[Eisfair] [E64]: Mail <> Clamav

Rolf Bensch azubi at bensch-net.de
Fr Apr 3 10:28:32 CEST 2020 

Hallo zusammen,

heute soll auf dem neu installierten E64 zum Mailpaket CLAMAV 
installiert werden:

   Enter your searchstring (ENTER=Return, 0=Exit)? clamav
   Downloading required packages ...
   => [####################] clamav (1.2.66)...      [  OK  ]
   Done!
   Installation of: clamav (1.2.66) ...
   Start ClamAV installation...
   Copying file /usr/share/clamav/clamav-exiscan.conf -> /var/spool 
/exim/exiscan-av.cnf ...
   Update current antivirus definitions...
   ClamAV update process started at Fri Apr  3 09:50:30 2020
   daily.cld database is up to date (version: 25770, sigs: 2245232, 
f-level: 63, builder: raynman)
   main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 
   60, builder: sigmgr)
   bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 
63, builder: anvilleg)                             [  OK  ]
   Successfully installed: clamav (1.2.66)!
   Press ENTER to continue

CLAMAV läuft (nach Konfiguration) dann auch:

   eis64-2 # /etc/init.d/clamav status
   ClamAV daemon is running.

/var/spool/exim/exiscan-av.cnf wird angelegt:

   eis64-2 # cat /var/spool/exim/exiscan-av.cnf
   # ClamAV configuration
   #--------------------------------------------------------------------
   # Copyright (c) 2004-2008 Sebastian Scholze <webmaster at schlotze.de>
   #
   # Creation:     10.06.2004  ss
   # Last Update:    $Id: clamav-exiscan.conf 56592 2018-08-10 14:51:17Z 
schlotze $
   #
   # This program is free software; you can redistribute it and/or modify
   # it under the terms of the GNU General Public License as published by
   # the Free Software Foundation; either version 2 of the License, or
   # (at your option) any later version.
   #-------------------------------------------------------------------
   AV_SCANNER='clamd'
   AV_SOCKET='/run/clamd'

Danach sende ich eine Mail und finde in /var/spool/exim/log/mainlog:

   │2020-04-03 09:53:00 1jKH8O-00029M-Fk spam acl condition: spamd: 
failed to connect to any address for 127.0.0.1: Connection refused
   │2020-04-03 09:53:00 1jKH8O-00029M-Fk spam acl condition: all spamd 
servers failed
   │2020-04-03 09:53:00 1jKH8O-00029M-Fk H=localhost 
(www.bensch-net.info) [127.0.0.1] Warning: ACL "warn" statement skipped: 
condition test deferred

"Mail" findet offensichtlich den laufenden CLAMAV-Service nicht. Ein 
Blick nach /run:

   eis64-2 # ls -l /run/ | grep clam
   srw-rw-rw- 1 clamav trusted    0 Apr  3 09:50 clamd
   -rw-rw-r-- 1 clamav trusted    5 Apr  3 09:50 clamd.pid

Exiscan-Konfiguration:

EXISCAN_AV_ENABLED                      =  yes
│ EXISCAN_AV_ACTION                       =  pass
│ EXISCAN_AV_SUBJECT_TAG                  =  *Virusverdacht* (%VN):
│ EXISCAN_AV_SCANNER                      =  auto
│ EXISCAN_AV_PATH                         =
│ EXISCAN_AV_OPTIONS                      =
│ EXISCAN_AV_TRIGGER                      =
│ EXISCAN_AV_DESCRIPTION                  =
│ EXISCAN_AV_SOCKET                       =  /run/clamd
│ EXISCAN_AV_SKIP_AUTHENTICATED           =  no

Was läuft hier schief?

Grüße Rolf

Mehr Informationen über die Mailingliste Eisfair