Error with clamd amavisd CentOS 7

amaviscentos7clamavemail-server

I am getting issue with clamd and amavisd please see error message below
I am running an email server on CentOS 7.3….. amavisd and clamd seems working fine, but they keep jump up with errors every time before I send mails from my email server, and get errors if I send mails from Gmail to my email server.

Apr  4 15:37:49 mail postfix/smtpd[3367]: connect from mail-pg0-f45.google.com[74.12*.**.**]
Apr  4 15:37:49 mail postfix/smtpd[3367]: E42B1606A5C9: client=mail-pg0-f45.google.com[74.12*.**.**]
Apr  4 15:37:50 mail postfix/cleanup[3371]: E42B1606A5C9: message-id=<CAC-5EtvTiKHMGZXukkj=4rxhOKiD1f3oifaBE6QnmCnbgjM10A@mail.gmail.com>
Apr  4 15:37:50 mail postfix/qmgr[1374]: E42B1606A5C9: from=<wil*******@gmail.com>, size=2488, nrcpt=1 (queue active)
Apr  4 15:37:50 mail postfix/smtpd[3367]: disconnect from mail-pg0-f45.google.com[74.12*.**.**]
Apr  4 15:37:50 mail amavis[2097]: (02097-02) (!)connect to /var/run/clamd.amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/run/clamd.amavisd/clamd.sock: No such file or directory
Apr  4 15:37:51 mail amavis[2097]: (02097-02) (!)connect to /var/run/clamd.amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/run/clamd.amavisd/clamd.sock: No such file or directory
Apr  4 15:37:51 mail amavis[2097]: (02097-02) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock, retrying (2)
Apr  4 15:37:57 mail amavis[2097]: (02097-02) (!)connect to /var/run/clamd.amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/run/clamd.amavisd/clamd.sock: No such file or directory
Apr  4 15:37:57 mail amavis[2097]: (02097-02) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 129) line 613.\n
Apr  4 15:37:57 mail amavis[2097]: (02097-02) (!)WARN: all primary virus scanners failed, considering backups

Please help, really appreciate it!

Best Answer

tl;dr:

setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit on

yum install clamav-scanner-systemd

cd /usr/lib/systemd/system
cp clamd\@scan.service clamd\@amavisd.service

systemctl start clamd@amavisd
systemctl enable clamd@amavisd
systemctl restart amavisd

The long version:

My guess is you're getting a "no such file or directory" error because the socket /var/run/clamd.amavisd/clamd.sock doesn't exist, which in turn is because the clam daemon isn't installed or running and listening on that socket.

To fix, try

yum install clamav-scanner-systemd

...which includes the daemon, clamd.

By default, the service that comes with it, /usr/lib/systemd/system/clamd@scan.service, which in turn includes /usr/lib/systemd/system/clamd@.service, tries to open the wrong config file, by virtue of the %i in the service which is a placeholder for the instance name. To make the service use the amavis conf file instead, copy it to an appropriately instantiated unit:

cd /usr/lib/systemd/system
cp clamd\@scan.service clamd\@amavisd.service

(see 9.6.5. Working with Instantiated Units in the RHEL 7 documentation for more on this)

Finally, try

systemctl start clamd@amavisd

and check it's running now, with

systemctl status clamd@amavisd

And finally enable it with

systemctl enable clamd@amavisd

Checking the contents of /var/run/clamd.amavisd, you should now find clamd.sock is present.

For good measure,

systemctl restart amavisd

And double check your logfiles that everything is working now.

If not, and if SELinux is enforcing, you may need to run the following first, for ClamAV and freshclam to function:

setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit on

SASL Authentication Check List

Base on question and comments, sasl may not be setup correctly. Following check list is created base on Ubunut Guide provided in question.

Check file/etc/postfix/sasl/smtpd.conf, should be like following
```
pwcheck_method: saslauthd
mech_list: plain login
```

Check libsasl installed

dpkg -l | grep sasl

Should have the following (version number may differ)

ii  libsasl2-2           2.1.25.dfsg1-4    Cyrus SASL - authentication abstraction library
ii  libsasl2-modules     2.1.25.dfsg1-4    Cyrus SASL - pluggable authentication modules
ii  sasl2-bin            2.1.25.dfsg1-4    Cyrus SASL - administration programs for SASL users database

Check saslauthd is running
```
ps -ef | grep sasl
```

Check saslauthd PWDIR

grep PWDIR /etc/default/saslauthd

Output should be

PWDIR="/var/spool/postfix/var/run/saslauthd"

Postfix submission/587

/etc/postfix/master.cf

The Ubuntu guide only un-comment one line

submission inet n       -       -       -       -       smtpd

Try ucomment the whole section, including the options following it

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Then restart postfix

sudo service postfix restart

Double check your smtp login name

Since the guide is not using virtual user, your smtp login name should be joe only, not joe@mysite.com. Double check email clients on your deivces/computers/webservices(gmail) are NOT using your email address as smtp login name. (Many do that for you. You will have to manually change it if so.)
Remove Password Map

I believe you are authenticating against local Linux account, not virtual user. Remove the following lines in /etc/postfix/main.cf
```
# password maps will not work. Customer must provide credentials
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
```

Best Answer

tl;dr:

The long version:

Related Solutions

Postfix forwarding issue

Can’t connect to SMTP over 587

SASL Authentication Check List

Postfix submission/587

Related Topic