Hi everyone, I have a necessity to disable antivirus checks in amavis but I saw /etc/amavis/conf.d files but without success. Can anyone help me? Thanks
Hi Till By the way. You wrote a great howto last year about this subject. http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-disable-spamfilter-and-antivirus-functions-in-ispconfig-3/ Thank you it's been very useful indeed, but I have always wondered if there is any reason why you do not disable spamassasin aswell ? Regards
ISPConfig uses amavis (which internally uses the spamassassin libraries) and not spamassassin, so disabling amavis as described in the FAQ disables the spamfilter and antivirus filter.
Hi Till Thanks for your answer. After following the FAQ, I do still have spamassassin running in the background. Code: server:~# ps aux | grep spamd root 2079 0.0 2.1 106068 43648 ? Ss Mar23 5:11 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid root 2657 0.0 0.0 6588 780 pts/0 S+ 12:08 0:00 grep spamd root 3001 0.0 2.0 106068 41572 ? S Mar23 0:02 spamd child root 3004 0.0 2.0 106068 41572 ? S Mar23 0:01 spamd child server:~# Is this normal, or do I have a misconfigured server? If it is not going to be used, I guess it should be safe to stop in order to save some resources. Code: /etc/init.d/spamassassin stop Regards
I use Amavis and was looking to disable ClamAV, but not SpamAssassin. First, I tried stopping the ClamAV service, but the following messages appeared in /var/log/mail.log: Code: amavis[3188]: (03188-16) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2) amavis[3188]: (03188-16) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 117) line 373.\n amavis[3188]: (03188-16) (!!)WARN: all primary virus scanners failed, considering backups Needless to say, I didn't want these messages in my log, even though Amavis appeared to function OK despite them. So, I tried this approach next: But /var/log/mail.log began filling-up with these similar but slightly longer messages: Code: amavis[14163]: (14163-01) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2) amavis[14163]: (14163-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 117) line 373.\n amavis[14163]: (14163-01) (!!)WARN: all primary virus scanners failed, considering backups amavis[14163]: (14163-01) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED amavis[14163]: (14163-01) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20120103T111031-14163 Next, I tried what seemed to be a "proper fix", per http://opensource.apple.com/source/amavisd/amavisd-110/amavisd.Conf/amavisd.conf: So, I un-commented the following lines in /etc/amavis/conf.d/15-content_filter_mode: Code: #@bypass_virus_checks_maps = ( # \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); and restarted Amavis: Code: service amavis restart Well, this still didn't do the job. The same messages continued to appear in the mail log. So, as a last resort, I commented-out the following lines (the lines with ##) in /etc/amavis/conf.d/15-av_scanners: Code: ### http://www.clamav.net/ ## ['ClamAV-clamd', ## \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"], ## qr/\bOK$/m, qr/\bFOUND$/m, ## qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], # NOTE: run clamd under the same user as amavisd, or run it under its own # uid such as clamav, add user clamav to the amavis group, and then add # AllowSupplementaryGroups to clamd.conf; # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". and, again, restarted Amavis. I was shocked to find the following in the log, still: Code: amavis[17441]: (17441-01) (!!)WARN: all primary virus scanners failed, considering backups amavis[17441]: (17441-01) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: NO VIRUS SCANNERS AVAILABLE amavis[17441]: (17441-01) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20120103T113827-17441 postfix/smtp[17600]: B499634E422E: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.21, delays=0.12/0.01/0.01/0.08, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=17441-01, virus_scan FAILED: AV: NO VIRUS SCANNERS AVAILABLE (in reply to end of DATA command)) I'm running out of ideas. Does anyone know how to disable virus-checking within Amavis altogether?
Well, after making the changes mentioned in my previous post, email ceased to be delivered all together (the mail queue began to fill-up). Upon further investigation, I realized that I had misread the Amavis documentation: it states that antivirus is disabled by default and that to enable it, un-comment Code: # @bypass_virus_checks_maps = (... In other words, Amavis's behavior should be the default: not to virus scan. Why, then, with the above line commented, am I seeing the following in /var/log/mail.log? Code: amavis[25694]: (25694-01) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2) amavis[25694]: (25694-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 117) line 373.\n amavis[25694]: (25694-01) (!!)WARN: all primary virus scanners failed, considering backups amavis[25694]: (25694-01) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED amavis[25694]: (25694-01) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20120103T132643-25694 postfix/smtp[25871]: 4F4D334E4205: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.4, delays=0.28/0.01/0.01/7.1, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=25694-01, virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED (in reply to end of DATA command)) Boy, this is frustrating.
Thanks to this post ( http://www.howtoforge.com/forums/showthread.php?t=44443 ), I realized my error: the change has to be made in /etc/amavis/conf.d/50-user, instead, as this file overrides 15-content_filter_mode. Code: # Place your configuration directives here. They will override those in # earlier files. # # See /usr/share/doc/amavisd-new/ for documentation and examples of # the directives you can use in this file # #@bypass_virus_checks_maps = ( # \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); Don't forget to restart Amavis: Code: # service amavis restart ClamAV can then be disabled at start-up (e.g., by disabling the service on boot) or uninstalled/removed completely. Case closed.
