ClamAV-milter
Trying to configure clamav-milter with postfix-current-3.4.20181105,5 under FreeBSD 11.2-RELEASE, but I’ve missed something since no mail is actually getting processed by ClamAV-milter, including the EICAR test mails which sail through without triggering anything. I’ve tried to provide everything that could be relevant (mostly in an effort to re-examine everything) but at this point I’m stumped. smtpd_milters = unix:/var/run/spamass-milter.sock, unix:/var/run/clamav/clmilter.sock # sockstat | grep milter root spamass-mi 24145 4 stream /var/run/spamass-milter.sock clamav clamav-mil 59293 3 stream /var/run/clamav/clmilter.sock # gnc /usr/local/etc/clamav-milter.conf MilterSocket /var/run/clamav/clmilter.sock FixStaleSocket yes User clamav PidFile /var/run/clamav/clamav-milter.pid ClamdSocket unix:/var/run/clamav/clamd.sock OnInfected Quarantine LogFile /tmp/clamav-milter.log LogFileUnlock yes LogFileMaxSize 20M LogTime yes LogSyslog yes LogFacility LOG_MAIL LogVerbose yes # clamscan -I eicar.txt eicar.txt: Eicar-Test-Signature FOUND # psa clamav clamav 56889 0.0 14.3 553736 505868 - Is Sun17 4:03.54 /usr/local/sbin/clamd clamav 57990 0.0 0.1 12268 5280 - Is Sun17 0:28.11 /usr/local/bin/freshclam --daemon -p /var/run/clamav/freshclam.pid clamav 59293 0.0 0.1 2 4540 - Ss Sun17 0:02.39 /usr/local/sbin/clamav-milter -c /usr/local/etc/clamav-milter.conf # ls -lsR /var/run/clamav/ total 48 8 drwxr-x--- 3 clamav postfix 512 Nov 28 08:57 . 8 drwxr-xr-x 15 rootwheel1024 Nov 28 09:11 .. 8 -rw-rw-r-- 1 clamav clamav6 Nov 25 17:44 clamav-milter.pid 8 -rw-rw-r-- 1 clamav clamav6 Nov 25 17:44 clamd.pid 0 srw-rw-rw- 1 clamav clamav0 Nov 25 17:44 clamd.sock 0 srwxrwxrwx 1 clamav clamav0 Nov 25 17:44 clmilter.sock 8 -rw-rw 1 clamav clamav6 Nov 25 17:44 freshclam.pid 8 drwx-- 2 clamav clamav 512 Nov 24 11:57 quarantine /var/run/clamav/quarantine: total 0 # tail clamav/clamd.log clamav/freshclam.log ==> clamav/clamd.log <== Wed Nov 28 07:47:29 2018 -> Database correctly reloaded (6722408 signatures) Wed Nov 28 07:57:53 2018 -> SelfCheck: Database status OK. Wed Nov 28 08:08:30 2018 -> SelfCheck: Database status OK. Wed Nov 28 08:21:53 2018 -> SelfCheck: Database status OK. Wed Nov 28 08:33:50 2018 -> SelfCheck: Database status OK. Wed Nov 28 08:44:55 2018 -> SelfCheck: Database status OK. Wed Nov 28 08:55:38 2018 -> SelfCheck: Database status OK. Wed Nov 28 09:06:16 2018 -> SelfCheck: Database status OK. Wed Nov 28 09:16:44 2018 -> SelfCheck: Database status OK. Wed Nov 28 09:28:14 2018 -> SelfCheck: Database status OK. ==> clamav/freshclam.log <== -- Received signal: wake up ClamAV update process started at Wed Nov 28 07:47:03 2018 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Downloading daily-25161.cdiff [100%] daily.cld updated (version: 25161, sigs: 2163162, f-level: 63, builder: neo) bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63, builder: neo) Database updated (6729502 signatures) from database.clamav.net (IP: 104.16.185.138) Clamd successfully notified about the update. ——— There is nothing in any other logs about clamav. So it seems like it is installed and running. Freshclam has updated successfully. -- "How good bad music and bad reasons sound when we march against an enemy." - Friedrich Nietzsche === function psa () { ps auxww | grep -i $* | grep -v grep } alias gnc='grep -v "^\($\|#\|\/\)" '
Re: Limiting "clamav milter" to received mail only.
Postfix User: > I apologize if this is not the correct place to ask this question. > > I am using the "clamav milter" with Postfix. I assume it is checking > mail both coming and going. I want it to only filter mail I receive. Is > that possible in Postfix? There may be a way in clamav milter to whitelist mail from a local IP address. Otherwise, use different smtpd settings for dufferent clients: /etc/postfix.master.cf: # == # service type private unpriv chroot wakeup maxproc command #(yes) (yes) (yes) (never) (100) # == # Service for remote MTAs. 1.2.3.4:smtp inet n - n - - smtpd -o smtpd_milters=inet:xxx:yyy # All other services have smtpd_milters turned off. # Submission service for mail clients. 1.2.3.4:submission inet n - n - - smtpd -o smtpd_milters= ...other submission settings... # Legacy submission service for mail clients. 1.2.3.4:smtps inet n - n - - smtpd -o smtpd_milters= ...other smtps settings... # Mail from localhost. 127.0.0.1:smtp inet n - n - - smtpd -o smtpd_milters= But, if you are sending mail that your clamav milter would block, why would it not be blocked by remote systems? Wietse
Limiting "clamav milter" to received mail only.
