ClamAV, Amavisd-new, Postfix fails

Discuss general troubleshooting concerns.

Moderators: scrumpy, Dave, leihog

ClamAV, Amavisd-new, Postfix fails

Postby internetworks on Tue Nov 24, 2009 12:38 pm

Hello,

I have tried installing ClamAV + Amavisd-new + Postfix following the instructions from "Installing SpamAssassin, ClamAV and Amavisd-new on EnGarde Secure Linux" PDF documentation file.

Well.

I have set SeLinux is permissive mode and used the webtool package manger to install all the required files according to doc.
-----------------------------------------------

freshclam doesn't work at all with all my attempts. Run it as root, vscan... It doesn't work.

ClamAV didn't start. After configuring the following options in /etc/clamd.conf it started.

LogFile /var/log/clamd.log
PidFile /var/run/clamd.pid
LocalSocket /tmp/clamd
User vscan

-----------------------------------------------
/var/log/clamd.log ownership:
-rw-r--r-- 1 vscan vscan 8393 2009-11-24 16:15 clamd.log



Now amavisd-new didn't work because I had to alter location of clamd socket as follows:
FIX:

["CONTSCAN {}\n", "/tmp/clamd"],


ERROR:

Nov 24 15:21:05 server amavis[13789]: (13789-05) ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory, retrying (2)
Nov 24 15:20:11 server postfix/smtp[15659]: 0EA70F406F: to=, orig_to=, relay=localhost[127.0.0.1]:10024, delay=7.1, delays=0.04/0.01/0/7.1, dsn=4.5.0, status=deferred (host localhost[127.0.0.1] said: 451 4.5.0 Error in processing, id=13771-04, virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 40) line 266. (in reply to end of DATA command))


I have configured:

myhostname
mydomain
sa_tag_level_deflt
sa_tag2_level_deflt2
final_spam_destiny
final_virus_destiny


according to the documentation file mentioned at the beginning.

I have also modified master.cf and main.cf for postfix as follows:

master.cf :
-----------------------------------------------
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_semd_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - y - - stmpd
-o content_filter=
-o local_recipients_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-----------------------------------------------

main.cf
-----------------------------------------------
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
-----------------------------------------------


Now. No email comes in or out. Nothing.

I think all the emails are in the postfix queue.

These errors are annoying me since I can not find a starting point on how to solve this problem:

Nov 24 16:08:27 server postfix/master[5745]: warning: /usr/libexec/postfix/stmpd: bad command startup -- throttling
Nov 24 15:53:30 server amavis[3167]: (03167-01) TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 39) line 813, line 30.



Detailed Error Logs:
-----------------------------------------------
POSTFIX ERRORS:

Code: Select all
.
.
.
Nov 24 16:08:27 server postfix/master[5745]: warning: /usr/libexec/postfix/stmpd: bad command startup -- throttling
Nov 24 16:08:27 server postfix/master[5745]: warning: process /usr/libexec/postfix/stmpd pid 5797 exit status 1
Nov 24 16:08:26 server master[5797]: fatal: master_spawn: exec /usr/libexec/postfix/stmpd: No such file or directory
Nov 24 16:08:26 server master[5797]: fatal: master_spawn: exec /usr/libexec/postfix/stmpd: No such file or directory

.
.
Nov 24 16:05:22 server master[5755]: fatal: master_spawn: exec /usr/libexec/postfix/stmpd: No such file or directory
Nov 24 16:05:22 server master[5755]: fatal: master_spawn: exec /usr/libexec/postfix/stmpd: No such file or directory
Nov 24 16:05:22 server postfix/cleanup[5752]: EE97AF406A: message-id=<20091124160522.EE97AF406A@server.XXXXXXXXXXXXXXXXXX.net>
Nov 24 16:05:22 server postfix/pickup[5748]: EE97AF406A: uid=0 from=
Nov 24 16:05:22 server postfix/qmgr[5749]: 732ABF4061: from=, size=633, nrcpt=1 (queue active)
Nov 24 16:05:22 server postfix/qmgr[5749]: 8B57AF406D: from=, size=633, nrcpt=1 (queue active)
Nov 24 16:05:22 server postfix/qmgr[5749]: AE363F404F: from=, size=1571, nrcpt=1 (queue active)
Nov 24 16:05:22 server postfix/qmgr[5749]: DAB5DF4060: from=, size=633, nrcpt=1 (queue active)
Nov 24 16:05:22 server postfix/qmgr[5749]: 1CC93F4054: from=, size=633, nrcpt=1 (queue active)
Nov 24 16:05:22 server postfix/qmgr[5749]: 11A09F4049: from=, size=633, nrcpt=1 (queue active)
Nov 24 16:05:22 server postfix/qmgr[5749]: 0EA70F406F: from=, size=633, nrcpt=1 (queue active)
Nov 24 16:05:22 server postfix/qmgr[5749]: DF42FF4065: from=, size=633, nrcpt=1 (queue active)
Nov 24 16:05:22 server postfix/qmgr[5749]: 41D6AF4055: from=, size=633, nrcpt=1 (queue active)


