1 Topic by raystrach (edited by raystrach 2015-06-01 14:58:21)

  • raystrach
  • Member
  • Offline
  • Registered: 2012-05-21
  • Posts: 37

Topic: Mail slow to be delivered - Probably clamav issue

==== Required information ====
- iRedMail version: 8.6
- Store mail accounts in which backend (LDAP):
- Web server (Apache):
- Linux/BSD distribution name and version: centos 6.5
- Related log if you're reporting an issue: /var/log/clamav/clamd.log
====

whilst a similar issue has been previously reported, i have not been able to solve this issue.

the problem...

mail was being slow to be delivered so i checked  mailq and sure enough, there were a couple of hundred emails in the mailqueue.

also my cpu use on the server was very high (proabably as a result of all the retries that are happening - see below)

typically the message in the mailqueue was one of the following

************************************************
(connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) or
(delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
************************************************
i did some investiagtion into this and it lead me to believe there was a problem with clamav, so i tried to restart clamd

this is what i got

************************************************
# service clamd restart
Stopping Clam AntiVirus Daemon:                            [FAILED]
Starting Clam AntiVirus Daemon: ERROR: Can't open /var/log/clamav/clamd.log in append mode (check permissions!).
ERROR: Can't initialize the internal logger                  [FAILED]
******************************************************

i tried numerous solutions suggested on this and other websites from changing permission of the log file so uncommenting lines from the amavis. conf file, none of which worked

this is the typical message that i am getting in the maillog

**********************************************************************
Jun  1 06:45:58 mailer amavis[451]: (00451-01) (!)connect to /tmp/clamd.socket failed, attempt #1: Can't connect to a UNIX socket /tmp/clamd.socket: 2
Jun  1 06:45:59 mailer amavis[451]: (00451-01) (!)connect to /tmp/clamd.socket failed, attempt #1: Can't connect to a UNIX socket /tmp/clamd.socket: No such file or directory
Jun  1 06:45:59 mailer amavis[451]: (00451-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /tmp/clamd.socket, retrying (2)
Jun  1 06:46:05 mailer amavis[451]: (00451-01) (!)connect to /tmp/clamd.socket failed, attempt #1: Can't connect to a UNIX socket /tmp/clamd.socket: No such file or directory
Jun  1 06:46:05 mailer amavis[451]: (00451-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /tmp/clamd.socket (All attempts (1) failed connecting to /tmp/clamd.socket) at (eval 116) line 608.\n
Jun  1 06:46:05 mailer amavis[451]: (00451-01) (!)WARN: all primary virus scanners failed, considering backups
*********************************************************************

i have spent a number of hours trying to solve the problem and i am exactly where i started from - i am clueless.

one thing that i do not think is relevant, but just may be...

i updated a couple of settings in ssl.conf last night as i reviewing the status of the ssl certificate because of cipher issues

i changed some cipher setting to be more secure.

also i noticed in a post on this issue, that yum updates may have affected the config file. i do update via yum periodically, although the last time it was done was a few days ago, and this problem has just appeared out of nowhere in the past 12 hours.

i would appreciate any help - i am getting desparate.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Mail slow to be delivered - Probably clamav issue

Caused by ClamAV is not running.

As a temporary solution: disable clamav in Amavisd. set '@bypass_virus_checks_maps = (1);' in /etc/amavisd/amavisd.conf, restart amavisd service.

The best solution is: start clamav service.
According to the error message, looks like file permission on directory /var/log/clamav/ is incorrect. On RHEL/CentOS, it should be owned by 'clam:clam' with permission 0755.

3 Reply by raystrach

  • raystrach
  • Member
  • Offline
  • Registered: 2012-05-21
  • Posts: 37

Re: Mail slow to be delivered - Probably clamav issue

thanks ZhangHuangbin for you reply

yes, it was clamav not running and it was a permission issue, as well as having problems with the socket file.

i tried many ways to solve it but was unable to when i wrote the post.

after i wrote the post i continued to look for a solution. i found the missing bit of information here:

http://www200.pair.com/mecham/spam/clam … d-new.html

the log file was owned by clam, but something in the file permissions must have been changed when i ran a recent yum update, as the system has been running very well for over a year without problems.

in short, the one thing that needed to be adjusted once all the actual file permissions were set was that the amavis, clamav and freshclam config files needed to have the appropriate file ownership values set inside them.

for others who are experiencing the same problems, here are the settings that may need to be adjusted.

clamd.conf : User
freshclam.conf: DatabaseOwner

crucially, the log file needs to be able to be written by the owner of amavisd as well.

finally, the socket being used my be accessible to all of these programs and the socket value needs to align.

the url above goes into more details if you want it.

the one thing that surprised me was that the socket file seemed to have disappeared as well, so i had to recreate that with the appropriate file permissions.