I apologize if this is not the correct place to ask this question. I am using the "clamav milter" with Postfix. I assume it is checking mail both coming and going. I want it to only filter mail I receive. Is that possible in Postfix? Thanks! -- Jerry
clamav-milter
I'm trying to get clamav-milter running on my CentOS-7 home server. I'm running postfix + dovecot, and have spamass-milter installed. When I try to start clamav-milter I get the error message in /var/log/clamav-milter.log Sun Jun 14 23:26:25 2015 - ERROR: Failed to create socket /var/run/clamav-milter/clamav-milter.socket The permissions on this directory are [tim@helen ~]$ sudo ls -lsd /var/run/clamav-milter 0 drwx--x--x. 2 clamilt postfix 40 May 31 12:46 /var/run/clamav-milter But apart from this permissions problem, I'm not clear if I need to run clamd separately, or if the clamav-milter would run clamav itself if it were working. Any advice or suggestions gratefully received. -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin
Re: clamav-milter
On 6/14/2015 6:07 PM, Timothy Murphy wrote: I'm trying to get clamav-milter running on my CentOS-7 home server. I'm running postfix + dovecot, and have spamass-milter installed. When I try to start clamav-milter I get the error message in /var/log/clamav-milter.log Sun Jun 14 23:26:25 2015 - ERROR: Failed to create socket /var/run/clamav-milter/clamav-milter.socket The permissions on this directory are [tim@helen ~]$ sudo ls -lsd /var/run/clamav-milter 0 drwx--x--x. 2 clamilt postfix 40 May 31 12:46 /var/run/clamav-milter But apart from this permissions problem, I'm not clear if I need to run clamd separately, or if the clamav-milter would run clamav itself if it were working. Any advice or suggestions gratefully received. Clamav-milter requires that clamd is running. Clamav-milter will not start clamd. Make sure clamav-milter and clamd are using the same ClamdSocket path. For more help with clamav-milter, see the helpful clamav users list. -- Noel Jones
service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
why is access denied here reported? smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: connect from local.rhsoft.net[62.178.103.85] Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: warning: connect to Milter service unix:/run/clamav-milter/clamav-milter.socket: Permission denied Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: CONNECT from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: EHLO from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=srv-rhsoft.rhsoft.net Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: disconnect from local.rhsoft.net[62.178.103.85] [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
On Mon, Aug 04, 2014 at 09:18:27PM +0200, li...@rhsoft.net wrote: why is access denied here reported? The /run directory is on many systems restricted to root. Your permissions checks start one level lower and are tested as root. [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200 -- Viktor.
RE: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
Maybe Apparmor/SELinux/alike blocking access to /run directory? Enviado de Samsung Mobile Mensaje original De: li...@rhsoft.net Fecha:04/08/2014 21:18 (GMT+01:00) Para: Mailing-List postfix postfix-users@postfix.org Asunto: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied why is access denied here reported? smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: connect from local.rhsoft.net[62.178.103.85] Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: warning: connect to Milter service unix:/run/clamav-milter/clamav-milter.socket: Permission denied Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: CONNECT from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: EHLO from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=srv-rhsoft.rhsoft.net Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: disconnect from local.rhsoft.net[62.178.103.85] [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
Am 04.08.2014 um 21:49 schrieb Viktor Dukhovni: On Mon, Aug 04, 2014 at 09:18:27PM +0200, li...@rhsoft.net wrote: why is access denied here reported? The /run directory is on many systems restricted to root. Your permissions checks start one level lower and are tested as root. on Fedora /var/run is a symlink to /run/ and is in fact a tmpfs while subfolders which are created via tmpfiles.d lrwxrwxrwx 1 root root 6 2012-06-12 17:22 /var/run - ../run given that mysqld is started as user mysql (without drop privileges, really started as that user) and creates it's pidfiles in /run/mysqld that's not the reason [root@testserver:~]$ cat /usr/lib/tmpfiles.d/mysql.conf d /run/mysqld 0755 mysql mysql - [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
none of both is enabled system is booted with selinux=0as kernel-param Am 04.08.2014 um 22:08 schrieb Nicolás: Maybe Apparmor/SELinux/alike blocking access to /run directory? Mensaje original De: li...@rhsoft.net Fecha:04/08/2014 21:18 (GMT+01:00) Para: Mailing-List postfix Asunto: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied why is access denied here reported? smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: connect from local.rhsoft.net[62.178.103.85] Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: warning: connect to Milter service unix:/run/clamav-milter/clamav-milter.socket: Permission denied Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: CONNECT from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: EHLO from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=srv-rhsoft.rhsoft.net Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: disconnect from local.rhsoft.net[62.178.103.85] [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
interesting - it needs chmod 0666 MilterSocketMode 0666 interesting because the socket on all of my servers for mysqld is /var/lib/mysql/mysqld_dbmail.sock and /var/lib/ in fact is mounted as readonly-namespace while postfix, dovecot and httpd are talking with mysqld over it all the time Am 04.08.2014 um 22:13 schrieb li...@rhsoft.net: none of both is enabled system is booted with selinux=0as kernel-param Am 04.08.2014 um 22:08 schrieb Nicolás: Maybe Apparmor/SELinux/alike blocking access to /run directory? Mensaje original De: li...@rhsoft.net Fecha:04/08/2014 21:18 (GMT+01:00) Para: Mailing-List postfix Asunto: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied why is access denied here reported? smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: connect from local.rhsoft.net[62.178.103.85] Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: warning: connect to Milter service unix:/run/clamav-milter/clamav-milter.socket: Permission denied Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: CONNECT from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: EHLO from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=srv-rhsoft.rhsoft.net Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: disconnect from local.rhsoft.net[62.178.103.85] [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: clamsmtp or clamav-milter for antivirus with postfix 2.9?
On Friday, October 12, 2012 12:38:28 PM David Mehler wrote: Hello, This might be off topic, but I was wondering I am using Postfix 2.9.x and am wanting to integrate antivirus capabilities. What are the differences between clamsmtp and clamav-milter? I'm wondering which one would be better for an antivirus setup? In situations where I was only doing anti-virus and not anti-spam, I've used clamsmtp for years with no issues. It hasn't had a release in awhile, but only because it does what it was designed to do and the author decided not to try to make it into a swiss army knife. I know in Debian/Ubuntu clamav-milter doesn't have a lot of users and does not get heavily tested. I don't know generally though and have never used it. In situation where you are doing both A/V and A/S, then I would integrate clamav with postfix using amavisd-new. Scott K
Re: clamsmtp or clamav-milter for antivirus with postfix 2.9?