-----------------------------------------------
AMAVIS ERRORS:
-----------------------------------------------
Code: Select all
Nov 24 16:10:26 server postfix/smtp[5751]: 8B60AF4062: to=, relay=localhost[127.0.0.1]:10024, delay=4200, delays=3897/0.02/0.01/303, dsn=4.4.1, status=deferred (host localhost[127.0.0.1] said: 450 4.4.1 Can't connect to 127.0.0.1 port 10025,  (Operation now in progress) at /usr/sbin/amavisd line 4323,  line 79., MTA([127.0.0.1]:10025), id=03900-01 (in reply to end of DATA command))
Nov 24 16:10:26 server amavis[3900]: (03900-01) Blocked CLEAN, [127.0.0.1]  -> , Message-ID: , mail_id: DraBK3Rq6JWZ, Hits: -1.439, 303221 ms
Nov 24 16:10:26 server amavis[3900]: (03900-01) FWD via SMTP:  -> , 450 4.4.1 Can't connect to 127.0.0.1 port 10025,  (Operation now in progress) at /usr/sbin/amavisd line 4323,  line 79., MTA([127.0.0.1]:10025), id=03900-01
Nov 24 15:53:30 server amavis[3167]: (03167-01) Requesting process rundown after fatal error
Nov 24 15:53:30 server amavis[3167]: (03167-01) TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 39) line 813,  line 30.
Nov 24 15:53:30 server amavis[3167]: (03167-01) Blocked CLEAN, [78.97.154.59]  -> , Message-ID: <571135.14425.qm@web32505.mail.mud.yahoo.com>, mail_id: COhwH9lfWRVd, Hits: 0.1, 281507 ms
Nov 24 15:53:30 server amavis[3167]: (03167-01) FWD via SMTP:  -> , 450 4.4.1 Can't connect to 127.0.0.1 port 10025,  (Bad file descriptor) at /usr/sbin/amavisd line 4323,  line 68., MTA([127.0.0.1]:10025), id=03167-01
Nov 24 15:53:30 server amavis[3166]: (03166-01) Requesting process rundown after fatal error
Nov 24 15:53:30 server amavis[3166]: (03166-01) TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 39) line 813,  line 68.
Nov 24 15:53:30 server amavis[3166]: (03166-01) Blocked CLEAN, [127.0.0.1]  -> , Message-ID: , mail_id: dGOEZDBXB4V6, Hits: -1.439, 281501 ms
Nov 24 15:53:30 server amavis[3166]: (03166-01) FWD via SMTP:  -> , 450 4.4.1 Can't connect to 127.0.0.1 port 10025,  (Bad file descriptor) at /usr/sbin/amavisd line 4323,  line 141., MTA([127.0.0.1]:10025), id=03166-01
Nov 24 15:48:47 server amavis[3111]: Creating db in /var/amavis/db/; BerkeleyDB 0.27, libdb 4.3
Nov 24 15:48:47 server amavis[3111]: Using internal av scanner code for (primary) ClamAV-clamd
Nov 24 15:48:47 server amavis[3111]: No decoder for       .exe  tried: rar, unrar; lha; arj, unarj
Nov 24 15:48:47 server amavis[3111]: Internal decoder for .tnef
Nov 24 15:48:47 server amavis[3111]: No decoder for       .tnef tried: tnef
Nov 24 15:48:47 server amavis[3111]: No decoder for       .cab  tried: cabextract
Nov 24 15:48:47 server amavis[3111]: No decoder for       .lha  tried: lha
Nov 24 15:48:47 server amavis[3111]: No decoder for       .zoo  tried: zoo
Nov 24 15:48:47 server amavis[3111]: No decoder for       .arc  tried: nomarch, arc
Nov 24 15:48:47 server amavis[3111]: No decoder for       .arj  tried: arj, unarj
Nov 24 15:48:47 server amavis[3111]: No decoder for       .rar  tried: rar, unrar
Nov 24 15:48:47 server amavis[3111]: Internal decoder for .zip
Nov 24 15:48:47 server amavis[3111]: No decoder for       .deb  tried: ar
Nov 24 15:48:47 server amavis[3111]: Found decoder for    .tar  at /usr/bin/cpio
Nov 24 15:48:47 server amavis[3111]: Found decoder for    .cpio at /usr/bin/cpio
Nov 24 15:48:47 server amavis[3111]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Nov 24 15:48:47 server amavis[3111]: No decoder for       .lzo  tried: lzop -d
Nov 24 15:48:47 server amavis[3111]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
Nov 24 15:48:47 server amavis[3111]: Internal decoder for .gz 
Nov 24 15:48:47 server amavis[3111]: Found decoder for    .Z    at /usr/bin/gzip -d
Nov 24 15:48:47 server amavis[3111]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
Nov 24 15:48:47 server amavis[3111]: Internal decoder for .ync
Nov 24 15:48:47 server amavis[3111]: Internal decoder for .hqx
Nov 24 15:48:47 server amavis[3111]: Internal decoder for .uue
Nov 24 15:48:47 server amavis[3111]: Internal decoder for .asc
Nov 24 15:48:47 server amavis[3111]: Internal decoder for .mail
Nov 24 15:48:47 server amavis[3111]: No $dspam,             not using it
Nov 24 15:48:47 server amavis[3111]: Found $file            at /usr/bin/file
Nov 24 15:48:47 server amavis[3111]: Unpackers  code    loaded
Nov 24 15:48:47 server amavis[3111]: ANTI-SPAM  code    loaded
Nov 24 15:48:47 server amavis[3111]: ANTI-VIRUS code    loaded
Nov 24 15:48:47 server amavis[3111]: SMTP-in prot code  loaded
Nov 24 15:48:47 server amavis[3111]: AM.PDP prot  code  NOT loaded
Nov 24 15:48:47 server amavis[3111]: Lookup::LDAP code  NOT loaded
Nov 24 15:48:47 server amavis[3111]: Lookup::SQL  code  NOT loaded
Nov 24 15:48:47 server amavis[3111]: SQL::Quarantine    NOT loaded
Nov 24 15:48:47 server amavis[3111]: SQL::Log code      NOT loaded
Nov 24 15:48:47 server amavis[3111]: SQL base code      NOT loaded
Nov 24 15:48:47 server amavis[3111]: Amavis::Cache code loaded



