# [gelöst] Clamav will nicht mit amavis(postfix)



## pchowtoforge80 (8. Jan. 2016)

Hallo Community,

ich hoffe hier kann mir geholfen werden. Komme seit Tagen und vielen HowTo´s nicht weiter.

ich bekomme scheinbar ClamAV nicht mit amavis verheiratet.   SPAMASSASSIN läuft problemlos.
Bei starten kommt von amavis erscheint u.a. immer "ANTI-VIRUS code  NOT loaded", es ist kein Eintrag zu clamav vorhanden und der EICAR Test geht auch durch.
amavis scheint keine Anstallten zu machen es überhaupt zu versuchen. Selbst bei Loglevel = 5 erscheint nirgends nur der Versuch, clamav einzubinden.

Habe enstprechend mehere HowTo´s 
1. ) clamav user der amaivs group und umgegekhert hinzugefügt.
adduser clamav amavis
adduser amavis clamav
2. ) die enstprechenden Einträge in /etc/amavis/conf.d/15-content_filter_mode  gesetzt
 use strict;
@bypass_virus_checks_maps = (
  \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
%bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);
1; 

3. ) die main.cf und master.cf soweit ich beurteilen kann angepasst.
  main.cf
          content_filter = smtp-amavis:[127.0.0.1]:10024
         receive_override_options = no_address_mappings

  master.cf
      pickup  unix  n  -  -  60  1  pickup
        -o content_filter=
        -o receive_override_options=no_header_body_checks

smtp-amavis  unix  -  -  -  -  2  smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20
  -o smtp_tls_security_level=none
  -o smtp_enforce_tls=no
127.0.0.1:10025 inet  n  -  -  -  -  smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_tls_security_level=none
  -o smtpd_tls_auth_only=no
  -o smtpd_enforce_tls=no
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters


4.)  AllowSupplementaryGroups auf true in clamd.conf gesetzt.


----------



## florian030 (8. Jan. 2016)

Läuft denn clamav überhaupt? 
service clamav-daemon status
Sonst in der amavis-config einfach mal 
$log_level = 3;
und amavis neu starten. Das Log ist aber auch so schon sehr aussagekräftig.


----------



## pchowtoforge80 (8. Jan. 2016)

Hallo,
ja service läuft natürlich
 clamav-daemon.service - Clam AntiVirus userspace daemon
  Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
  Active: active (running) since Fr 2016-01-08 07:23:30 CET; 3h 11min ago
  Docs: man:clamd(8)
  man:clamd.conf(5)
 Main PID: 16426 (clamd)
  CGroup: /system.slice/clamav-daemon.service
  ââ16426 /usr/sbin/clamd --foreground=true

Jan 08 07:23:46   xxxxx clamd[16426]: Mail files support enabled.
Jan 08 07:23:46   xxxxx clamd[16426]: OLE2 support enabled.
Jan 08 07:23:46  xxxxx   clamd[16426]: PDF support enabled.
Jan 08 07:23:46  xxxxx clamd[16426]: SWF support enabled.
Jan 08 07:23:46  xxxxx  clamd[16426]: HTML support enabled.
Jan 08 07:23:46  xxxxx clamd[16426]: Self checking every 3600 seconds.
Jan 08 07:51:28  xxxxx clamd[16426]: Reading databases from /var/lib/clamav
Jan 08 07:51:44  xxxxx clamd[16426]: Database correctly reloaded (4210826 signatures)
Jan 08 08:51:44  xxxxx clamd[16426]: SelfCheck: Database status OK.
Jan 08 09:51:44  xxxxx l clamd[16426]: SelfCheck: Database status OK.

