[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Amavis + Postfix + Clamav

Olá,

	Tinha uma situação parecida com o problema de socket. Não sei se eh porque o postfix roda em chroot ou se foi por algum outro motivo que desconheço, mas o que resolveu a minha situação foi comentar a linha  no conf do clamav FixStaleSocket

[]'s
Tiago.


On Wed, 17 Mar 2004 18:40:42 -0300
"Thiago M. Zerbinato" <thiagozerbinato@yahoo.com.br> wrote:

> Pessoal,
> 
> Configurei o Postfix para trabalhar com o Amavis-New + Clamav
> 
> A configuraçao ficou da seguinte forma:
> 
> /etc/postfix/main.cf
> 
> # Para o Clamav trabalhar com Postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> soft_bounce = yes
> 
> /etc/postfix/master.cf
> 
> # Amavis + Clamav
> smtp-amavis unix -      -       n     -       2  smtp -o 
> smtp_data_done_timeout=1200 -o disable_dns_lookups=yes
> 
> 127.0.0.1:10025 inet n  -       n     -       -         smtpd -o 
> content_filter=  -o local_recipient_maps=    -o relay_recipient_maps= 
> -o smtpd_restriction_classes=   -o smtpd_client_restrictions=  -o 
> smtpd_helo_restrictions=   -o smtpd_sender_restrictions=  -o 
> smtpd_recipient_restrictions=permit_mynetworks,reject  -o 
> mynetworks=127.0.0.0/8   -o strict_rfc821_envelopes=yes
> 
> Esta funcionando ... Qdo envio um virus a um usuario da rede ele é 
> barrado e eu recebo a notificaçao que tentei enviar um virus ...
> 
> mas estou achando meu log estranho ....
> 
> Vamos por partes ....
> 
> Iniciando o Amavis-New
> 
> Mar 17 18:35:38 diamond amavis[28927]: starting.  amavisd-new at diamond 
> amavisd-new-20030616-p5
> Mar 17 18:35:38 diamond amavis[28927]: Perl version               5.006001
> Mar 17 18:35:38 diamond amavis[28927]: Module Amavis::Conf        1.15
> Mar 17 18:35:38 diamond amavis[28927]: Module Archive::Tar        0.22
> Mar 17 18:35:38 diamond amavis[28927]: Module Archive::Zip        0.11
> Mar 17 18:35:38 diamond amavis[28927]: Module Compress::Zlib      1.16
> Mar 17 18:35:38 diamond amavis[28927]: Module Convert::TNEF       0.16
> Mar 17 18:35:38 diamond amavis[28927]: Module Convert::UUlib      0.201
> Mar 17 18:35:38 diamond amavis[28927]: Module MIME::Entity        5.404
> Mar 17 18:35:38 diamond amavis[28927]: Module MIME::Parser        5.406
> Mar 17 18:35:38 diamond amavis[28927]: Module MIME::Tools         5.411
> Mar 17 18:35:38 diamond amavis[28927]: Module Mail::Header        1.44
> Mar 17 18:35:38 diamond amavis[28927]: Module Mail::Internet      1.44
> Mar 17 18:35:38 diamond amavis[28927]: Module Net::Cmd            2.24
> Mar 17 18:35:38 diamond amavis[28927]: Module Net::SMTP           2.26
> Mar 17 18:35:38 diamond amavis[28927]: Module Net::Server         0.84
> Mar 17 18:35:38 diamond amavis[28927]: Module Time::HiRes         01.20
> Mar 17 18:35:38 diamond amavis[28927]: Module Unix::Syslog        0.98
> Mar 17 18:35:38 diamond amavis[28927]: Found myself: 
> /usr/sbin/amavisd-new -c /etc/amavis/amavisd.conf
> Mar 17 18:35:38 diamond amavis[28927]: Lookup::SQL code       NOT loaded
> Mar 17 18:35:38 diamond amavis[28927]: Lookup::LDAP code      NOT loaded
> Mar 17 18:35:38 diamond amavis[28927]: AMCL-in protocol code  NOT loaded
> Mar 17 18:35:38 diamond amavis[28927]: SMTP-in protocol code  loaded
