Clamav and Amavisd

I find the whole clamav subsystem to be fragile. I think this is because it is written as a tool which stands on its own, but I’m only using it as a subsystem hung onto the side of amavisd. So there is some hand-waving and jiggery pokery with the sockets and the permissions to enable the two to communicate, which has to be done manually, and is not properly a part of either subsystem.

I have another article on setting up this subsystem here, which records some of the stuff being done. I think basically, amavisd has to know where the shared socket is, in order to send messages to clamav to check, and they have to agree on the ownership and permissions of the socket and its directory.

Once in a while that stuff gets crosswise, and since I only vaguely understood what was going on, and only did the hand-waving by rote, I got annoyed with it. I’ve grown used to being able to just have things slot in and work, without my having to actually dig in and understand them. The nerve of these people, to expect me to know what is going on in order to make it work! Irony intended.

I think some of the complexity here is that both Amavis and ClamAV are written in a general purpose way. Amavis will use any (or multiple) virus scanner you choose. ClamAV can be attached to any service that needs a scanner. Neither assumes the other. Each has machinery for you to stipulate the other. In Amavis, you specify which AV scanners you want in /etc/amavis/amavisd.conf. For clamav, which may be started for different systemd services, he has /etc/clamav/<service_name>.conf, so for us /etc/clamav/amavisd.conf. These files must both be configured for where the socket is, and who owns what.

So much for background. Recently I’ve been getting messages about an inability to update the clamav database, specifically:

ERROR: getpatch: Can't download daily-24699.cdiff from

I found some information suggesting that if I simple delete /var/lib/clamav/mirrors.dat and then refresh the mirrors by executing freshclam -v, it would fix it. I did this, it did. Now I think the -v is just –verbose, so I doubt that has anything to do with it.

Clearly after  removing the mirrors file, freshclam just rebuilds the file. The file is binary, so hard to see exactly what is in there. But it works.

I post this so I can find it later.