und hier mal die Ausgabe vom amavis beim start

Jan  8 10:36:37 cloud amavis[24026]: logging initialized, log level 3, syslog: amavis.mail
Jan  8 10:36:37 cloud amavis[24026]: starting. /usr/sbin/amavisd-new at xxxxxx amavisd-new-2.10.1 (20141025), Unicode aware, LANG="de_DE.UTF-8"
Jan  8 10:36:37 cloud amavis[24026]: perl=5.020002, user=, EUID: 115 (115);  group=, EGID: 123 123 (123 123)
Jan  8 10:36:37 cloud amavis[24026]: INFO: no optional modules: unicore::lib:erl::SpacePer.pl unicore::lib::Nt:e.pl Unix::Getrusage
Jan  8 10:36:37 cloud amavis[24026]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin
Jan  8 10:36:37 cloud amavis[24026]: INFO: SA version: 3.4.0, 3.004000, no optional modules: Net::CIDR::Lite Encode:etect Image::Info Image::Info::GIF Image::Info::JPEG Image::Info:NG Image::Info::BMP Image::Info::TIFF
Jan  8 10:36:37 cloud amavis[24026]: SpamControl: init_pre_chroot on SpamAssassin done
Jan  8 10:36:37 cloud amavis[24026]: socket module IO::Socket::IP, protocol families available: INET, INET6
Jan  8 10:36:37 cloud amavis[24026]: bind to 127.0.0.1:10024/tcp, [::1]:10024/tcp
Jan  8 10:36:37 cloud amavis[24029]: Net::Server: Process Backgrounded
Jan  8 10:36:37 cloud amavis[24029]: Net::Server: 2016/01/08-10:36:37 Amavis (type Net::Server:reForkSimple) starting! pid(24029)
Jan  8 10:36:37 cloud amavis[24029]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1 with IPv4
Jan  8 10:36:37 cloud amavis[24029]: Net::Server: Binding to TCP port 10024 on host ::1 with IPv6
Jan  8 10:36:37 cloud amavis[24029]: Net::Server: Group Not Defined.  Defaulting to EGID '123 123'
Jan  8 10:36:37 cloud amavis[24029]: Net::Server: User Not Defined.  Defaulting to EUID '115'
Jan  8 10:36:37 cloud amavis[24029]: config files read: /usr/share/amavis/conf.d/10-debian_scripts, /usr/share/amavis/conf.d/20-package, /etc/amavis/conf.d/05-node_id, /etc/amavis/conf.d/15-av_scanners, /etc/amavis/conf.d/15-content_filter_mode, /etc/amavis/conf.d/20-debian_defaults
Jan  8 10:36:37 cloud amavis[24029]: Module Amavis::Conf  2.404
Jan  8 10:36:37 cloud amavis[24029]: Module Archive::Zip  1.39
Jan  8 10:36:37 cloud amavis[24029]: Module BerkeleyDB  0.54
Jan  8 10:36:37 cloud amavis[24029]: Module Compress::Raw::Zlib 2.065
Jan  8 10:36:37 cloud amavis[24029]: Module Compress::Zlib  2.064
Jan  8 10:36:37 cloud amavis[24029]: Module Crypt::OpenSSL::RSA 0.28
Jan  8 10:36:37 cloud amavis[24029]: Module DB_File  1.831
Jan  8 10:36:37 cloud amavis[24029]: Module Digest::MD5  2.53
Jan  8 10:36:37 cloud amavis[24029]: Module Digest::SHA  5.88
Jan  8 10:36:37 cloud amavis[24029]: Module Encode  2.60
Jan  8 10:36:37 cloud amavis[24029]: Module File::Temp  0.2304
Jan  8 10:36:37 cloud amavis[24029]: Module IO::Socket::INET6  2.72
Jan  8 10:36:37 cloud amavis[24029]: Module IO::Socket::IP  0.32
Jan  8 10:36:37 cloud amavis[24029]: Module MIME::Entity  5.505
Jan  8 10:36:37 cloud amavis[24029]: Module MIME:arser  5.505
Jan  8 10:36:37 cloud amavis[24029]: Module MIME::Tools  5.505
Jan  8 10:36:37 cloud amavis[24029]: Module Mail:KIM::Verifier 0.4
Jan  8 10:36:37 cloud amavis[24029]: Module Mail::Header  2.13
Jan  8 10:36:37 cloud amavis[24029]: Module Mail::Internet  2.13
Jan  8 10:36:37 cloud amavis[24029]: Module Mail::SPF  v2.009
Jan  8 10:36:37 cloud amavis[24029]: Module Mail::SpamAssassin  3.004000
Jan  8 10:36:37 cloud amavis[24029]: Module Net:NS  0.81
Jan  8 10:36:37 cloud amavis[24029]: Module Net::LibIDN  0.12
Jan  8 10:36:37 cloud amavis[24029]: Module Net::Server  2.008
Jan  8 10:36:37 cloud amavis[24029]: Module NetAddr::IP  4.075
Jan  8 10:36:37 cloud amavis[24029]: Module Razor2::Client::Version 2.84
Jan  8 10:36:37 cloud amavis[24029]: Module Scalar::Util  1.38
Jan  8 10:36:37 cloud amavis[24029]: Module Socket  2.013
Jan  8 10:36:37 cloud amavis[24029]: Module Socket6  0.25
Jan  8 10:36:37 cloud amavis[24029]: Module Time::HiRes  1.9726
Jan  8 10:36:37 cloud amavis[24029]: Module URI  1.64
Jan  8 10:36:37 cloud amavis[24029]: Module Unix::Syslog  1.1
Jan  8 10:36:37 cloud amavis[24029]: Amavis::ZMQ code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: Amavis:B code  loaded
