Topic: SME E-Mail - Either SMTP or ClamAV problem

[technostruct]

Hello everyone, thanks for taking the time to read, hope I make sense here.  Posted by suggestion of "pbearne."

I've setup SME Server 6.0.1, setup e-mail (Primary domain), and setup Webmail (HTTPS-Only).  I setup the Swerts-Knudsen ClamAV-addon, and it seems to be working well ... until I tried to send e-mail via Webmail.  Now this is a clean setup - nobody's been on the server as yet except me.  I've also got the "admin" and "postmaster" accounts forwarding mail to my account.

I sent an e-mail to the people I created an e-mail account for last night, via Webmail interface, in my account, ... and got the following message (personal details replaced by "xxx":
------------------------------------------------------
The message has been quarantined as
4119e59f-3069.msg

The corresponding logfile has been written to
4119e59f-3069.log


Message headers follow:
Received: from localhost (127.0.0.1)
  by xxxxxxxxx (127.0.0.1) with ESMTP; 11 Aug 2004
09:23:41 -0000
Received: from xxxxxx ([xxxxxx2])
by xxxxxxxxxxxxx (IMP) with HTTP
for <xxxxxxx@localhost>; Wed, 11 Aug 2004 02:23:40 -0700
Message-ID: <1092216220.4119e59ce4e36@xxxxxxxxxxxxxx>
Date: Wed, 11 Aug 2004 02:23:40 -0700
From: xxxxx@xxxxxxxxx.net
To: xxxxxxxx, xxxxxxxx, xxxxxxx
Subject: xxxxxxxxxxxxx
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.1
X-Originating-IP: xxxxxxxxxx
X-Sent-Via: Mitel Networks SME Server
-----------------------------------------------------

Now that looks a whole lot like the ClamAV scanner stopping the e-mail and quarantining it.  That's just strange, too, because I've not sent anything TO the account yet.  How could a virus be propogating ?  I've also got BitDefender scanning all the I-Bays for viruses too ...

Now I'm sure there's details I've left out, ask and ye shall receive them.  I was just so happy to get these items working ... now I'm rather bummed.

[smeghead]

It would seem that clam is not loading properly (or at all) and therefore amavis doesn't know if there is a prob or not, so, to be on the safe side, it quarantines it.

This prob usually stems from the lack of a setting in the clamav.conf file called FixStaleSocket.

Check your clamav.log file for any errors, if it mentions a problem with the socket file then you will need to edit the /etc/clamav.conf file and uncomment (remove the #) from the FixStaleSocket option, save & exit, and then restart clam; service clamav restart.

HTH

[technostruct]

Thanks for the reply, I looked but that particular line was NOT commented-out.  It did, indeed, exist in working fashion.

I did get smart - I got the updated/webGUI interface update of Amavis-ClamAV, and I was able to release all these back into the queue.  I'll have to see if a reboot helped it at all or not, though.

And now I am able to read an improved, specific e-mail error message that tells me what the reasoning was:

"Error: Cannot connect to /var/lib/clamav/clamd.sock."

Now, I've gone through all the Forums and Googled and looked around and it appears to be a SpamAssassin issue.  I swear there's got to be SOME fix for it out there, I just haven't found it yet.

I also see where people are poking at the issue being due to "system specs", which I find very, VERY hard to believe - make sure you tell me why I need to look at specs first, this isn't a MicroCrap WinDump system, I have more faith in it than that.

[smeghead]

.. well if the error is the clamd.sock file (the socket file as I indicated earlier) then all you need to do is delete the old one, it can be found in /var/lib/clamav.

Clamav cannot load if an old one is there (cos it should be deleted on exit and then recreated on load)

If you run the command service clamd status it should show clamd with a coupla PID values and a status of running, if not, then its not running and the above holds true.

Check it out.

[technostruct]

Well, we can close this one out.

Good ol' reboot fixed it, go figure.

No further problems.  Now I just need to figure out how to access the User Manager ... and how to setup Web Access for one of my virtual domains.

Thanks all !

[Brenno]

I did get smart - I got the updated/webGUI interface update of Amavis-ClamAV, and I was able to release all these back into the queue.

And where does one find this webGUI interface for Clam??  Man, I could use that.  My server is putting all received messages into the quarantine directory and I can't figure out why!!

[jrgns]

If you use the install script from swert-knudsen for clamav, it doesn't configure clam to start automatically when the server boots. This will give the socket not found error, 'cause clam's not running to make the socket...

ln -s /etc/rc.d/init.d/e-smith-service /etc/rc.d/rc7.d/S85clamd

should do it... Let me know of happiness!

j[/quote]

[Brenno]

I found the scripts for the server-manager add in for Clam at pagefault.org and installed those.  Things are working perfectly and I'm happy as a pig in sh..

[jrgns]

the ln -s above doesn't seem to work.

add /etc/init.d/clamd start to rc.local in /etc/rc.d