In most standart setups Postfix uses amavis (ClamAV) as virus-scanner. On hte 15 of April 2010. ClamAVissues update that made verions lesser then 0.95 incomaptibe with virus database. So, Amavis (ClamAV) can't execute check properly unless updated. It also won’t let any mail through to the mailbox, if it is not checked.
This made all email traffic stalled in the virus check queues on the mail servers. But don't panic. Email's won't get lost if amavis (ClamAV) will be updated to the new verion. It will munch through all of them and release mails to email boxes. Unfortunatelly Debian Lenny and other system do not have the latest version of amavis (ClamAV) in the repositories. Here is a solution to the problem:
Effectively there are only two options:
- switch off virus-scanner amavis (ClamAV)
- update amavis (ClamAV) to newest version.
Option1: switch off virus-scanner amavis (ClamAV):
Just comment out amavis (ClamAV) of the configuration in /etc/amavis/conf.d/15-content_filter_mode:
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, $bypass_virus_checks_re);
like this:
# @bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, $bypass_virus_checks_re);
Then just restart the virus scanner:
/etc/init.d/amavis restart
Job is done! However, now clients are exposed to viruses coming to their email boxes. So, we recommend the other solution.
Option2: update amavis (ClamAV) to newest version.
All you need to do is to add "volatile" Debian repository to your apt sources, update it, update amavis (ClamAV), restart it. Here is sequence of commands (run as root):
echo “deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free” >> /etc/apt/sources.list
apt-get update
apt-get install clamav
apt-get upgrade
/etc/init.d/amavis restart
We also recommend to remove/comment out "volatile" Debian repository from sources list after you do this.
Voila! you have your virus-scanner updated. Give your server some time to process the backlog of emails. It might take several hours if not days depending on volumes.
Obviously all this actions apply after you ensure that it is ClamAV update that causing the problem. You need to look at /var/log/ for mail logs file and it should contain the following message:
Apr 18 06:26:05 ws01 amavis[6451]: (06451-04) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)
Apr 18 06:26:11 ws01 amavis[6451]: (06451-04) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 86) line 309.
Apr 18 06:26:11 ws01 amavis[6451]: (06451-04) (!!)WARN: all primary virus scanners failed, considering backups
Apr 18 06:26:11 ws01 amavis[6451]: (06451-04) (!!)run_av (ClamAV-clamscan) FAILED - unexpected exit 50, output="LibClamAV Warning: ***********************************************************\nLibClamAV Warning: *** This version of the ClamAV engine is outdated. ***\nLibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***\nLibClamAV Warning: ***********************************************************\nLibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169)\nLibClamAV Error: Problem parsing database at line 742\nLibClamAV Error: Can't load daily.ndb: Malformed database\nLibClamAV Error:
If you find such error then you identifed the root cause correctly.