Setting up amavisd and clamav

I set up a new server instance on Amazon, tarragon_3, which is Fedora 22. I’ve had a lot of trouble over the years with clamav and amavisd, mostly with the nonsense about having to mess about with the user under which clamav runs, allowing a shared group, location of the socket, ability to create logs. I’ve never had it operate satifsactorily for a long time, and never looked into why. I resolved to look closer this time.

I installed amavisd-new clamav clamav-server-systemd clamav-scanner clamav-update. I am not sure but I think:
clamav is the basic package, and has the engine, and perhaps libraries;
clamav-server-systemd is the machinery to start the clam daemon under systemd;
clamav-scanner I expect has clamscan and clamdscan for command line scanning;
clamav-update is probably freshclam, the stuff for getting updates.

Initially, I was making the same sort of blind changes I’d made in the past, but I read around a little. It seems that some of this has been changed, so I’m trying a new approach. I’m somewhat following instructions in http://www.server-world.info/en/note?os=Fedora_21&p=mail&f=6. Part of the reason for trusting those instructions a little is that they refer to new things which are in the distro, for example, the /etc/tmpfiles.d which I haven’t seen before now. So I think the instructions are relatively recent. On the other hand, the instructions called for modifying /usr/lib/systemd/system/clamd@.service, which is simply wrong.

I did not change the user under which clamav runs in the config files. The only config changes I made were as follows:
1. modify /etc/freshclam.conf to remove the failsafe COMMENT->#COMMENT. Then I checked that freshclam would run correctly and download the sigs.
2. copy /usr/share/doc/clamav-server/clamd.sysconfig ->/etc/sysconfig/clamd.amavisd and update the text to substitute “amavis” for <Service>
3. copied /usr/lib/systemd/system/clamd@.service to /etc/system/system/clamd@.service and added :[Install] WantedBy=multi-user.target
4. start and enable clamd@amavisd service

My changes to amavis.conf were as usual, just setting the domains, the spamassassin levels, etc. After about a month and several updates, I have not experienced any of the issues of the past.

July, 2016:

Something happened and it began to fail. clamd@amavis would not start. I did some research, flailed around a bit, got it working, but have only a vague understanding of what happened.

One thing was that the systemd script in /etc/systemd/system/clamd@.service was a copy of the one in /usr/lib/systemd/system/clamd@.service and the latter was changed in June with an update. There used to be a parameter –nofork=yes, and that is gone, and replaced with a parameter –foreground-yes, and the former syntax now generates an error.

The other thing has to do with the name under which the config file is sought. The systemd script (currently) has ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf, aiming to have the config file named with the service (all this machinery to allow there to be multiple clamd daemons for different purposes I think). The config file I have in /etc/clamd.d/amavisd.conf isn’t found with this – it is looking for /etc/clamd.d/amavis.conf. Here I am not exactly sure what has changed, but it is clear that if the daemon is launched with a name that doesn’t match the actual config file, it fails. In trying to fix it, my first fix was just to put in a symlink, amavis.conf=>amavisd.conf and that worked. Maybe the %i.conf is new in the script, I’m not sure – I was too quick on the trigger replaceing the file.