错误行在/var/log/邮件日志
Sep 22 12:08:20 sun amavis[4493]: (04493-09) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130922T052321-04493-crApLkq5/parts: lstat() failed: Permission denied. ERROR\n"
Sep 22 12:08:20 sun amavis[4493]: (04493-09) (!)ClamAV-clamd av-scanner FAILED: CODE(0x29185c0) unexpected , output="/var/spool/amavisd/tmp/amavis-20130922T052321-04493-crApLkq5/parts: lstat() failed: Permission denied. ERROR\n" at (eval 113) line 897.
Sep 22 12:08:20 sun amavis[4493]: (04493-09) (!)WARN: all primary virus scanners failed, considering backups
服务器用户和组
# cat /etc/passwd | grep "amavis\|clamav"
clam:x:495:493:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
amavis:x:494:492:User for amavisd-new:/var/spool/amavisd:/sbin/nologin
# id amavis
uid=494(amavis) gid=492(amavis) groups=492(amavis),493(clam)
# id clam
uid=495(clam) gid=493(clam) groups=493(clam),492(amavis)
服务
chkconfig --列表 | grep "amavisd\|clamd\|spamassassin"
amavisd 0:off 1:off 2:on 3:on 4:off 5:off 6:off
clamd 0:off 1:off 2:on 3:on 4:off 5:on 6:off
clamd.amavisd 0:off 1:off 2:on 3:on 4:off 5:off 6:off
spamassassin 0:off 1:off 2:on 3:on 4:off 5:off 6:off
/etc/clamd.conf
LocalSocket /var/run/clamav/clamd.sock
LocalSocketGroup amavis
User clam
/etc/amavisd.conf
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# # uid such as clamav, add user clamav to the amavis group, and then add
# # AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
/etc/postfix/master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
/etc/postfix/main.cf
content_filter=amavisfeed:[127.0.0.1]:10024
ls /var/spool/amavisd/tmp/
drwxr-x---. 3 amavis amavis 4096 Sep 23 15:00 amavis-20130923T150035-15730-hgztdUJP
drwxr-x---. 3 amavis amavis 4096 Sep 23 15:12 amavis-20130923T151205-16266-HUEzwmIf
ls /var/spool/amavisd/ -l
srwxr-x---. 1 amavis amavis 0 Sep 23 04:36 amavisd.sock
drwx------. 2 amavis amavis 4096 Sep 23 04:36 db
drwx------. 2 amavis amavis 4096 Feb 22 2013 quarantine
drwx------. 4 amavis amavis 4096 Sep 23 18:14 tmp
答案1
这看起来是该目录的权限问题:
/var/spool/amavisd/tmp/
根据日志消息,用户似乎amavis
无权访问该目录。
答案2
正如您所提到的,RPMForge 可以工作,但不一定是解决问题的正确方法,因为 RPMForge 不符合与 EPEL 相同的标准。
EPEL 的问题是“clam”用户无权访问 amavis 文件夹。要使其与 EPEL 一起使用非常简单:
usermod -a -G amavis clam
chmod g+rx /var/spool/amavisd/tmp
此广告会加入 amavis 组,然后授予对 amavis 组的 tmp 目录的访问权限。