Perfect Server CentOS 8 - Clamav issues

Discussion in 'HOWTO-Related Questions' started by jnewman67, Sep 4, 2021.

  1. jnewman67

    jnewman67 Active Member HowtoForge Supporter

    I don't think the installation instructions for clamav are correct for the Perfect Server CentOS 8. There's an @ sign in there, and I don't think it references the service correctly for enabling/starting it.

    I get no errors when going through the steps, but when I run ispconfig_updates.sh, the following message appears:

    Restarting services ...
    Failed to restart clamd.amavisd.service: Unit clamd.amavisd.service not found.
    Update finished.​

    based on that message, I tried
    systemctl enable clamd.amavisd.service​
    but get an error
    Failed to enable unit: Unit file clamd.amavisd.service does not exist.​
    and incoming mail is complaining there's no socket available...
    (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory​
    could someone smarter than me look into that? I just started testing mail handling, and would like to get that figured out.
    Thanks.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The @ sign is correct and has to be in the name. The error at the end of the ISPConfig install is a known issue in ISPConfig, not in the guide. ISPConfig tries to restart the service without the @ inside. You can just ignore it.
     
  3. jnewman67

    jnewman67 Active Member HowtoForge Supporter

    okay, so if I manually run the
    systemctl restart [email protected]
    it does not yield any errors
    however, i'm still getting the following errors in /var/log/maillog:
    Sep 5 01:06:09 dns2 amavis[4094950]: (4094950-13) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory
    Sep 5 01:06:10 dns2 amavis[4094950]: (4094950-13) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory
    Sep 5 01:06:10 dns2 amavis[4094950]: (4094950-13) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2)
    Sep 5 01:06:16 dns2 amavis[4094950]: (4094950-13) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory
    Sep 5 01:06:16 dns2 amavis[4094950]: (4094950-13) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/spool/amavisd/clamd.sock (All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock) at (eval 101) line 659.\n
    Sep 5 01:06:16 dns2 amavis[4094950]: (4094950-13) (!)WARN: all primary virus scanners failed, considering backups​

    I haven't done any tweaks (that I'm aware of) concerning clamd and amavisd after the Perfect Server install, and it's only got 6 email addresses on it that only went live yesterday, so it's not an overload issue that I can see.

    just noticed these errors as well while trying to receive mail (rejecting it):
    Sep 5 01:20:07 dns2 postfix/smtpd[302134]: warning: connect to 127.0.0.1:10023: Connection refused
    Sep 5 01:20:07 dns2 postfix/smtpd[302134]: warning: problem talking to server 127.0.0.1:10023: Connection refused​

    Is there maybe some modification to the postfix main.cf that needs to be done to get this working correctly that maybe the ISPConfig installer didn't get configured correctly? My current CentOS 6 server is running the same version of ISPconfig, and I don't recall it having these errors, but maybe I'll go back and review the PS CentOS 6 instructions for anything that might be different.

    Thanks.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Hmm, ok. So there is something wrong indeed beside the ISPConfig installer restarting a wrong service.

    Try to find the service name for clamd, e.g. like this:

    systemctl list-units --type=service | grep clam

    to see what the name is so we can try to restart it. Regarding port 10023, that's postgrey, there might be something missing in the perfect server guide for it.

    Try to install 'postgrey' using dnf or yum command and then check with:

    netstat -ntap | grep 10023

    if it's listening on that port. If not, then we'll probably have to configure it further.
     
  5. jnewman67

    jnewman67 Active Member HowtoForge Supporter

    Thanks Till :)

    per your request:

    [email protected] loaded active running clamd scanner (amavisd) daemon​

    and

    Package postgrey-1.37-9.el8.noarch is already installed.
    Netstat returns nothing​

    i did find the following in /etc/postfix/main.cf (grepped for '10023' and 'greylist'):

    /etc/postfix/main.cf:smtpd_restriction_classes = greylisting
    /etc/postfix/main.cf:greylisting = check_policy_service inet:127.0.0.1:10023
    /etc/postfix/main.cf:smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status​

    and in /etc/postfix/mysql-virtual_policy_greylist.cf:

    user = ispconfig
    password = <redacted>
    dbname = dbispconfig
    hosts = 127.0.0.1
    query = SELECT 'greylisting' FROM
    (
    SELECT `greylisting`, 1 as `prio` FROM `mail_user` WHERE `server_id` = 1 AND `email` = '%s'
    AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = 1)
    UNION
    SELECT `greylisting`, 2 as `prio` FROM `mail_forwarding` WHERE `server_id` = 1 AND `source` = '%s' AND active = 'y'
    UNION
    SELECT `greylisting`, 3 as `prio` FROM `mail_forwarding` WHERE `server_id` = 1 AND `source` = '@%d' AND active = 'y' ORDER BY `prio` ASC LIMIT 1
    ) AS rules
    WHERE rules.greylisting = 'y'​

    hope that's helpful - I appreciate the help!
     
  6. jnewman67

    jnewman67 Active Member HowtoForge Supporter

    wondering if anyone had a chance to look into either of these issues? I did try unchecking "greylisting" for the individual emails, and mail gets through after that. at least that checkbox is working :)
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    For postgrey, edit the file /etc/sysconfig/postgrey

    Code:
    nano /etc/sysconfig/postgrey
    and change the line:

    Code:
    POSTGREY_TYPE="--unix=/var/spool/postfix/postgrey/socket"
    to

    Code:
    POSTGREY_TYPE="--inet=10023"
    and restart postgrey:

    Code:
    service postgrey restart
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    For amavisd, edit the file /etc/clamd.d/amavisd.conf :

    Code:
    nano /etc/clamd.d/amavisd.conf
    and change the line:

    Code:
    LocalSocket /run/clamd.amavisd/clamd.sock
    to

    Code:
    LocalSocket /var/spool/amavisd/clamd.sock
    and restart ClamAV:

    Code:
    systemctl restart [email protected]
    Please let me know if the changes in clamav and amavis config fix the issues on your system, so that I can add them to the centos perfect server guide.
     
  9. jnewman67

    jnewman67 Active Member HowtoForge Supporter

    Greylisting is working :)

    and I just watched a single email come through without complaining about ClamAV, but i didn't see that it tripped any filtering either. I'll keep watching, but so far, looks like that worked.
    Thank you for the fixes - i'll report back later today!
     
  10. jnewman67

    jnewman67 Active Member HowtoForge Supporter

    got my first greylist block - action=greylist, reason=new
    and my first "pass" - postgrey[364834]: action=pass, reason=triplet found, delay=445
    so that's working as expected - thank you!
     
    till likes this.
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    I've updated the CentOS 8 perfect server guide.
     
  12. jnewman67

    jnewman67 Active Member HowtoForge Supporter

    Thank you :)
     

Share This Page