Jan  8 10:36:37 cloud amavis[24029]: SQL base code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: SQL::Log code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: SQL::Quarantine  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: Lookup::SQL code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: Lookup::LDAP code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: AM.PDP-in proto code NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: SMTP-in proto code  loaded
Jan  8 10:36:37 cloud amavis[24029]: Courier proto code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: SMTP-out proto code  loaded
Jan  8 10:36:37 cloud amavis[24029]: Pipe-out proto code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: BSMTP-out proto code NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: Local-out proto code loaded
Jan  8 10:36:37 cloud amavis[24029]: OS_Fingerprint code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: ANTI-VIRUS code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: ANTI-SPAM code  loaded
Jan  8 10:36:37 cloud amavis[24029]: ANTI-SPAM-EXT code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: ANTI-SPAM-C code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: ANTI-SPAM-SA code  loaded
Jan  8 10:36:37 cloud amavis[24029]: Unpackers code  loaded
Jan  8 10:36:37 cloud amavis[24029]: DKIM code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: Tools code  NOT loaded
Jan  8 10:36:37 cloud amavis[24029]: No $file,  not using it
Jan  8 10:36:37 cloud amavis[24029]: No $altermime,  not using it
Jan  8 10:36:37 cloud amavis[24029]: Internal decoder for .mail
Jan  8 10:36:37 cloud amavis[24029]: Internal decoder for .gz
Jan  8 10:36:37 cloud amavis[24029]: No ext program for  .xz, tried: xzdec, xz -dc, unxz -c, xzcat
Jan  8 10:36:37 cloud amavis[24029]: Internal decoder for .zip
Jan  8 10:36:37 cloud amavis[24029]: Internal decoder for .kmz
Jan  8 10:36:37 cloud amavis[24029]: No ext program for  .7z, tried: 7zr, 7za, 7z
Jan  8 10:36:37 cloud amavis[24029]: No ext program for  .bz2, tried: 7za, 7z
Jan  8 10:36:37 cloud amavis[24029]: No ext program for  .Z, tried: 7za, 7z
Jan  8 10:36:37 cloud amavis[24029]: No decoder for  .cab
Jan  8 10:36:37 cloud amavis[24029]: No decoder for  .cpio
Jan  8 10:36:37 cloud amavis[24029]: No decoder for  .deb
Jan  8 10:36:37 cloud amavis[24029]: No decoder for  .doc
Jan  8 10:36:37 cloud amavis[24029]: Deleting db files __db.001,snmp.db,__db.002,nanny.db,__db.003 in /var/lib/amavis/db
Jan  8 10:36:37 cloud amavis[24029]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.54, libdb 5.3
Jan  8 10:36:37 cloud amavis[24029]: initializing Mail::SpamAssassin (0)
Jan  8 10:36:37 cloud amavis[24029]: SpamAssassin debug facilities: info
Jan  8 10:36:39 cloud amavis[24029]: SA info: zoom: able to use 347/347 'body_0' compiled rules (100%)
Jan  8 10:36:40 cloud amavis[24029]: SpamAssassin loaded plugins: AskDNS, AutoLearnThreshold, Bayes, BodyEval, Check, DKIM, DNSEval, FreeMail, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, ImageInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, Rule2XSBody, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject
Jan  8 10:36:40 cloud amavis[24029]: SpamControl: init_pre_fork on SpamAssassin done
Jan  8 10:36:40 cloud amavis[24029]: extra modules loaded after daemonizing/chrooting: /etc/perl/Net/libnet.cfg, Mail/SpamAssassin


----------



## florian030 (8. Jan. 2016)

Dann stimmen entweder Deine Einträge in 15-av_scanners oder 15-content_filter_mode nicht.
Bei Debian ist das in etwa

```
@av_scanners = (
['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
   qr/\bOK$/m, qr/\bFOUND$/m,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
);
```
und 


```
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
```


----------



## pchowtoforge80 (8. Jan. 2016)

SUUUPER Danke,
es lag an 15-av_scanners,

alle Dokus die ich gefunden habe waren nur wie folgt, da hat deine erste und letzte Zeile gefehlt.  

['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],


----------