On 10/12/2012 11:47 AM, Scott Kitterman wrote: On Friday, October 12, 2012 12:38:28 PM David Mehler wrote: Hello, This might be off topic, but I was wondering I am using Postfix 2.9.x and am wanting to integrate antivirus capabilities. What are the differences between clamsmtp and clamav-milter? I'm wondering which one would be better for an antivirus setup? In situations where I was only doing anti-virus and not anti-spam, I've used clamsmtp for years with no issues. It hasn't had a release in awhile, but only because it does what it was designed to do and the author decided not to try to make it into a swiss army knife. I know in Debian/Ubuntu clamav-milter doesn't have a lot of users and does not get heavily tested. I don't know generally though and have never used it. In situation where you are doing both A/V and A/S, then I would integrate clamav with postfix using amavisd-new. Scott K +1 for clamav + amavisd-new (which uses clamdscan internally). You can also use amavisd-new as a smtpd_proxy_filter with postfix if you want before-queue scanning. If you don't want or need amavisd-new, clamav-milter works well with postfix; I've used it for a couple years. -- Noel Jones
Re: clamsmtp or clamav-milter for antivirus with postfix 2.9?
Am 12.10.2012 18:47, schrieb Scott Kitterman: On Friday, October 12, 2012 12:38:28 PM David Mehler wrote: Hello, This might be off topic, but I was wondering I am using Postfix 2.9.x and am wanting to integrate antivirus capabilities. What are the differences between clamsmtp and clamav-milter? I'm wondering which one would be better for an antivirus setup? In situations where I was only doing anti-virus and not anti-spam, I've used clamsmtp for years with no issues. It hasn't had a release in awhile, but only because it does what it was designed to do and the author decided not to try to make it into a swiss army knife. I know in Debian/Ubuntu clamav-milter doesn't have a lot of users and does not get heavily tested. I don't know generally though and have never used it. i use clamav-milter with 5000 users since years no problems before i used clamsmtp no problems milter is before-queue, so youre able to reject infected mails in the smtp income stage ( very cool ) http://www.postfix.org/MILTER_README.html clamsmtp ist after-queue like ie typical amavis filter, so you allready have the infected mail in queue, and have to do something with it ( quarantaine etc ), in germany its not allowed to i.e delete i.e infected mails which are allready queued, so at minimum you have to inform the recipient that he got an infected mail, bouncing to sender is no good option after queue cause it may be faked so for low traffic sites clamav-milter is an easy an good option you can also sanesecurity antispam siganature additional so you have basic antispam and antivir, clamav-milter is also fast enough scanning sasl_authed mail by your users outgoing, i als have combined it with spamass-milter ( but only for unauth income mail ) for more complex wishes use amavis In situation where you are doing both A/V and A/S, then I would integrate clamav with postfix using amavisd-new. Scott K -- Best Regards MfG Robert Schetterer
Re: clamsmtp or clamav-milter for antivirus with postfix 2.9?
On Oct 12, 2012, at 19:04, Noel Jones wrote: On 10/12/2012 11:47 AM, Scott Kitterman wrote: On Friday, October 12, 2012 12:38:28 PM David Mehler wrote: Hello, This might be off topic, but I was wondering I am using Postfix 2.9.x and am wanting to integrate antivirus capabilities. What are the differences between clamsmtp and clamav-milter? I'm wondering which one would be better for an antivirus setup? In situations where I was only doing anti-virus and not anti-spam, I've used clamsmtp for years with no issues. It hasn't had a release in awhile, but only because it does what it was designed to do and the author decided not to try to make it into a swiss army knife. I know in Debian/Ubuntu clamav-milter doesn't have a lot of users and does not get heavily tested. I don't know generally though and have never used it. In situation where you are doing both A/V and A/S, then I would integrate clamav with postfix using amavisd-new. Scott K +1 for clamav + amavisd-new (which uses clamdscan internally). You can also use amavisd-new as a smtpd_proxy_filter with postfix if you want before-queue scanning. If you don't want or need amavisd-new, clamav-milter works well with postfix; I've used it for a couple years. We use clamav-milter on our relay servers (which run Debian) without any issues. There was some bug last year, IIRC, where clamd would bug out and needed a restart, but that would be detected by the milter, and it'd switch to passthru. Has since been resolved, it seems. Cya, Jona
Postfix or ClamAV milter issue
I wonder if some of you guys could help me identify where an issue lies within my Postfix setup. Let me first say that I have got a completely working Postfix installation that accepts external mail and forwards it on when neccessary and I can also send mail locally using mail/mailx... the problem arrises when I try to use ClamAV milter with Postfix. When I add the ClamAV milter into main.cf, and attempt to deliver an email from an external source, everything works well with no issues. Mail delivery works as designed and is stopped successfully when I try to send an EICAR test virus from external source but when I try to send an email using mail/mailx locally it doesn't get delivered and I get the following in the logs; Aug 27 09:17:22 mailserver postfix/pickup[17976]: 247B7D006E: uid=0 from=root Aug 27 09:17:22 mailserver postfix/cleanup[18369]: warning: connect to Milter service unix:/var/clamav/clmilter.socket: Permission denied Aug 27 09:17:22 mailserver postfix/cleanup[18369]: 247B7D006E: milter-reject: CONNECT from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later; from=root@mailserver.sausage.local Now, due to the fact that local mail IS delivered when I am not using ClamAV, but ISN'T delivered when I do use ClamAV, it may be that it's the configuration of the milter that is the issue rather than the config of Postfix, but I'd like to know why the milter only accepts mail external and not locally. The postconf -n is listed below; alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 3 html_directory = no inet_interfaces = all local_recipient_maps = mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, sausage.co.uk mydomain = sausage.local myhostname = mailserver.sausage.local newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = unix:/var/clamav/clmilter.socket queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_host_lookup = native smtp_sasl_password_maps = hash:/etc/postfix/password smtp_sasl_security_options = smtpd_banner = $myhostname ESMTP $mail_name smtpd_milters = unix:/var/clamav/clmilter.socket smtpd_sasl_auth_enable = yes transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 If anyone could point me in the right direction, I'd be greatful. Thanks John
Re: Postfix or ClamAV milter issue
