not to virus scan.

Why, then, with the above line commented, am I seeing the following in /var/log/mail.log?

Code:

amavis[25694]: (25694-01) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)
amavis[25694]: (25694-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 117) line 373.\n
amavis[25694]: (25694-01) (!!)WARN: all primary virus scanners failed, considering backups
amavis[25694]: (25694-01) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED
amavis[25694]: (25694-01) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20120103T132643-25694
postfix/smtp[25871]: 4F4D334E4205: to=<user@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.4, delays=0.28/0.01/0.01/7.1, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=25694-01, virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED (in reply to end of DATA command))

Boy, this is frustrating.

[cbj4074]

Thanks to this post ( http://www.howtoforge.com/forums/showthread.php?t=44443 ), I realized my error: the change has to be made in /etc/amavis/conf.d/50-user, instead, as this file overrides 15-content_filter_mode.

Code:

# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

#@bypass_virus_checks_maps = (
#   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

Don't forget to restart Amavis:

Code:

# service amavis restart

ClamAV can then be disabled at start-up (e.g., by disabling the service on boot) or uninstalled/removed completely.

Case closed.

[cbj4074]

Well, here we are over a year later, and I'm trying to disable ClamAV on a given ISPConfig 3 server, while leaving Amavis intact.

I tried following the steps that I had posted last year only to find that these two lines are already commented:

Code:

#@bypass_virus_checks_maps = (
#   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

I uninstalled ClamAV and still the mail log is filling-up with:

Code:

Jan  8 07:11:03 example amavis[7945]: (07945-14) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)
Jan  8 07:11:09 example amavis[7945]: (07945-14) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 117) line 373.\n
Jan  8 07:11:09 example amavis[7945]: (07945-14) (!!)WARN: all primary virus scanners failed, considering backups
Jan  8 07:11:09 example amavis[7945]: (07945-14) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED
Jan  8 07:11:09 example amavis[7945]: (07945-14) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20130108T071101-07945
Jan  8 07:11:09 example postfix/smtp[1877]: E0F2E6A3009F: to=<user@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.1, delays=0.06/0/0/7.1, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=07945-14, virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED (in reply to end of DATA command))

How can I get rid of this $%&*#@! (ClamAV) once and for all?