#380 clamav-socket) FAILED - unexpected , output="/var/lib/amavis/tmp/amavis.../parts: File path check failure: Permission denied
Hello,
I just installed iRedMail which sets up amavis,clamav,postfix etc -running on a Debian 12 box and ran into a permissions issue; two fold issue:
-
subdirs in /var/lib/amavis/tmp get 0750 permissions (group members doesn't have write permissions)
drwxr-x--- 2 amavis amavis 4096 Oct 17 23:21 /var/lib/amavis/tmp/amavis-20231017T232154-111958-QJkWaLlc/parts -
clamav doesn't belong to amavis group by default
Causing thie following errors:
systemctl status amavis
- amavis.service - Interface between MTA and virus scanner/content filters
Loaded: loaded (/lib/systemd/system/amavis.service; enabled; preset: enabled)
Active: active (running) since Tue 2023-10-17 23:12:22 EDT; 20s ago
Docs: http://www.ijs.si/software/amavisd/#doc
Process: 102827 ExecStartPre=/usr/bin/find /var/lib/amavis -maxdepth 1 -name amavis- -type d -exec rm -rf {} ; (code=exited, status=0/SUCCESS)
Process: 102829 ExecStartPre=/usr/bin/find /var/lib/amavis/tmp -maxdepth 1 -name amavis- -type d -exec rm -rf {} ; (code=exited, status=0/SUCCESS)
Main PID: 102830 (/usr/sbin/amavi)
Tasks: 6 (limit: 5208)
Memory: 1.5G
CGroup: /system.slice/amavis.service
|-102830 "/usr/sbin/amavisd (master)"
|-102866 "/usr/sbin/amavisd (ch1-102866-01)"
|-102867 "/usr/sbin/amavisd (virgin child)"
|-102868 "/usr/sbin/amavisd (virgin child)"
|-102869 "/usr/sbin/amavisd (virgin child)"
-103019 /usr/bin/clamscan --stdout --disable-summary -r --tempdir=/var/lib/amavis/tmp /var/lib/amavis/tmp/amavis-20231017T231232-102866-RR_7LTHv/parts
Oct 17 23:12:22 mail.local amavis[102830]: perl=5.036000, user=113, EUID: 113 (113); group=(), EGID: 121 121 (121 121)
Oct 17 23:12:22 mail.local amavis[102830]: Net::Server: Group Not Defined. Defaulting to EGID '121 121'
Oct 17 23:12:22 mail.local amavis[102830]: Net::Server: User Not Defined. Defaulting to EUID '113'
Oct 17 23:12:22 mail.local amavis[102830]: No ext program for .zoo, tried: zoo, unzoo
Oct 17 23:12:22 mail.local amavis[102830]: No decoder for .zoo
Oct 17 23:12:22 mail.local amavis[102830]: Using primary internal av scanner code for clamav-socket
Oct 17 23:12:22 mail.local amavis[102830]: Found secondary av scanner clamav-clamscan at /usr/bin/clamscan
Oct 17 23:12:32 mail.local amavis[102866]: (102866-01) (!)run_av (clamav-socket) FAILED - unexpected , output="/var/lib/amavis/tmp/amavis-20231017T231232-102866-RR_7LTHv/parts: File path check failure: Permission denied. ERROR\n/var/lib/amavis/tmp/amavis-20231017T231232-102866-RR_7LTHv/parts: >
Oct 17 23:12:32 mail.local amavis[102866]: (102866-01) (!)clamav-socket av-scanner FAILED: CODE(0x55b8ae5fb7a8) unexpected , output="/var/lib/amavis/tmp/amavis-20231017T231232-102866-RR_7LTHv/parts: File path check failure: Permission denied. ERROR\n/var/lib/amavis/tmp/amavis-20231017T231232-1>
Oct 17 23:12:32 mail.local amavis[102866]: (102866-01) (!)WARN: all primary virus scanners failed, considering backups
The workaround I did was:
- Modify /usr/sbin/amavisd-submit
-- chmod(0750, $tempdir)
++ chmod(0770, $tempdir) - Adding clamav to amavis group
- chmod -R g+w /var/lib/amavis/tmp
- systemctl restart amavis
I am pretty sure this is not what was intended but at least it worked for me.