Any idea on what should I do next? I really need some help.

Thank you.
internetworks
 
Posts: 41
Joined: Mon Mar 31, 2008 2:13 pm

Re: ClamAV, Amavisd-new, Postfix fails

Postby internetworks on Tue Nov 24, 2009 1:42 pm

Hello,

I have fixed freshclam.

Modify /etc/freshclam.conf:

DatabaseDirectory /usr/share/clamav
UpdateLogFile /var/log/freshclam.log
LogVerbose yes
DatabaseOwner vscan


After that:

touch /var/log/freshclam.log
chown vscan:vscan /var/log/freshclam.log



While freshclam updates for the first time the following messages appeared. It seems that the ClamAV installation is outdated.

[root@server ~]# freshclam
ClamAV update process started at Tue Nov 24 17:36:38 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.94.1 Recommended version: 0.95.3
DON'T PANIC! Read http://www.clamav.net/support/faq

nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 81.173.192.234)
Trying host database.clamav.net (155.98.64.87)...
Downloading main-50.cdiff [100%]
Downloading main-51.cdiff [100%]
main.cld updated (version: 51, sigs: 545035, f-level: 42, builder: sven)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 37, recommended = 42
DON'T PANIC! Read http://www.clamav.net/support/faq
WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 155.98.64.87)
WARNING: getpatch: Can't download daily-8543.cdiff from database.clamav.net
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 81.173.192.234)
Trying host database.clamav.net (155.98.64.87)...
WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 155.98.64.87)
WARNING: getpatch: Can't download daily-8543.cdiff from database.clamav.net
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 81.173.192.234)
Trying host database.clamav.net (155.98.64.87)...
WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 155.98.64.87)
WARNING: getpatch: Can't download daily-8543.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 81.173.192.234)
Trying host database.clamav.net (155.98.64.87)...
Downloading daily.cvd [100%]
daily.cvd updated (version: 10063, sigs: 113035, f-level: 44, builder: guitar)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 37, recommended = 44
DON'T PANIC! Read http://www.clamav.net/support/faq
Database updated (658070 signatures) from database.clamav.net (IP: 155.98.64.87)


Hope it helps someone.
internetworks
 
Posts: 41
Joined: Mon Mar 31, 2008 2:13 pm

Re: ClamAV, Amavisd-new, Postfix fails

Postby internetworks on Wed Nov 25, 2009 2:09 pm

OK.

