Out-of-the-box, there are a few issues with Amavisd and Clamav default setup.
Amavisd is not adding X-SPAM headers to any domains other than default:
@local_domains_maps = ( [".$mydomain"] );
Suggest to add the following to /etc/amavisd.conf during "Postfix Configuration Rebuild" when AntiVirus/AntiSpam is enabled so all mail domains have X-spam headers added:
@lookup_sql_dsn = (
['DBI:mysql:database=postfix;host=127.0.0.1;port=3306', 'postfix', 'postfix_password']
);
$sql_select_policy = 'SELECT "Y" AS local FROM domain WHERE CONCAT("@", domain) IN (%k)';
and install required modules:
yum -y install perl-DBI perl-DBD-MySQL
Clamd is running as the wrong user ('clam') and cannot access /var/amavis/tmp/, so Amavis falls back to backup scanner (clamscan):
Aug 17 14:04:39 a amavis[19181]: (19181-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/amavis/tmp/amavis-20150817T140439-19181-kCt7U2oy/parts: lstat() failed: Permission denied. ERROR\n"
Aug 17 14:04:39 a amavis[19181]: (19181-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0x2706420) unexpected , output="/var/amavis/tmp/amavis-20150817T140439-19181-kCt7U2oy/parts: lstat() failed: Permission denied. ERROR\n" at (eval 115) line 897.
Aug 17 14:04:39 a amavis[19181]: (19181-01) (!)WARN: all primary virus scanners failed, considering backups
so 'clamscan' still satisfies virus scanning, but then why run Clamd? First, need to change 'User' mapping in /etc/clamd.conf:
User clamav
and directory permissions:
chown clamav:clamav -R /var/run/clamav/
chown clamav:clamav -R /var/lib/clamav/
chown clamav:clamav -R /var/log/clamav/
set clamav user's home directory (default /var/clamav):
usermod -d /var/lib/clamav -m clamav
and update /etc/freshclam.conf:
DatabaseDirectory /var/lib/clamav
Now freshclam can update correct database files and Clamd works correctly with Amavis. Recommend developers add the above to "Postfix Configuration Rebuild" process.
Finally, there is no need to run Spamd for Amavis and waste resources. Amavis loads SpamAssassin perl module and works fine w/o Spamd running.