Well, here we are over a year later, and I'm trying to disable ClamAV on a given ISPConfig 3 server, while leaving Amavis intact. I tried following the steps that I had posted last year only to find that these two lines are already commented: Code: #@bypass_virus_checks_maps = ( # \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); I uninstalled ClamAV and still the mail log is filling-up with: Code: Jan 8 07:11:03 example amavis[7945]: (07945-14) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2) Jan 8 07:11:09 example amavis[7945]: (07945-14) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 117) line 373.\n Jan 8 07:11:09 example amavis[7945]: (07945-14) (!!)WARN: all primary virus scanners failed, considering backups Jan 8 07:11:09 example amavis[7945]: (07945-14) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED Jan 8 07:11:09 example amavis[7945]: (07945-14) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20130108T071101-07945 Jan 8 07:11:09 example postfix/smtp[1877]: E0F2E6A3009F: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.1, delays=0.06/0/0/7.1, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=07945-14, virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED (in reply to end of DATA command)) How can I get rid of this $%&*#@! (ClamAV) once and for all?
To disable clamav, comment out the clamav sections for clamd and clamav in the amavisd configuration, e.g. on debian Linux the file is /etc/amavis/conf.d/15-av_scanners add a # in front of these lines: ... ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], .... and .... ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ..... then restart amavisd.
Thank you for the fast response, Till. I really appreciate it. On the first page of this thread, I describe how I tried exactly what you suggested when I ran into this on a different server last year. It didn't work for me last year, and it didn't work this time. When I comment-out the lines you suggested, the message changes slightly from being ClamAV-specific to being more generic: Code: Jan 8 07:37:07 example amavis[13387]: (13387-01) (!!)WARN: all primary virus scanners failed, considering backups Jan 8 07:37:07 example amavis[13387]: (13387-01) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: NO VIRUS SCANNERS AVAILABLE Jan 8 07:37:07 example amavis[13387]: (13387-01) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20130108T073707-13387 Jan 8 07:37:07 example postfix/smtp[13346]: 37B276A3001A: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.1, delays=0.01/0/0.01/0.08, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=13387-01, virus_scan FAILED: AV: NO VIRUS SCANNERS AVAILABLE (in reply to end of DATA command)) So, now Amavis is saying that no virus scanner is available (as opposed to saying that ClamAV is not available). Again, I don't understand why Amavis cares if no virus scanner is available when I have intentionally disabled all virus scanning (at least, that was my intention). Furthermore, shouldn't one be able to disable all virus scanning simply by adjusting those two lines in /etc/amavis/conf.d/50-user? Isn't that the point of @bypass_virus_checks_maps? It seems much less ideal to comment-out the actual ClamAV code in 15-av_scanners. On that note, it is not clear whether @bypass_virus_checks_maps should be commented or un-commented to disable all virus scanning. Of course, this is again something that I discussed in this thread last year, and I thought I had made this determination, but now I am not so sure. Thanks again for any help; this is frustrating.
Try this on Debian or Ubuntu: Add a new file /etc/amavis/conf.d/90-custom with the following content: Code: use strict; @bypass_virus_checks_maps = (1); #------------ Do not modify anything below this line ------------- 1; # insure a defined return and restart amavisd.
You, sir, are a true hero! That worked! Why does this solution work when commenting the lines Code: #@bypass_virus_checks_maps = ( # \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); in 50-user does not? Any idea?
The lines in 50-user exist to override the amavisd defaults to allow disabling of the antivirus scanning in the policys, so if you comment that out, the defaults get applied again.
Sorry to dig up an old thread, but I'm in the exact same situation, except I'm running 3.1.2. I want to disable ClamAV and keep Amavis running, because we don't really use the mail server except to send out some website emails through php, which I do want to keep digitally signed, so I would need Amavis right? However disabling Clamav would be nice to reduce the memory usage since we don't really need it. Would this setup still apply? I assume I would follow https://www.faqforge.com/linux/cont...ilter-and-antivirus-functions-in-ispconfig-3/ instructions, then finish by the steps in this post? Thanks
Yeah, I was going to follow the instructions, but skip the uninstall of Amavis part, just wasn't sure if I needed to mess with the config files as per this topic, but I guess I don't. I'll give the uninstall of Clamav Server and clamav a try. Thanks again Till..
Hi Till, so I went and stopped Clamav and Clamavd, but didn't uninstall just to see if it would produce any errors, however it kept restarting itself again automatically. Then I noticed there was a "clamav-daemon.socket" service also, so I shut that down too, but now I'm getting this warning in the mail-warn-logs : Code: Feb 18 17:34:15 server1 amavis[16601]: (16601-18) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory Feb 18 17:34:16 server1 amavis[16601]: (16601-18) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory Feb 18 17:34:16 server1 amavis[16601]: (16601-18) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2) Feb 18 17:34:22 server1 amavis[16601]: (16601-18) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory Feb 18 17:34:22 server1 amavis[16601]: (16601-18) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 102) line 613.\n Feb 18 17:34:22 server1 amavis[16601]: (16601-18) (!)WARN: all primary virus scanners failed, considering backups So this seems pretty similar to the error cbj4074 was getting, and you suggested the fix on post number 14 here, is that what I need to do to fix this? Thanks.
