ClamAV-clamd FAILED!!!

Oct 24 01:11:33 www amavis[798]: (00798-04) (!!)ask_av (ClamAV-clamd) FAILED – unexpected result: /var/amavis/tmp/amavis-20061024T003357-00798/parts: lstat() failed. ERROR
Oct 24 01:11:33 www amavis[798]: (00798-04) (!!)WARN: all primary virus scanners failed, considering backups
Oct 24 01:11:40 www postfix/smtpd[1168]: connect from localhost[127.0.0.1]
Oct 24 01:11:40 www postfix/smtpd[1168]: 0634F11441: client=localhost[127.0.0.1]
Oct 24 01:11:40 www postfix/cleanup[1164]: 0634F11441: message-id=<93f796060610231004x54b8c480x6b148696e33b1c85@mail.gmail.com>

剛剛在maillog 發現了這個問題,找了一下google
發現了問題所在,有中文版和英文版的解答
英文版:
On Wednesday 25 August 2004 08:06 am, Stephen Gran wrote:
> On Wed, Aug 25, 2004 at 02:02:44AM -0500, Elvar said:
> Hello,
> Can anyone offer any advice on what is causing the following
> errors…
>
> Aug 25 01:50:01 hostname /usr/local/sbin/amavisd[1559]: (01559-08)
> ask_av (ClamAV-clamd) FAILED – unexpected result:
> /usr/local/etc/amavis/tmp/amavis-20040824T214852-01559/parts: Access
> denied. ERROR
> Aug 25 01:50:01 hostname /usr/local/sbin/amavisd[1559]: (01559-08)
> WARN: all primary virus scanners failed, considering backups
> Aug 25 01:50:04 hostname /usr/local/sbin/amavisd[1559]: (01559-08)
> Blocked INFECTED (Worm.SomeFool.P), [68.48.53.163]
> ->
,
> quarantine: virus-20040825-015000-01559-08, Message-ID:
> <20040825064956.34E5EB0A0[at]firewall.elegan.com>, Hits: –
>
>
> I don’t always get the above errors but on the majority of incoming
> emails I do see this. When I start amavis it seems to detect clamd as
> primary and clamscan as secondary without any problems. Thanks for your
> time,
>
> Permission problems – is clamd running as user clamav? If so, make sure
> user clamav is in group amavis (or whatever group owns those
> directories, and add AllowSupplementaryGroups to clamav.conf

中文版:

如果在這些動作做完之後,在 /var/log/maillog 中發現有類似以下的錯誤訊息:

Aug 25 01:50:01 hostname /usr/local/sbin/amavisd[1559]: (01559-08)
ask_av (ClamAV-clamd) FAILED – unexpected result:
/usr/local/etc/amavis/tmp/amavis-20040824T214852-01559/parts: Access denied. ERRORn
Aug 25 01:50:01 hostname /usr/local/sbin/amavisd[1559]: (01559-08)
WARN: all primary virus scanners failed, considering backups

表示是權限設定有問題,請看看
1. clamavd 的執行者必須是 clamav (但是由 root 啟動)
2. /var/virusmails 的 owner 是誰? (可能是 vscan:vscan)
3. 檢查 /etc/group,把 clamav 加入上述的 group,像這樣: vscan:*:1001:vscan,clamav
4. 檢查 clamav.conf,確定有加入 AllowSupplementaryGroups 這個選項。

去改了一下/etc/group後,就ok了。

發佈留言

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料