Ralf What are the permissions on /var/clamav/clmilter.socket ? The permissions are; srwxrwxr-x 1 clamav postfix 0 Aug 21 12:30 clmilter.socket Which I believe I found from here: http://www.jasonbrown.us/blog/post_clamav_rhelcentos According to the docs: You specify SMTP-only Milter applications with the smtpd_milters parameter You specify non-SMTP Milter applications with the non_smtpd_milters parameter What you're showing is non-SMTP (since you're using the sendmail command). So, are you saying that there is no reason why these options shouldn't work? non_smtpd_milters = unix:/var/clamav/clmilter.socket smtpd_milters = unix:/var/clamav/clmilter.socket local_recipient_maps = You shouldn't do that! The Postfix docs state that With this setting, the Postfix SMTP server will not reject mail with User unknown in local recipient table. Don't do this on systems that receive mail directly from the Internet. With today's worms and viruses, Postfix will become a backscatter source: it accepts mail for non-existent recipients and then tries to return that mail as undeliverable to the often forged sender address. In our case, we're at the end of an MPLS connection and the firewall is locked down to only accept mail from a single IP address on port 25 and it's not available to any Internet connections so it should be OK. John
Re: Postfix or ClamAV milter issue
Ralf So, are you saying that there is no reason why these options shouldn't work? Exactly. Either both or non should work. Hm. Maybe a chroot issue? I'm not using a chroot jail, so I'm pretty sure it won't be that... I might have to remove the ClamAV integration with Postfix if I can't solve it, which in our infrastructure isn't a huge problem as it will get scanned as it gets forwarded to our internal SMTP server and the fact that we're only accepting mail incoming from another trusted SMTP server, but it would be nice if we could block mail at this point. Thanks for your help so far Ralf. John
Re: Postfix or ClamAV milter issue
* John Gardner jeg1...@gmail.com: Ralf So, are you saying that there is no reason why these options shouldn't work? Exactly. Either both or non should work. Hm. Maybe a chroot issue? I'm not using a chroot jail, so I'm pretty sure it won't be that... I might have to remove the ClamAV integration with Postfix if I can't solve it, which in our infrastructure isn't a huge problem as it will get scanned as it gets forwarded to our internal SMTP server and the fact that we're only accepting mail incoming from another trusted SMTP server, but it would be nice if we could block mail at this point. Just remove it from the non_smtpd_milters :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Issues with clamav-milter on Postfix
On Sunday, June 12, 2011 09:46:41 PM Janantha Marasinghe wrote: Hi All, I have installed clamav-milter on my postfix 2.7 which is running on ubuntu 10.04 server LTS. I have configured the config file where the socket is the clamav-milter.ctl but when postfix gets an e-mail it gives the warning the directory or file doesn't exist. has anyone got the clamav-milter working? a lot less documentation available on the net regarding it. thanks Unless you've changed it, your postfix is running in a chroot. You either need to take it out of the chroot or make the socket available iinside the chroot. The easiest way to do this is use a TCP socket (as mentioned in one of the other replies in this thread). Scott K
Re: Issues with clamav-milter on Postfix
On Mon, 2011-06-13 at 06:32 -0400, Scott Kitterman wrote: On Sunday, June 12, 2011 09:46:41 PM Janantha Marasinghe wrote: Hi All, I have installed clamav-milter on my postfix 2.7 which is running on ubuntu 10.04 server LTS. I have configured the config file where the socket is the clamav-milter.ctl but when postfix gets an e-mail it gives the warning the directory or file doesn't exist. has anyone got the clamav-milter working? a lot less documentation available on the net regarding it. thanks Unless you've changed it, your postfix is running in a chroot. You either need to take it out of the chroot or make the socket available iinside the chroot. The easiest way to do this is use a TCP socket (as mentioned in one of the other replies in this thread). I had the same problem a while ago. You might find the following helpful, although it may be out of date now: http://andybev.com/index.php/Setup_clamav_with_Postfix_on_Debian_Lenny_in_a_chroot Andy
Issues with clamav-milter on Postfix
Hi All, I have installed clamav-milter on my postfix 2.7 which is running on ubuntu 10.04 server LTS. I have configured the config file where the socket is the clamav-milter.ctl but when postfix gets an e-mail it gives the warning the directory or file doesn't exist. has anyone got the clamav-milter working? a lot less documentation available on the net regarding it. thanks Jay
Re: Trouble with clamav-milter
And a side note: It doesn't matter how well (or not) clamav-milter performs if you can't get it running... But you'll probably get it running, fear not. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
RE: Trouble with clamav-milter
-Original Message- JORGE CARMINATI: Hi Wietse!, here's the information you're asking: mail_version = 2.6.5 (package from Simon J Mudd) Red Hat Enterprise Linux Server release 5.4 (Tikanga) Kernel: 2.6.18-164.9.1.el5 #1 SMP Wed Dec 9 03:27:37 EST 2009 x86_64 x86_64 I am not aware of problems with Linux kernels. I have two pieces of home work for you. 1) Perhaps your system runs security software that is not configured to allow Postfix to send file descriptors over UNIX-domain sockets. In that case there may be errors in the logfile. that explains WHY it cannot 2) There is more mail logging from the process 1177 BEFORE it gives up. Please show the complete record. Wietse Process 1177 doesn't show anything before or after, only what I sent previously: $ sudo cat /var/log/maillog | egrep '\[1177\]' Dec 22 16:16:47 relay1 postfix/cleanup[1177]: warning: cannot receive milters via service cleanup socket socket Dec 22 16:16:47 relay1 postfix/cleanup[1177]: fatal: cleanup_milter_receive: milter receive failed Anyway, following your first comment, I completely disabled SELinux and repeated some tests and now clamav-milter is working!: Dec 23 09:18:30 relay1 postfix/smtpd[11074]: unknown[172.16.2.3]: 354 End data with CRLF.CRLF Dec 23 09:18:38 relay1 postfix/cleanup[11138]: 5558A1F182D9: message-id= Dec 23 09:18:38 relay1 clamd[2951]: fd[11]: Eicar-Test-Signature FOUND Dec 23 09:18:39 relay1 postfix/cleanup[11138]: 5558A1F182D9: milter-hold: END-OF-MESSAGE from unknown[172.16.2.3]: milter triggers HOLD action; from=us...@relay1.example.net to=superu...@relay1.example.net proto=SMTP Dec 23 09:18:39 relay1 postfix/smtpd[11074]: public/cleanup socket: wanted attribute: status I had a couple of issues with SELinux in the past but it always logged the events to dmesg or /var/log/messages but this time nothing is been logged so my post... I'll have to look deeper in order to find what's going on with SELinux. Thanks once again and my best wishes. Jorge. Cuidar la naturaleza es vivir mejor... hag?moslo juntos. Imprime s?lo lo necesario. La informaci?n transmitida en este mensaje est? destinada ?nicamente a la persona o entidad a la cual el mismo est? dirigido, y puede contener material confidencial, reservado o sujeto al secreto profesional. Cualquier revisi?n, retransmisi?n, divulgaci?n u otro uso de la misma, o la realizaci?n de cualquier acci?n basada en ella por personas o entidades distintas de la indicada, no est? permitida. Si usted ha recibido este mensaje por error, tenga la amabilidad de destruirlo, sin copiarlo ni divulgar su contenido. Muchas gracias. The information contained in this message is directed exclusively to the person or entity to whom the message is addressed, and it might contain information that is confidential, privileged or otherwise legally exempt from disclosure. Any action based on it, performed by an individual or entity different from the one it was intended, is not allowed and its contents should not be read, forwarded, disclosed, or used in any other way. If you have received it by mistake please delete it from your system, you should also not copy the message nor disclose its contents to anyone. Thank you.