I have tried to reset Postix configurations as it was before installing amavis and spamassassin.

It has started working again ( receiving and sending emails ) after I accessed the Webtool and switched to Strict after that to Moderate.

I have also removed all the settings I added to master.cf and main.cf.

It has finally started to work again however I don't understand what gives this error:

Nov 25 17:38:02 server postfix/qmgr[20527]: warning: connect to transport smtp-amavis: Connection refused


smtp-amavis doesn't exist at all neither in master.cf nor main.cf
amavis and spamassassin packages are removed from the system and all their configuration files were deleted.

Nov 25 17:44:29 server postfix/master[10601]: terminating on signal 15
Nov 25 17:44:29 server postfix/postfix-script[21869]: stopping the Postfix mail system
Nov 25 17:43:02 server postfix/error[21695]: EE05CF4177: to=, orig_to=, relay=none, delay=15478, delays=15478/0.03/0/0.06, dsn=4.3.0, status=deferred (mail transport unavailable)
Nov 25 17:43:02 server postfix/error[21692]: 7542EF42B0: to=, orig_to=, relay=none, delay=13078, delays=13078/0.03/0/0.06, dsn=4.3.0, status=deferred (mail transport unavailable)
Nov 25 17:43:02 server postfix/error[21693]: 20A4BF42CC: to=, orig_to=, relay=none, delay=8878, delays=8878/0.01/0/0.06, dsn=4.3.0, status=deferred (mail transport unavailable)
Nov 25 17:43:02 server postfix/error[21692]: AC85DF42CA: to=, orig_to=, relay=none, delay=9177, delays=9177/0.01/0/0.02, dsn=4.3.0, status=deferred (mail transport unavailable)
Nov 25 17:43:02 server postfix/qmgr[20527]: EE05CF4177: from=, size=633, nrcpt=1 (queue active)
Nov 25 17:43:02 server postfix/qmgr[20527]: 7542EF42B0: from=, size=633, nrcpt=1 (queue active)
Nov 25 17:43:02 server postfix/qmgr[20527]: 20A4BF42CC: from=, size=633, nrcpt=1 (queue active)
Nov 25 17:43:02 server postfix/qmgr[20527]: warning: connect to transport smtp-amavis: Connection refused
Nov 25 17:43:02 server postfix/qmgr[20527]: AC85DF42CA: from=, size=633, nrcpt=1 (queue active)
Nov 25 17:38:02 server postfix/error[20530]: C4D77F42E4: to=, orig_to=, relay=none, delay=4977, delays=4977/0.01/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable)
Nov 25 17:38:02 server postfix/qmgr[20527]: warning: connect to transport smtp-amavis: Connection refused
Nov 25 17:38:02 server postfix/qmgr[20527]: C4D77F42E4: from=, size=633, nrcpt=1 (queue active)
Nov 25 17:38:02 server postfix/master[10601]: reload configuration /etc/postfix
Nov 25 17:38:02 server postfix/postfix-script[20524]: refreshing the Postfix mail system



There is only one option for me. Completely remove postfix, amavis, spamassassin, clamav, imap and re-install them as I know it will work and use standard packages not those from the Engarde's repo.

By the way I also found an error with:
/usr/libexec/webtool/generate_snort_graphs.pl

"Illegal division by zero at /usr/lib/perl5/vendor_perl/5.8.8/GD/Graph/axestype.pm line 1962." Hard to find since it doesn't come up in the logs. I have found it in part of emails that were stored by amavis, emails that never returned to postfix.

The solution for "Illegal division by zero" is here:
http://www.engardelinux.org/forums/view ... =696#p5744

I also removed shorewall. I configured it as I needed. Started it and everything worked nice for several days. However when I tried:
iptables -F
I lost connection with the server and I couldn't access it until the provider rebooted it after 7 hours. Maybe I should have stopped shorewall first.
internetworks
 
Posts: 41
Joined: Mon Mar 31, 2008 2:13 pm

Re: ClamAV, Amavisd-new, Postfix fails

Postby Dominique24 on Thu Sep 29, 2011 3:40 am

I just really want to know if there mobile spy is a way to install clam av through the terminal. I have tried manually installing it, but it doesn't really work.
P.S. I just want Clam av to just keep my pc working at its best. I have been using windows for so long that I feel like just having an antivirus on my computer.
Dominique24
 
Posts: 2
Joined: Thu Sep 29, 2011 3:38 am


Return to General Troubleshooting

Who is online

Users browsing this forum: No registered users and 2 guests

cron