web-dev-qa-db-ja.com

Postfix、Amavis-new、ClamAV:権限が拒否されました。エラー

/ var/log/maillogのエラー行

Sep 22 12:08:20 Sun amavis[4493]: (04493-09) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130922T052321-04493-crApLkq5/parts: lstat() failed: Permission denied. ERROR\n"
Sep 22 12:08:20 Sun amavis[4493]: (04493-09) (!)ClamAV-clamd av-scanner FAILED: CODE(0x29185c0) unexpected , output="/var/spool/amavisd/tmp/amavis-20130922T052321-04493-crApLkq5/parts: lstat() failed: Permission denied. ERROR\n" at (eval 113) line 897.
Sep 22 12:08:20 Sun amavis[4493]: (04493-09) (!)WARN: all primary virus scanners failed, considering backups

サーバーのユーザーとグループ

# cat /etc/passwd | grep "amavis\|clamav"
clam:x:495:493:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
amavis:x:494:492:User for amavisd-new:/var/spool/amavisd:/sbin/nologin
# id amavis
uid=494(amavis) gid=492(amavis) groups=492(amavis),493(clam)
# id clam
uid=495(clam) gid=493(clam) groups=493(clam),492(amavis)

サービス

chkconfig --list | grep "amavisd\| clamd\| spamassassin"

amavisd         0:off   1:off   2:on    3:on    4:off   5:off   6:off
clamd           0:off   1:off   2:on    3:on    4:off   5:on    6:off
clamd.amavisd   0:off   1:off   2:on    3:on    4:off   5:off   6:off
spamassassin    0:off   1:off   2:on    3:on    4:off   5:off   6:off

/ etc/clamd.conf

LocalSocket /var/run/clamav/clamd.sock
LocalSocketGroup amavis
User clam

/ etc/amavisd.conf

### http://www.clamav.net/
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# #   uid such as clamav, add user clamav to the amavis group, and then add
# #   AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# #   this entry; when running chrooted one may prefer socket "$MYHOME/clamd".

/ etc/postfix/master.cf

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
amavisfeed unix    -       -       n        -      2     lmtp
    -o lmtp_data_done_timeout=1200
    -o lmtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
127.0.0.1:10025 inet n    -       n       -       -     smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
    -o local_header_rewrite_clients=
    -o smtpd_milters=
    -o local_recipient_maps=
    -o relay_recipient_maps=

/ etc/postfix/main.cf

content_filter=amavisfeed:[127.0.0.1]:10024

ls/var/spool/amavisd/tmp /

drwxr-x---. 3 amavis amavis 4096 Sep 23 15:00 amavis-20130923T150035-15730-hgztdUJP
drwxr-x---. 3 amavis amavis 4096 Sep 23 15:12 amavis-20130923T151205-16266-HUEzwmIf

ls/var/spool/amavisd/-l

srwxr-x---. 1 amavis amavis    0 Sep 23 04:36 amavisd.sock
drwx------. 2 amavis amavis 4096 Sep 23 04:36 db
drwx------. 2 amavis amavis 4096 Feb 22  2013 quarantine
drwx------. 4 amavis amavis 4096 Sep 23 18:14 tmp
5
RedLEON

これは、このディレクトリの権限の問題のようです:

/var/spool/amavisd/tmp/

ログメッセージに基づいて、ユーザーamavisはこのディレクトリにアクセスできないようです。

5
slm

あなたが述べたコメントとして、RPMForgeは機能しますが、RPMForgeはEPELと同じ標準に準拠していないため、必ずしも問題を修正する適切な方法ではありません。

EPELの問題は、「clam」ユーザーがamavisフォルダーにアクセスできないことです。これをEPELで動作させるのはかなり簡単です。

usermod -a -G amavis clam
chmod g+rx /var/spool/amavisd/tmp

この広告はamavisグループを要求し、次にamavisグループにtmpディレクトリへのアクセスを許可します。

3
Fmstrat