Thursday, November 15. 2007
If you are running clamav daemon on debian etch, and your clamav daemon takes up to 3-4 minutes to create the unix socket and the pid file, don't despair it's an clamav bug.
While you are running clamav with amavis this bug can be very annoying:
amavis: (21470-02) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket
If you strace your clamv on the startup time you get many of these messages:
read(10, "n.Downloader-14249\n29184:5d2a569"..., 4096) = 4096
The clamav version is debian etch is 0.90.1.
The bug is fixed in version 0.91rc2. So you could use the backports.org packages (0.91.2).
Friday, May 19. 2006
Relating to that Virus Scanning entry I think Debian Volatile is better for an up-to-date ClamAV than Backports.org.
Debian Volatile is made for packages that change very often, and you need the current upstream package on a server. Like an up-to-date virus scanning engine.
So simple and this line to your sources.list and run after that an apt-get update.
deb http://ftp2.de.debian.org/debian-volatile sarge/volatile main
BTW: Volatile Mirror List
Now you can install your clamav normally with an apt-get install clamav.
Thursday, February 9. 2006
Here is a short HowTo for configure Postfix to use Amavis with ClamAV for virus scanning!
First you should install ClamAV from backports.org, when you using the ClamAV from stable/sarge you have an old searching engine that maybe have some problems to recognize new viruses with the new files from ClamAV-freshclam.
First add this line to your /etc/apt/sources.list:
deb http://www.backports.org/debian sarge-backports main
Now that is very important to create a /etc/apt/preferences file:
With this entry you deactivate all packages from backports.org this is important because we will only install ClamAV from backports.
Save the file and run an apt-get update to receive the packagefiles from backports.org.
Now install clamav with:
apt-get install -t sarge-backports clamav clamav-freshclam
The -t sarge-backports is necessary, because apt will now install the package from backports.org!
Now install amavis-new:
apt-get install amavis-new
Edit your /etc/postfix/main.cf and add this for amavis:
Edit your /etc/postfix/master.cf and add this for amavis:
Now you have to add clamav user to the amavis system group and add the clamav user to the amavis system group in your /etc/group!
Because clamav user must read files in the amavis directory and the amvis user must read files in the clamav directory.
After the modification /etc/group should look like:
After this modification you have to restart all services!
(postfix, clamav-daemon, clamav-freshclam, amvis)
Than you have to edit the /etc/amavis/amavisd.conf:
It's very big so I only list the changes:
->>change to your hostname
->> no mail to virussender. because often the from emailaddres is faked!
->> the recipient gets an email that he has received an virus email
->> postmaster gets no notification
Safe the configuration file and restart your amavid!
Now try to send an email and than try to send a virus from
If the repicient gets an email about “VIRUS ( EICAR.Test) IN MAIL TO YOU” all works fine.
If not, check the /var/log/mail.log and try to resolv the error!
(Page 1 of 1, totaling 3 entries)