> Mar 17 18:35:38 diamond amavis[28927]: ANTI-VIRUS code        loaded
> Mar 17 18:35:38 diamond amavis[28927]: ANTI-SPAM  code        NOT loaded
> Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Process Backgrounded
> Mar 17 18:35:38 diamond amavis[28928]: Net::Server: 2004/03/17-18:35:38 
> Amavis (type Net::Server::PreForkSimple) starting! pid(28928)
> Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Binding to TCP port 
> 10024 on host 127.0.0.1
> Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Setting gid to "104 104"
> Mar 17 18:35:38 diamond amavis[28928]: Net::Server: Setting uid to "102"
> Mar 17 18:35:38 diamond amavis[28928]: Found $file       at /usr/bin/file
> Mar 17 18:35:38 diamond amavis[28928]: Found $arc        at /usr/bin/arc
> Mar 17 18:35:38 diamond amavis[28928]: Found $gzip       at /bin/gzip
> Mar 17 18:35:38 diamond amavis[28928]: Found $bzip2      at /usr/bin/bzip2
> Mar 17 18:35:38 diamond amavis[28928]: No $lzop,         not using it
> Mar 17 18:35:38 diamond amavis[28928]: Found $lha        at /usr/bin/lha
> Mar 17 18:35:38 diamond amavis[28928]: Found $unarj      at /usr/bin/unarj
> Mar 17 18:35:38 diamond amavis[28928]: Found $uncompress at /bin/uncompress
> Mar 17 18:35:38 diamond amavis[28928]: No $unfreeze,     not using it
> Mar 17 18:35:38 diamond amavis[28928]: Found $unrar      at /usr/bin/unrar
> Mar 17 18:35:38 diamond amavis[28928]: No $zoo,          not using it
> Mar 17 18:35:38 diamond amavis[28928]: Found $cpio       at /bin/cpio
> Mar 17 18:35:38 diamond amavis[28928]: Using internal av scanner code 
> for (primary) Clam Antivirus-clamd
> Mar 17 18:35:38 diamond amavis[28928]: Found secondary av scanner Clam 
> Antivirus - clamscan at /usr/bin/clamscan
> 
> Iniciando o Clamd... nao tem problemas....
> 
> 
> inicio o postfix .... tudo ok... agora qdo chega um virus ... olha só
> 
> Mar 17 18:38:16 diamond postfix/qmgr[29031]: 20D3516DC7: 
> from=<thiagozerbinato@yahoo.com.br>, size=1557, nrcpt=1 (queue active)
> Mar 17 18:38:16 diamond amavis[28929]: (28929-01) ESMTP::10024 
> /var/lib/amavis/amavis-20040317T183816-28929: 
> <thiagozerbinato@yahoo.com.br> -> <thiagomz@logisticaeprocessos.com.br> 
> Received: SIZE=1557 from diamond ([127.0.0.1]) by localhost (diamond 
> [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28929-01 for 
> <thiagomz@logisticaeprocessos.com.br>; Wed, 17 Mar 2004 18:38:16 -0300 (BRT)
> Mar 17 18:38:16 diamond amavis[28929]: (28929-01) Checking: 
> <thiagozerbinato@yahoo.com.br> -> <thiagomz@logisticaeprocessos.com.br>
> Mar 17 18:38:16 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd: 
> Can't connect to UNIX socket /var/run/clamd.ctl: No such file or 
> directory, retrying (1)
> Mar 17 18:38:16 diamond postfix/smtpd[29038]: disconnect from 
> smtp104.mail.sc5.yahoo.com[66.163.169.223]
> Mar 17 18:38:17 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd: 
> Can't connect to UNIX socket /var/run/clamd.ctl: No such file or 
> directory, retrying (2)
> Mar 17 18:38:23 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd: 
> Can't connect to UNIX socket /var/run/clamd.ctl: No such file or 
> directory, retrying (3)
> Mar 17 18:38:34 diamond amavis[28929]: (28929-01) Clam Antivirus-clamd 