Trouble with clamav-milter
Hi all, I'm trying to integrate Postfix with clamav-milter but am getting some errors: Dec 22 16:16:47 relay1 postfix/cleanup[1177]: warning: cannot receive milters via service cleanup socket socket Dec 22 16:16:47 relay1 postfix/cleanup[1177]: fatal: cleanup_milter_receive: milter receive failed Dec 22 16:16:48 relay1 postfix/smtpd[846]: warning: cannot send milters to service public/cleanup socket Dec 22 16:16:48 relay1 postfix/smtpd[846]: unknown[172.16.1.3]: 354 End data with CRLF.CRLF Dec 22 16:16:48 relay1 postfix/master[19502]: warning: process /usr/libexec/postfix/cleanup pid 1177 exit status 1 Dec 22 16:16:48 relay1 postfix/master[19502]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling postconf -n: command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debug_peer_list = 10.1.240.3 mail_owner = postfix milter_protocol = 2 queue_directory = /var/spool/postfix smtpd_milters = inet:localhost: unknown_local_recipient_reject_code = 550 Any idea what could be wrong here? Is this a Postfix issue or clamav-milter ? Thanks in advance for any advice. Jorge. Cuidar la naturaleza es vivir mejor... hag?moslo juntos. Imprime s?lo lo necesario. La informaci?n transmitida en este mensaje est? destinada ?nicamente a la persona o entidad a la cual el mismo est? dirigido, y puede contener material confidencial, reservado o sujeto al secreto profesional. Cualquier revisi?n, retransmisi?n, divulgaci?n u otro uso de la misma, o la realizaci?n de cualquier acci?n basada en ella por personas o entidades distintas de la indicada, no est? permitida. Si usted ha recibido este mensaje por error, tenga la amabilidad de destruirlo, sin copiarlo ni divulgar su contenido. Muchas gracias. The information contained in this message is directed exclusively to the person or entity to whom the message is addressed, and it might contain information that is confidential, privileged or otherwise legally exempt from disclosure. Any action based on it, performed by an individual or entity different from the one it was intended, is not allowed and its contents should not be read, forwarded, disclosed, or used in any other way. If you have received it by mistake please delete it from your system, you should also not copy the message nor disclose its contents to anyone. Thank you.
Re: Trouble with clamav-milter
JORGE CARMINATI: Hi all, I'm trying to integrate Postfix with clamav-milter but am getting some errors: Dec 22 16:16:47 relay1 postfix/cleanup[1177]: warning: cannot receive milters via service cleanup socket socket Dec 22 16:16:47 relay1 postfix/cleanup[1177]: fatal: cleanup_milter_receive: milter receive failed Dec 22 16:16:48 relay1 postfix/smtpd[846]: warning: cannot send milters to service public/cleanup socket Perhaps your kernel does not like the way that Postfix smtpd sends the Milter sockets to Postfix cleanup. There have been some incompatible changes in Postfix workarounds for broken file descriptor passing implementations. The workaround for OpenBSD 3.something was removed because 1) OpenBSD 4.something no longer needs it; 2) it broke on 64-bit NetBSD; 3) other systems never needed the workaround. What is your OS, and what is your Postfix version? Wietse
RE: Trouble with clamav-milter
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Jerry Sent: Tuesday, December 22, 2009 16:55 To: postfix-users@postfix.org Subject: Re: Trouble with clamav-milter On Tue, 22 Dec 2009 16:26:31 -0300 JORGE CARMINATI jcarmin...@pluspetrol.net articulated: Hi all, I'm trying to integrate Postfix with clamav-milter but am getting some errors: Dec 22 16:16:47 relay1 postfix/cleanup[1177]: warning: cannot receive milters via service cleanup socket socket Dec 22 16:16:47 relay1 postfix/cleanup[1177]: fatal: cleanup_milter_receive: milter receive failed Dec 22 16:16:48 relay1 postfix/smtpd[846]: warning: cannot send milters to service public/cleanup socket Dec 22 16:16:48 relay1 postfix/smtpd[846]: unknown[172.16.1.3]: 354 End data with CRLF.CRLF Dec 22 16:16:48 relay1 postfix/master[19502]: warning: process /usr/libexec/postfix/cleanup pid 1177 exit status 1 Dec 22 16:16:48 relay1 postfix/master[19502]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling postconf -n: command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debug_peer_list = 10.1.240.3 mail_owner = postfix milter_protocol = 2 queue_directory = /var/spool/postfix smtpd_milters = inet:localhost: unknown_local_recipient_reject_code = 550 Any idea what could be wrong here? Is this a Postfix issue or clamav-milter ? Thanks in advance for any advice. What is the 'miltersocket' setting in the 'clamav-milter.conf' file? BTW, you should post the complete output of 'postconf -n'. It is possible the problem lies somewhere else. Hi! here's it is: MilterSocket inet:7...@localhost That's the complete output from postconf -n due that it's only for testing purposes. Regards. Cuidar la naturaleza es vivir mejor... hag?moslo juntos. Imprime s?lo lo necesario. La informaci?n transmitida en este mensaje est? destinada ?nicamente a la persona o entidad a la cual el mismo est? dirigido, y puede contener material confidencial, reservado o sujeto al secreto profesional. Cualquier revisi?n, retransmisi?n, divulgaci?n u otro uso de la misma, o la realizaci?n de cualquier acci?n basada en ella por personas o entidades distintas de la indicada, no est? permitida. Si usted ha recibido este mensaje por error, tenga la amabilidad de destruirlo, sin copiarlo ni divulgar su contenido. Muchas gracias. The information contained in this message is directed exclusively to the person or entity to whom the message is addressed, and it might contain information that is confidential, privileged or otherwise legally exempt from disclosure. Any action based on it, performed by an individual or entity different from the one it was intended, is not allowed and its contents should not be read, forwarded, disclosed, or used in any other way. If you have received it by mistake please delete it from your system, you should also not copy the message nor disclose its contents to anyone. Thank you.
