오류 라인은/var/log/메일 로그
Sep 22 12:08:20 sun amavis[4493]: (04493-09) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130922T052321-04493-crApLkq5/parts: lstat() failed: Permission denied. ERROR\n"
Sep 22 12:08:20 sun amavis[4493]: (04493-09) (!)ClamAV-clamd av-scanner FAILED: CODE(0x29185c0) unexpected , output="/var/spool/amavisd/tmp/amavis-20130922T052321-04493-crApLkq5/parts: lstat() failed: Permission denied. ERROR\n" at (eval 113) line 897.
Sep 22 12:08:20 sun amavis[4493]: (04493-09) (!)WARN: all primary virus scanners failed, considering backups
서버 사용자 및 그룹
# cat /etc/passwd | grep "amavis\|clamav"
clam:x:495:493:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
amavis:x:494:492:User for amavisd-new:/var/spool/amavisd:/sbin/nologin
# id amavis
uid=494(amavis) gid=492(amavis) groups=492(amavis),493(clam)
# id clam
uid=495(clam) gid=493(clam) groups=493(clam),492(amavis)
제공하다
chkconfig --list | grep "amavisd\|clamd\|spamassassin"
amavisd 0:off 1:off 2:on 3:on 4:off 5:off 6:off
clamd 0:off 1:off 2:on 3:on 4:off 5:on 6:off
clamd.amavisd 0:off 1:off 2:on 3:on 4:off 5:off 6:off
spamassassin 0:off 1:off 2:on 3:on 4:off 5:off 6:off
/etc/clamd.conf
LocalSocket /var/run/clamav/clamd.sock
LocalSocketGroup amavis
User clam
/etc/amavisd.conf
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# # uid such as clamav, add user clamav to the amavis group, and then add
# # AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
/etc/postfix/master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
/etc/postfix/main.cf
content_filter=amavisfeed:[127.0.0.1]:10024
ls /var/spool/amavisd/tmp/
drwxr-x---. 3 amavis amavis 4096 Sep 23 15:00 amavis-20130923T150035-15730-hgztdUJP
drwxr-x---. 3 amavis amavis 4096 Sep 23 15:12 amavis-20130923T151205-16266-HUEzwmIf
ls /var/spool/amavisd/ -l
srwxr-x---. 1 amavis amavis 0 Sep 23 04:36 amavisd.sock
drwx------. 2 amavis amavis 4096 Sep 23 04:36 db
drwx------. 2 amavis amavis 4096 Feb 22 2013 quarantine
drwx------. 4 amavis amavis 4096 Sep 23 18:14 tmp
답변1
이는 디렉터리의 권한 문제인 것 같습니다.
/var/spool/amavisd/tmp/
로그 메시지에 따르면 사용자에게 amavis디렉터리에 액세스할 수 있는 권한이 없는 것으로 나타납니다.
답변2
언급한 대로 RPMForge는 작동하지만 RPMForge는 EPEL과 동일한 표준을 충족하지 않기 때문에 문제를 해결하는 올바른 방법은 아닙니다.
EPEL의 문제점은 "clam" 사용자가 amavis 폴더에 접근할 수 없다는 것입니다. EPEL과 함께 작동하게 만드는 것은 매우 간단합니다:
usermod -a -G amavis clam
chmod g+rx /var/spool/amavisd/tmp
이 광고는 amavis 그룹에 가입한 다음 amavis 그룹의 tmp 디렉토리에 대한 액세스 권한을 부여합니다.