Amavis reporting virus scan failed however still working

Discussion in 'Server Operation' started by altiris, Jul 27, 2014.

  1. altiris

    altiris New Member

    Hello HowtoForge community I have a question for you guys. I was reading some of the maillog file to look for any errors or anything suspicious and I noticed that these three lines show up every one in a while in the maillog file, (I am running postfix/dovecot mail server on a centos 6.5 machine with clamav-0.98.4, spamassassin-3.3.1, and amavisd-new-2.9.1)
    Code:
    amavis[2601]: (02601-05) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20140628T132203-02601-nBfopBxN/parts: lstat() failed: Permission denied. ERROR\n"
    Jun 28 14:34:02 mycomputer amavis[2601]: (02601-05) (!)ClamAV-clamd av-scanner FAILED: CODE(0x20dd0f0) unexpected , output="/var/spool/amavisd/tmp/amavis-20140628T132203-02601-nBfopBxN/parts: lstat() failed: Permission denied. ERROR\n" at (eval 113) line 897.
    Jun 28 14:34:02 mycomputer amavis[2601]: (02601-05) (!)WARN: all primary virus scanners failed, considering backups
    However, I downloaded the eicar.com file (a harmless file used to test anti virus software) and sent it to myself on my mail server, and when I check the logs it successfully blocked the virus.
    Code:
    postfix/qmgr[10276]: BC401BE09AD: from=<virusalert@mydomain.com>, size=2443, nrcpt=1 (queue active)
    Jun 28 14:34:09 mycomputer amavis[2601]: (02601-05) Blocked INFECTED (Eicar-Test-Signature) {DiscardedInternal,Quarantined}, MYNETS LOCAL [127.0.0.1]:34517 [127.0.0.1] <tom@mydomain.com> -> <tom@mydomain.com>, Message-ID: <351b98fda55cfd4360943020a61412f5@mydomain.com> mail_id: xYIkFsErmQGg, Hits: -, size: 1015, 7068 ms
    Jun 28 14:34:09 mycomputer postfix/lmtp[11769]: 9D153BE072F: to=<tom@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.2, delays=0.1/0.02/0.01/7.1, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=02601-05 - INFECTED: Eicar-Test-Signature)
    Jun 28 14:34:09 mycomputer postfix/qmgr[10276]: 9D153BE072F: removed
    Jun 28 14:34:10 mycomputer postfix/smtp[11810]: connect to mydomain.net[174.132.240.146]:25: Connection refused
    So, is it working? Should I not worry about the error (almost sure I should)?

    (I followed this guide to setup amavisd, spam assassin, and clamav for postfix/dovecot http://wiki.centos.org/HowTos/Amavisd)
    Thank you in advanced for helping me!
     
  2. srijan

    srijan New Member HowtoForge Supporter

    Hi

    The errors can be ignored. Please check whether clamav (clamd) service is running, otherwise restart the service & then check again.
     

Share This Page