RE: Trouble with clamav-milter
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Wietse Venema Sent: Tuesday, December 22, 2009 17:17 To: Postfix users Subject: Re: Trouble with clamav-milter JORGE CARMINATI: Hi all, I'm trying to integrate Postfix with clamav-milter but am getting some errors: Dec 22 16:16:47 relay1 postfix/cleanup[1177]: warning: cannot receive milters via service cleanup socket socket Dec 22 16:16:47 relay1 postfix/cleanup[1177]: fatal: cleanup_milter_receive: milter receive failed Dec 22 16:16:48 relay1 postfix/smtpd[846]: warning: cannot send milters to service public/cleanup socket Perhaps your kernel does not like the way that Postfix smtpd sends the Milter sockets to Postfix cleanup. There have been some incompatible changes in Postfix workarounds for broken file descriptor passing implementations. The workaround for OpenBSD 3.something was removed because 1) OpenBSD 4.something no longer needs it; 2) it broke on 64-bit NetBSD; 3) other systems never needed the workaround. What is your OS, and what is your Postfix version? Wietse Hi Wietse!, here's the information you're asking: mail_version = 2.6.5 (package from Simon J Mudd) Red Hat Enterprise Linux Server release 5.4 (Tikanga) Kernel: 2.6.18-164.9.1.el5 #1 SMP Wed Dec 9 03:27:37 EST 2009 x86_64 x86_64 additionally: clamav-db-0.95.3-1.el5.rf clamav-milter-0.95.3-1.el5.rf clamav-0.95.3-1.el5.rf Thanks in advance for any other comments. Jorge. Cuidar la naturaleza es vivir mejor... hag?moslo juntos. Imprime s?lo lo necesario. La informaci?n transmitida en este mensaje est? destinada ?nicamente a la persona o entidad a la cual el mismo est? dirigido, y puede contener material confidencial, reservado o sujeto al secreto profesional. Cualquier revisi?n, retransmisi?n, divulgaci?n u otro uso de la misma, o la realizaci?n de cualquier acci?n basada en ella por personas o entidades distintas de la indicada, no est? permitida. Si usted ha recibido este mensaje por error, tenga la amabilidad de destruirlo, sin copiarlo ni divulgar su contenido. Muchas gracias. The information contained in this message is directed exclusively to the person or entity to whom the message is addressed, and it might contain information that is confidential, privileged or otherwise legally exempt from disclosure. Any action based on it, performed by an individual or entity different from the one it was intended, is not allowed and its contents should not be read, forwarded, disclosed, or used in any other way. If you have received it by mistake please delete it from your system, you should also not copy the message nor disclose its contents to anyone. Thank you.
Re: Trouble with clamav-milter
JORGE CARMINATI: Hi all, I'm trying to integrate Postfix with clamav-milter but am getting some errors: Dec 22 16:16:47 relay1 postfix/cleanup[1177]: warning: cannot receive milters via service cleanup socket socket Dec 22 16:16:47 relay1 postfix/cleanup[1177]: fatal: cleanup_milter_receive: milter receive failed Dec 22 16:16:48 relay1 postfix/smtpd[846]: warning: cannot send milters to service public/cleanup socket Wietse: Perhaps your kernel does not like the way that Postfix smtpd sends the Milter sockets to Postfix cleanup. There have been some incompatible changes in Postfix workarounds for broken file descriptor passing implementations. The workaround for OpenBSD 3.something was removed because 1) OpenBSD 4.something no longer needs it; 2) it broke on 64-bit NetBSD; 3) other systems never needed the workaround. What is your OS, and what is your Postfix version? JORGE CARMINATI: Hi Wietse!, here's the information you're asking: mail_version = 2.6.5 (package from Simon J Mudd) Red Hat Enterprise Linux Server release 5.4 (Tikanga) Kernel: 2.6.18-164.9.1.el5 #1 SMP Wed Dec 9 03:27:37 EST 2009 x86_64 x86_64 I am not aware of problems with Linux kernels. I have two pieces of home work for you. 1) Perhaps your system runs security software that is not configured to allow Postfix to send file descriptors over UNIX-domain sockets. In that case there may be errors in the logfile. that explains WHY it cannot 2) There is more mail logging from the process 1177 BEFORE it gives up. Please show the complete record. Wietse
Postfix and clamav-milter stopped working after update to clamav-0.95.3
System: FreeBSD-7.2 I just updated to clamav-0.95.3 on my system. I then realized that clamav-milter and Postfix were no longer connecting. /usr/local/etc/postfix/main.cf # Enable clamav-milter milter_default_action = accept smtpd_milters = unix:/var/run/clamav/clmilter.sock /var/run/clamav/clmilter.sock srwxr-xr-x 1 clamav wheel 0B Oct 30 10:22 clmilter.sock= /var/log/maillog Oct 30 10:23:26 scorpio postfix/smtpd[1339]: warning: connect to Milter service unix:/var/run/clamav/clmilter.sock: Permission denied /tmp/clamav-milter.log Fri Oct 30 10:22:16 2009 - +++ Started at Fri Oct 30 10:22:16 2009 I tried doing a complete reboot of the system; however, the problem continues. I have confirmed that the milter is running. Everything was working perfectly under version 0.95.2 of clamav. I made absolutely no other changes. -- -- Jerry postfix.u...@yahoo.com TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html After years of research, scientists recently reported that there is, indeed, arroz in Spanish Harlem.