> av-scanner FAILED: Too many retries to talk to /var/run/clamd.ctl (Can't 
> connect to UNIX socket /var/run/clamd.ctl: No such file or directory) at 
> (eval 34) line 179.
> Mar 17 18:38:34 diamond amavis[28929]: (28929-01) WARN: all primary 
> virus scanners failed, considering backups
> Mar 17 18:38:35 diamond amavis[28929]: (28929-01) local delivery: 
> <thiagozerbinato@yahoo.com.br> -> <virus-quarantine>, 
> mbx=/var/lib/amavis/virusmails/virus-20040317-183835-28929-01
> Mar 17 18:38:35 diamond amavis[28929]: (28929-01) SEND via SMTP: 
> [127.0.0.1:10025] <> -> <thiagozerbinato@yahoo.com.br>
> Mar 17 18:38:35 diamond postfix/smtpd[29048]: connect from 
> localhost[127.0.0.1]
> Mar 17 18:38:35 diamond postfix/smtpd[29048]: D7F1817CA7: 
> client=localhost[127.0.0.1]
> Mar 17 18:38:35 diamond postfix/cleanup[29039]: D7F1817CA7: 
> message-id=<VS28929-01@diamond>
> Mar 17 18:38:35 diamond postfix/qmgr[29031]: D7F1817CA7: from=<>, 
> size=3740, nrcpt=1 (queue active)
> Mar 17 18:38:35 diamond postfix/smtpd[29048]: disconnect from 
> localhost[127.0.0.1]
> Mar 17 18:38:35 diamond amavis[28929]: (28929-01) INFECTED 
> (Eicar-Test-Signature), <thiagozerbinato@yahoo.com.br> -> 
> <thiagomz@logisticaeprocessos.com.br>, quarantine 
> virus-20040317-183835-28929-01, Message-ID: 
> <4058C3FE.1000504@yahoo.com.br>, Hits: -
> Mar 17 18:38:35 diamond amavis[28929]: (28929-01) TIMING [total 19939 
> ms] - SMTP EHLO: 8 (0%), SMTP pre-MAIL: 1 (0%), mkdir tempdir: 1 (0%), 
> create email.txt: 1 (0%), SMTP pre-DATA-flush: 6 (0%), SMTP DATA: 32 
> (0%), body hash: 1 (0%), mkdir parts: 1 (0%), mime_decode: 47 (0%), 
> get-file-type: 15 (0%), get-file-type: 10 (0%), decompose_part: 3 (0%), 
> decompose_part: 1 (0%), parts: 0 (0%), AV-scan-1: 18033 (90%), 
> AV-scan-2: 1629 (8%), write-header: 8 (0%), save-to-local-mailbox: 1 
> (0%), fwd-connect: 61 (0%), fwd-mail-from: 3 (0%), fwd-rcpt-to: 3 (0%), 
> write-header: 6 (0%), fwd-data: 26 (0%), fwd-data-end: 34 (0%), 
> fwd-rundown: 2 (0%), unlink-2-files: 6 (0%), rundown: 1 (0%)
> Mar 17 18:38:35 diamond postfix/smtp[29044]: 20D3516DC7: 
> to=<thiagomz@logisticaeprocessos.com.br>, relay=127.0.0.1[127.0.0.1], 
> delay=20, status=sent (250 2.5.0 Ok, id=28929-01, BOUNCE)
> Mar 17 18:38:38 diamond postfix/smtp[29033]: D7F1817CA7: 
> to=<thiagozerbinato@yahoo.com.br>, 
> relay=mx2.mail.yahoo.com[64.157.4.78], delay=3, status=sent (250 ok dirdel)
> 
> ele falha varias vezes ...
> 
> Can't connect to UNIX socket /var/run/clamd.ctl: No such file or 
> directory, retrying (1)
> 
> Outro coisa estranha é isso
> 
> Mar 17 18:35:38 diamond amavis[28928]: Using internal av scanner code 
> for (primary) Clam Antivirus-clamd
> Mar 17 18:35:38 diamond amavis[28928]: Found secondary av scanner Clam 
> Antivirus - clamscan at /usr/bin/clamscan
> 
> nao deveria se o contrario ????
> 
> -- 
> Att.
> 
>   .''`.   Thiago Marangoni Zerbinato - thiagomz
> : :'  :  thiagomz@ig.com.br - UIN #75311127
> `. `'`   http://mod-extreme.kit.net - http://forumgdh.net
>    `-     irc.debian.org #debian-br
>           GNU/Linux User #286429 - Debian User #534
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-portuguese-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>
Reply to: