[gelöst] Clamav will nicht mit amavis(postfix)

Dieses Thema im Forum "Server Administration" wurde erstellt von pchowtoforge80, 8. Jan. 2016.

  1. pchowtoforge80

    pchowtoforge80 New Member

    Hallo Community,

    ich hoffe hier kann mir geholfen werden. Komme seit Tagen und vielen HowTo´s nicht weiter.

    ich bekomme scheinbar ClamAV nicht mit amavis verheiratet. SPAMASSASSIN läuft problemlos.
    Bei starten kommt von amavis erscheint u.a. immer "ANTI-VIRUS code NOT loaded", es ist kein Eintrag zu clamav vorhanden und der EICAR Test geht auch durch.
    amavis scheint keine Anstallten zu machen es überhaupt zu versuchen. Selbst bei Loglevel = 5 erscheint nirgends nur der Versuch, clamav einzubinden.

    Habe enstprechend mehere HowTo´s
    1. ) clamav user der amaivs group und umgegekhert hinzugefügt.
    adduser clamav amavis
    adduser amavis clamav
    2. ) die enstprechenden Einträge in /etc/amavis/conf.d/15-content_filter_mode gesetzt
    use strict;
    @bypass_virus_checks_maps = (
    \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
    @bypass_spam_checks_maps = (
    %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);
    1;

    3. ) die main.cf und master.cf soweit ich beurteilen kann angepasst.
    main.cf
    content_filter = smtp-amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings

    master.cf
    pickup unix n - - 60 1 pickup
    -o content_filter=
    -o receive_override_options=no_header_body_checks

    smtp-amavis unix - - - - 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    -o smtp_tls_security_level=none
    -o smtp_enforce_tls=no
    127.0.0.1:10025 inet n - - - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_tls_security_level=none
    -o smtpd_tls_auth_only=no
    -o smtpd_enforce_tls=no
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters


    4.) AllowSupplementaryGroups auf true in clamd.conf gesetzt.
     
  2. florian030

    florian030 Member

    Läuft denn clamav überhaupt?
    service clamav-daemon status
    Sonst in der amavis-config einfach mal
    $log_level = 3;
    und amavis neu starten. Das Log ist aber auch so schon sehr aussagekräftig.
     
  3. pchowtoforge80

    pchowtoforge80 New Member

    Hallo,
    ja service läuft natürlich
    clamav-daemon.service - Clam AntiVirus userspace daemon
    Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
    Active: active (running) since Fr 2016-01-08 07:23:30 CET; 3h 11min ago
    Docs: man:clamd(8)
    man:clamd.conf(5)
    Main PID: 16426 (clamd)
    CGroup: /system.slice/clamav-daemon.service
    ââ16426 /usr/sbin/clamd --foreground=true

    Jan 08 07:23:46 xxxxx clamd[16426]: Mail files support enabled.
    Jan 08 07:23:46 xxxxx clamd[16426]: OLE2 support enabled.
    Jan 08 07:23:46 xxxxx clamd[16426]: PDF support enabled.
    Jan 08 07:23:46 xxxxx clamd[16426]: SWF support enabled.
    Jan 08 07:23:46 xxxxx clamd[16426]: HTML support enabled.
    Jan 08 07:23:46 xxxxx clamd[16426]: Self checking every 3600 seconds.
    Jan 08 07:51:28 xxxxx clamd[16426]: Reading databases from /var/lib/clamav
    Jan 08 07:51:44 xxxxx clamd[16426]: Database correctly reloaded (4210826 signatures)
    Jan 08 08:51:44 xxxxx clamd[16426]: SelfCheck: Database status OK.
    Jan 08 09:51:44 xxxxx l clamd[16426]: SelfCheck: Database status OK.

    und hier mal die Ausgabe vom amavis beim start

    Jan 8 10:36:37 cloud amavis[24026]: logging initialized, log level 3, syslog: amavis.mail
    Jan 8 10:36:37 cloud amavis[24026]: starting. /usr/sbin/amavisd-new at xxxxxx amavisd-new-2.10.1 (20141025), Unicode aware, LANG="de_DE.UTF-8"
    Jan 8 10:36:37 cloud amavis[24026]: perl=5.020002, user=, EUID: 115 (115); group=, EGID: 123 123 (123 123)
    Jan 8 10:36:37 cloud amavis[24026]: INFO: no optional modules: unicore::lib::perl::SpacePer.pl unicore::lib::Nt::De.pl Unix::Getrusage
    Jan 8 10:36:37 cloud amavis[24026]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin
    Jan 8 10:36:37 cloud amavis[24026]: INFO: SA version: 3.4.0, 3.004000, no optional modules: Net::CIDR::Lite Encode::Detect Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::pNG Image::Info::BMP Image::Info::TIFF
    Jan 8 10:36:37 cloud amavis[24026]: SpamControl: init_pre_chroot on SpamAssassin done
    Jan 8 10:36:37 cloud amavis[24026]: socket module IO::Socket::IP, protocol families available: INET, INET6
    Jan 8 10:36:37 cloud amavis[24026]: bind to 127.0.0.1:10024/tcp, [::1]:10024/tcp
    Jan 8 10:36:37 cloud amavis[24029]: Net::Server: Process Backgrounded
    Jan 8 10:36:37 cloud amavis[24029]: Net::Server: 2016/01/08-10:36:37 Amavis (type Net::Server::preForkSimple) starting! pid(24029)
    Jan 8 10:36:37 cloud amavis[24029]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1 with IPv4
    Jan 8 10:36:37 cloud amavis[24029]: Net::Server: Binding to TCP port 10024 on host ::1 with IPv6
    Jan 8 10:36:37 cloud amavis[24029]: Net::Server: Group Not Defined. Defaulting to EGID '123 123'
    Jan 8 10:36:37 cloud amavis[24029]: Net::Server: User Not Defined. Defaulting to EUID '115'
    Jan 8 10:36:37 cloud amavis[24029]: config files read: /usr/share/amavis/conf.d/10-debian_scripts, /usr/share/amavis/conf.d/20-package, /etc/amavis/conf.d/05-node_id, /etc/amavis/conf.d/15-av_scanners, /etc/amavis/conf.d/15-content_filter_mode, /etc/amavis/conf.d/20-debian_defaults
    Jan 8 10:36:37 cloud amavis[24029]: Module Amavis::Conf 2.404
    Jan 8 10:36:37 cloud amavis[24029]: Module Archive::Zip 1.39
    Jan 8 10:36:37 cloud amavis[24029]: Module BerkeleyDB 0.54
    Jan 8 10:36:37 cloud amavis[24029]: Module Compress::Raw::Zlib 2.065
    Jan 8 10:36:37 cloud amavis[24029]: Module Compress::Zlib 2.064
    Jan 8 10:36:37 cloud amavis[24029]: Module Crypt::OpenSSL::RSA 0.28
    Jan 8 10:36:37 cloud amavis[24029]: Module DB_File 1.831
    Jan 8 10:36:37 cloud amavis[24029]: Module Digest::MD5 2.53
    Jan 8 10:36:37 cloud amavis[24029]: Module Digest::SHA 5.88
    Jan 8 10:36:37 cloud amavis[24029]: Module Encode 2.60
    Jan 8 10:36:37 cloud amavis[24029]: Module File::Temp 0.2304
    Jan 8 10:36:37 cloud amavis[24029]: Module IO::Socket::INET6 2.72
    Jan 8 10:36:37 cloud amavis[24029]: Module IO::Socket::IP 0.32
    Jan 8 10:36:37 cloud amavis[24029]: Module MIME::Entity 5.505
    Jan 8 10:36:37 cloud amavis[24029]: Module MIME::parser 5.505
    Jan 8 10:36:37 cloud amavis[24029]: Module MIME::Tools 5.505
    Jan 8 10:36:37 cloud amavis[24029]: Module Mail::DKIM::Verifier 0.4
    Jan 8 10:36:37 cloud amavis[24029]: Module Mail::Header 2.13
    Jan 8 10:36:37 cloud amavis[24029]: Module Mail::Internet 2.13
    Jan 8 10:36:37 cloud amavis[24029]: Module Mail::SPF v2.009
    Jan 8 10:36:37 cloud amavis[24029]: Module Mail::SpamAssassin 3.004000
    Jan 8 10:36:37 cloud amavis[24029]: Module Net::DNS 0.81
    Jan 8 10:36:37 cloud amavis[24029]: Module Net::LibIDN 0.12
    Jan 8 10:36:37 cloud amavis[24029]: Module Net::Server 2.008
    Jan 8 10:36:37 cloud amavis[24029]: Module NetAddr::IP 4.075
    Jan 8 10:36:37 cloud amavis[24029]: Module Razor2::Client::Version 2.84
    Jan 8 10:36:37 cloud amavis[24029]: Module Scalar::Util 1.38
    Jan 8 10:36:37 cloud amavis[24029]: Module Socket 2.013
    Jan 8 10:36:37 cloud amavis[24029]: Module Socket6 0.25
    Jan 8 10:36:37 cloud amavis[24029]: Module Time::HiRes 1.9726
    Jan 8 10:36:37 cloud amavis[24029]: Module URI 1.64
    Jan 8 10:36:37 cloud amavis[24029]: Module Unix::Syslog 1.1
    Jan 8 10:36:37 cloud amavis[24029]: Amavis::ZMQ code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: Amavis::DB code loaded
    Jan 8 10:36:37 cloud amavis[24029]: SQL base code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: SQL::Log code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: SQL::Quarantine NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: Lookup::SQL code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: Lookup::LDAP code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: AM.PDP-in proto code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: SMTP-in proto code loaded
    Jan 8 10:36:37 cloud amavis[24029]: Courier proto code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: SMTP-out proto code loaded
    Jan 8 10:36:37 cloud amavis[24029]: Pipe-out proto code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: BSMTP-out proto code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: Local-out proto code loaded
    Jan 8 10:36:37 cloud amavis[24029]: OS_Fingerprint code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: ANTI-VIRUS code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: ANTI-SPAM code loaded
    Jan 8 10:36:37 cloud amavis[24029]: ANTI-SPAM-EXT code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: ANTI-SPAM-C code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: ANTI-SPAM-SA code loaded
    Jan 8 10:36:37 cloud amavis[24029]: Unpackers code loaded
    Jan 8 10:36:37 cloud amavis[24029]: DKIM code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: Tools code NOT loaded
    Jan 8 10:36:37 cloud amavis[24029]: No $file, not using it
    Jan 8 10:36:37 cloud amavis[24029]: No $altermime, not using it
    Jan 8 10:36:37 cloud amavis[24029]: Internal decoder for .mail
    Jan 8 10:36:37 cloud amavis[24029]: Internal decoder for .gz
    Jan 8 10:36:37 cloud amavis[24029]: No ext program for .xz, tried: xzdec, xz -dc, unxz -c, xzcat
    Jan 8 10:36:37 cloud amavis[24029]: Internal decoder for .zip
    Jan 8 10:36:37 cloud amavis[24029]: Internal decoder for .kmz
    Jan 8 10:36:37 cloud amavis[24029]: No ext program for .7z, tried: 7zr, 7za, 7z
    Jan 8 10:36:37 cloud amavis[24029]: No ext program for .bz2, tried: 7za, 7z
    Jan 8 10:36:37 cloud amavis[24029]: No ext program for .Z, tried: 7za, 7z
    Jan 8 10:36:37 cloud amavis[24029]: No decoder for .cab
    Jan 8 10:36:37 cloud amavis[24029]: No decoder for .cpio
    Jan 8 10:36:37 cloud amavis[24029]: No decoder for .deb
    Jan 8 10:36:37 cloud amavis[24029]: No decoder for .doc
    Jan 8 10:36:37 cloud amavis[24029]: Deleting db files __db.001,snmp.db,__db.002,nanny.db,__db.003 in /var/lib/amavis/db
    Jan 8 10:36:37 cloud amavis[24029]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.54, libdb 5.3
    Jan 8 10:36:37 cloud amavis[24029]: initializing Mail::SpamAssassin (0)
    Jan 8 10:36:37 cloud amavis[24029]: SpamAssassin debug facilities: info
    Jan 8 10:36:39 cloud amavis[24029]: SA info: zoom: able to use 347/347 'body_0' compiled rules (100%)
    Jan 8 10:36:40 cloud amavis[24029]: SpamAssassin loaded plugins: AskDNS, AutoLearnThreshold, Bayes, BodyEval, Check, DKIM, DNSEval, FreeMail, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, ImageInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, Rule2XSBody, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject
    Jan 8 10:36:40 cloud amavis[24029]: SpamControl: init_pre_fork on SpamAssassin done
    Jan 8 10:36:40 cloud amavis[24029]: extra modules loaded after daemonizing/chrooting: /etc/perl/Net/libnet.cfg, Mail/SpamAssassin
     
  4. florian030

    florian030 Member

    Dann stimmen entweder Deine Einträge in 15-av_scanners oder 15-content_filter_mode nicht.
    Bei Debian ist das in etwa
    Code:
    @av_scanners = (
    ['ClamAV-clamd',
       \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
       qr/\bOK$/m, qr/\bFOUND$/m,
       qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
    );
    und

    Code:
    @bypass_virus_checks_maps = (
       \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
    
    @bypass_spam_checks_maps = (
       \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
    
     
  5. pchowtoforge80

    pchowtoforge80 New Member

    SUUUPER Danke,
    es lag an 15-av_scanners,

    alle Dokus die ich gefunden habe waren nur wie folgt, da hat deine erste und letzte Zeile gefehlt.

    ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
    qr/\bOK$/m, qr/\bFOUND$/m,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
     

Diese Seite empfehlen