Re: Postfix and clamav-milter stopped working after update to clamav-0.95.3
Jerry a écrit : System: FreeBSD-7.2 I just updated to clamav-0.95.3 on my system. I then realized that clamav-milter and Postfix were no longer connecting. /usr/local/etc/postfix/main.cf # Enable clamav-milter milter_default_action = accept smtpd_milters = unix:/var/run/clamav/clmilter.sock /var/run/clamav/clmilter.sock srwxr-xr-x 1 clamav wheel 0B Oct 30 10:22 clmilter.sock= /var/log/maillog Oct 30 10:23:26 scorpio postfix/smtpd[1339]: warning: connect to Milter service unix:/var/run/clamav/clmilter.sock: Permission denied /tmp/clamav-milter.log Fri Oct 30 10:22:16 2009 - +++ Started at Fri Oct 30 10:22:16 2009 I tried doing a complete reboot of the system; however, the problem continues. I have confirmed that the milter is running. Everything was working perfectly under version 0.95.2 of clamav. I made absolutely no other changes. For me restarting clamav-milter did the trick. Check your milter setting, the permissions on the socket must be changed by the starting script for use with postfix. The port does this well provided it is configured to do so. -- Erwan David
Re: Postfix and clamav-milter stopped working after update to clamav-0.95.3
On Fri, 30 Oct 2009 16:26:10 +0100 Erwan David er...@rail.eu.org replied: Jerry a écrit : System: FreeBSD-7.2 I just updated to clamav-0.95.3 on my system. I then realized that clamav-milter and Postfix were no longer connecting. /usr/local/etc/postfix/main.cf # Enable clamav-milter milter_default_action = accept smtpd_milters = unix:/var/run/clamav/clmilter.sock /var/run/clamav/clmilter.sock srwxr-xr-x 1 clamav wheel 0B Oct 30 10:22 clmilter.sock= /var/log/maillog Oct 30 10:23:26 scorpio postfix/smtpd[1339]: warning: connect to Milter service unix:/var/run/clamav/clmilter.sock: Permission denied /tmp/clamav-milter.log Fri Oct 30 10:22:16 2009 - +++ Started at Fri Oct 30 10:22:16 2009 I tried doing a complete reboot of the system; however, the problem continues. I have confirmed that the milter is running. Everything was working perfectly under version 0.95.2 of clamav. I made absolutely no other changes. For me restarting clamav-milter did the trick. Check your milter setting, the permissions on the socket must be changed by the starting script for use with postfix. The port does this well provided it is configured to do so. OK, but what permissions does it need? I have posted what it currently is in my original post. -- Jerry postfix.u...@yahoo.com TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Love is like the measles; we all have to go through it. Jerome K. Jerome
Re: Postfix and clamav-milter stopped working after update to clamav-0.95.3
Jerry wrote: On Fri, 30 Oct 2009 16:26:10 +0100 Erwan David er...@rail.eu.org replied: Jerry a écrit : System: FreeBSD-7.2 I just updated to clamav-0.95.3 on my system. I then realized that clamav-milter and Postfix were no longer connecting. /usr/local/etc/postfix/main.cf # Enable clamav-milter milter_default_action = accept smtpd_milters = unix:/var/run/clamav/clmilter.sock /var/run/clamav/clmilter.sock srwxr-xr-x 1 clamav wheel 0B Oct 30 10:22 clmilter.sock= /var/log/maillog Oct 30 10:23:26 scorpio postfix/smtpd[1339]: warning: connect to Milter service unix:/var/run/clamav/clmilter.sock: Permission denied /tmp/clamav-milter.log Fri Oct 30 10:22:16 2009 - +++ Started at Fri Oct 30 10:22:16 2009 I tried doing a complete reboot of the system; however, the problem continues. I have confirmed that the milter is running. Everything was working perfectly under version 0.95.2 of clamav. I made absolutely no other changes. For me restarting clamav-milter did the trick. Check your milter setting, the permissions on the socket must be changed by the starting script for use with postfix. The port does this well provided it is configured to do so. OK, but what permissions does it need? I have posted what it currently is in my original post. Mine is srwxr-xr-x 1 postfix clamav - 0 Oct 30 15:15 /var/run/clamav/clmilter.sock In the port this is controlled by clamav_milter_socket_user=postfix -- Erwan
Re: Postfix and clamav-milter stopped working after update to clamav-0.95.3
On Fri, 30 Oct 2009 17:12:40 +0100 Erwan David er...@rail.eu.org replied: [snip] Mine is srwxr-xr-x 1 postfix clamav - 0 Oct 30 15:15 /var/run/clamav/clmilter.sock In the port this is controlled by clamav_milter_socket_user=postfix I changed the permissions on mine to: 0777. I figured it was easier than finding that something else had stopped working. -- Jerry postfix.u...@yahoo.com TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Leibowitz's Rule: When hammering a nail, you will never hit your finger if you hold the hammer with both hands.
new clamav-milter quarantaine in hold queue script
Hi, the redesign of the clamav-milter 0.95 does quarantaine in the hold queue before infected mails were written to some configurable dir havening them in hold is a nice option but i am thinking of a script getting them out of hold and store in the filesystem and clean up hold i have some clean mailerdaemon script which works likely for deferred started by cron whats your opinion does it sound like a good idea , i dont like the idea that infected mails may i.e hold forever or is there a way, yet ,of configure postfix to unhold them and delete by a configured time period after all i ve asked clamav developers to bring back store in filesystem option, which makes it more easy to investigate infected mails cause sometimes false positives happens with anitpishing code etc -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: new clamav-milter quarantaine in hold queue script
On Sat, Apr 04, 2009 at 06:16:33PM +0200, Robert Schetterer wrote: havening them in hold is a nice option but i am thinking of a script getting them out of hold and store in the filesystem and clean up hold Here's my suggestion: - Create a second Postfix instance in the same file-system. - Run a cron job to move (rename(2)) messages from the HOLD queue of the main instance into the deferred queue of the second instance, carefully respecting the hash_depth of each directory. - In the second instance, deliver all mail via a suitable daemonized SMTP server or via pipe(8) script. The daemon or script will be the entry point into a quarantine system that eventualy expires unclaimed mail, generates reports and allows other administrative or user actions as you see fit. This means that FILTER transport:nexthop is perhaps a better choice than HOLD, but milters may not be able to express this action... I am not aware of an open-source quarantine add-on for Postfix. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: new clamav-milter quarantaine in hold queue script
Victor Duchovni schrieb: On Sat, Apr 04, 2009 at 06:16:33PM +0200, Robert Schetterer wrote: havening them in hold is a nice option but i am thinking of a script getting them out of hold and store in the filesystem and clean up hold Here's my suggestion: - Create a second Postfix instance in the same file-system. - Run a cron job to move (rename(2)) messages from the HOLD queue of the main instance into the deferred queue of the second instance, carefully respecting the hash_depth of each directory. - In the second instance, deliver all mail via a suitable daemonized SMTP server or via pipe(8) script. The daemon or script will be the entry point into a quarantine system that eventualy expires unclaimed mail, generates reports and allows other administrative or user actions as you see fit. This means that FILTER transport:nexthop is perhaps a better choice than HOLD, but milters may not be able to express this action... I am not aware of an open-source quarantine add-on for Postfix. Hi Victor, this sounds very complicated i was thinking more about a cron cript like this ( surly modified to the hold issue ) #!/bin/sh # we need to clean up MAILER-DAEMON messages #try to deliver by force #postqueue -f #now its time to kill the rest TMPFILE=/tmp/clean.queue.$$ DEFERDIR=/var/spool/postfix/deferred # collect the filenames mailq |grep MAILER-DAEMON | cut -f1 -d ' ' $TMPFILE for DEFERFILE in `cat $TMPFILE` do FILEPATH=`find $DEFERDIR -name $DEFERFILE` #echo $FILEPATH #for debug #echo $DEFERFILE #for debug # # checks in use with spamass. # # egrep -i 'spamassassin|hits\=[0-9]{1,2}\.[0-9]' $FILEPATH /dev/null # if [ $? -eq 0 ] # then # deferred message is most likely spam ## postsuper -d $DEFERFILE deferred # fi done rm -f $TMPFILE /dev/null -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: new clamav-milter quarantaine in hold queue script
On Sat, Apr 04, 2009 at 07:01:08PM +0200, Robert Schetterer wrote: Here's my suggestion: - Create a second Postfix instance in the same file-system. - Run a cron job to move (rename(2)) messages from the HOLD queue of the main instance into the deferred queue of the second instance, carefully respecting the hash_depth of each directory. - In the second instance, deliver all mail via a suitable daemonized SMTP server or via pipe(8) script. The daemon or script will be the entry point into a quarantine system that eventualy expires unclaimed mail, generates reports and allows other administrative or user actions as you see fit. This means that FILTER transport:nexthop is perhaps a better choice than HOLD, but milters may not be able to express this action... I am not aware of an open-source quarantine add-on for Postfix. Hi Victor, this sounds very complicated Yes, I am proposing a robust, comprehensive system that could serve a variety of needs. i was thinking more about a cron cript like this ( surly modified to the hold issue ) What do mail-daemon messages have to do with junk placed in the HOLD queue by a milter TMPFILE=/tmp/clean.queue.$$ DEFERDIR=/var/spool/postfix/deferred # collect the filenames mailq |grep MAILER-DAEMON | cut -f1 -d ' ' $TMPFILE for DEFERFILE in `cat $TMPFILE` do FILEPATH=`find $DEFERDIR -name $DEFERFILE` This is subject to race-conditions, because queue-ids can be re-used. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: new clamav-milter quarantaine in hold queue script
Robert Schetterer wrote: i was thinking more about a cron cript like this ( surly modified to the hold issue ) What do mail-daemon messages have to do with junk placed in the HOLD queue by a milter Here's a dorky script I use to release mail on hold after a few days. I have some questionable header_checks that HOLD mail and don't want to keep mail on hold forever if I'm on vacation or whatever... It can easily be modified to move mail elsewhere or just delete old mail. Caution: if you move the file without renaming it, keep it in the same filesystem to insure unique filenames. Just run from cron a couple times a day. 8X #!/bin/sh # pf-releasehold - automatically release messages from # the hold queue if they are greater than DAYSOLD days old. PBIN=/usr/sbin DAYSOLD=2 QUEUEDIR=`$PBIN/postconf -h queue_directory` HOLDQUEUE=${QUEUEDIR}/hold TMPFILE=/tmp/pfhold-$$ find ${HOLDQUEUE} -type f -mtime +${DAYSOLD} -print ${TMPFILE} if test -z ${TMPFILE} then echo 'nothing to release from hold' rm -f ${TMPFILE} exit fi # if we get this far, there must be something that needs to be released for QUEUEPATH in `cat ${TMPFILE}` do QUEUEID=`basename ${QUEUEPATH}` # change this line to adjust action $PBIN/postsuper -H ${QUEUEID} 21 | mail -s 'pf-releasehold' postmaster done rm -f ${TMPFILE} 8X Of course, the better answer is: If clamav-milter isn't doing what you need, use another milter. There are several milters that can interface to clamd. -- Noel Jones