我在 centos 6.4 上安装了 amavis-new 和 clamav
/etc/clamd.d/amavisd
# cat amavisd.conf
# Use system logger.
LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
LogFacility LOG_MAIL
# This option allows you to save a process identifier of the listening
# daemon (main thread).
PidFile /var/run/amavisd/clamd.pid
# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket yes
# Run as a selected user (clamd must be started by root).
User amavis
# Path to a local socket file the daemon will listen on.
LocalSocket /var/spool/amavisd/clamd.sock
/etc/amavisd/amavisd.conf
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
但是如果我在 /var/log/maillog 中使用 viru 进行测试,我会看到
Jul 16 09:46:24 server postfix/qmgr[15064]: 36F0A19F5: from=<[email protected]>, size=407, nrcpt=1 (queue active)
Jul 16 09:46:24 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: 2
Jul 16 09:46:25 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory
Jul 16 09:46:25 server amavis[16208]: (16208-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2)
Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory
Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/spool/amavisd/clamd.sock (All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock) at (eval 113) line 600.\n
Jul 16 09:46:31 server amavis[16208]: (16208-01) (!)WARN: all primary virus scanners failed, considering backups
Jul 16 09:46:36 server amavis[16208]: (16208-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedInbound,Quarantined}, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: yDd_Z6Hv2PEK, Hits: -, size: 407, 12624 ms
Jul 16 09:46:36 server postfix/lmtp[16336]: 36F0A19F5: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=0.11/0/0/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=16208-01 - INFECTED: Eicar-Test-Signature)
Jul 16 09:46:36 server postfix/qmgr[15064]: 36F0A19F5: removed
clamd 正在运行,但在 /var/spool/amavisd 中没有 clamd.sock
ps ax | grep clam
16509 ? Ssl 0:00 clamd
16517 pts/2 S+ 0:00 grep clam
# ls /var/spool/amavisd/
amavisd.sock db quarantine tmp
答案1
答案是这样的:LocalSocket /var/spool/amavisd/clamd.sock不等于这个:["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],,您需要决定要使用哪一个,然后将两个程序都设置为使用它。
答案2
一开始没有clamd.sock 复制代码文件里面/var/spool/amavisd/目录。如果您更改本地套接字 /var/spool/amavisd/clamd.sock或者["CONTSCAN {}\n","/var/run/clamav/clamd.sock"]如上回答会出现错误,
[root@hostname ~]# /etc/init.d/clamd.amavisd restart
Starting clamd.amavisd: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.
[FAILED]
[root@hostname ~]#
无需像上面那样更改。我遇到了同样的问题。所以我只需启动 clamd.amavisd 服务即可。然后它就可以正常工作了。问题是我们没有启动clamd.amavisd 服务我们只启动 clamd 服务。
[root@hostname ~]# /etc/init.d/clamd.amavisd start
Starting clamd.amavisd: [ OK ]
[root@hostname ~]#
然后它将在 /var/spool/amavisd/ 内自动创建 clamd.sock 文件。
答案3
无需像上面那样更改。我遇到了同样的问题。所以我只需启动 clamd.amavisd 服务即可。然后它就可以正常工作。问题是我们没有启动 clamd.amavisd 服务,我们只启动了 clamd 服务。
[root@hostname ~]# /etc/init.d/clamd.amavisd start Starting clamd.amavisd: [ OK ] [root@hostname ~]#然后它将在 /var/spool/amavisd/ 内自动创建 clamd.sock 文件。
不,不行——如果你这样做,你会收到权限被拒绝的错误。