how to completely stop clamd at amavisd.service

TSHIMANGA Minkoka tshikose at tshimix.cd
Fri Sep 25 15:16:26 CEST 2020


Hi,

I was the happy administrator of a email server running on CentOS with
postfix and Amavis, ClamAV and SpamAssassin.
The problems started when ClamAV processes started to use too much
resource (CPU mostly, memory also).

So I want to completely switch off all the potential and eventual anti
virus checks (particularly ClamAV) from ever starting or running.
While keeping the anti spams checks (particularly SpamAssassin)
running.
So hopefully the command below
# ps -ef | grep clam
must only reports the grep process.

I have mostly kept the default settings for all the packages.
So it is amavisd.service (configured to be enable at boot) that starts 
clamd at amavisd.service (configured to be disable at boot), and Amavis
process then gives the emails to ClamAV through the unix socket
/run/clamd.amavisd/clamd.sock as configured in
/etc/clamd.d/amavisd.conf for checks.

I have tried all the below actions and all possible combinations of
them, to try to reach my goals, but still after amavisd.service starts
it still triggers clamd at amavisd.service to start as well.

1. by pass virus checks by uncomment the relevant line in
/etc/amavisd/amavisd.conf
@bypass_virus_checks_maps = (1);

2. comment the whole ClamAV-clamd block in the assignations to
@av_scanners in /etc/amavisd/amavisd.conf
####  ### http://www.clamav.net/
####  ['ClamAV-clamd',
####    \&ask_daemon, ["CONTSCAN {}\n",
"/run/clamd.amavisd/clamd.sock"],
####    qr/\bOK$/m, qr/\bFOUND$/m,
####    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
####  # NOTE: run clamd under the same user as amavisd - or run it
under its own
####  #   uid such as clamav, add user clamav to the amavis group, and
then add
####  #   AllowSupplementaryGroups to clamd.conf;
####  # NOTE: match socket name (LocalSocket) in clamav.conf to the
socket name in
####  #   this entry; when running chrooted one may prefer a socket
under $MYHOME.

3. comment the whole ClamAV-clamscan block in the assignations to
@av_scanners_backup in /etc/amavisd/amavisd.conf
####  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
####  ['ClamAV-clamscan', 'clamscan',
####    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
####    [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*)
FOUND$/m ],

4. completely clear @bypass_virus_checks_maps near the end of
/etc/amavisd/amavisd.conf
@av_scanners = ();
@av_scanners_backup = ();

1;  # insure a defined return value

Trying all the above, still result in clamd at amavisd service being
running and consuming resource.

Please be aware that I did my homework by reading the official manuals,
doc and man pages, reviewing the logs, searching Google...
So I have read several threads, web pages, tutorials and similar, but I
have not been able to find a suitable solutions.
Finally, I will really appreciate any advice, guide or suggestion that
can help or lead to a solution and reaching my goals.

Best regards,

Tshimanga

PS: I am sorry for this long message, but I wanted to avail all the
relevant information. Still few more added here giving the versions of
the related packages, and other actual settings.

# cat /etc/centos-release
CentOS Linux release 7.8.2003 (Core)

# uname -a
Linux mail2.example2.com 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25
17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

# rpm -q postfix amavis amavis-doc clamav clamd spamassassin perl
amavis-2.12.0-9.el7.noarch
amavis-doc-2.12.0-9.el7.noarch
clamav-0.102.4-1.el7.x86_64
clamd-0.102.4-1.el7.x86_64
spamassassin-3.4.0-5.el7_7.x86_64
perl-5.16.3-295.el7.x86_64

# systemctl status clamd at amavisd amavisd postfix | sed -n '/^● /,/Main
PID/p'
● clamd at amavisd.service - clamd scanner (amavisd) daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd at .service; disabled;
vendor preset: disabled)
   Active: active (running) since Fri 2020-09-25 11:29:48 WAT; 18min
ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
  Process: 1035 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf
(code=exited, status=0/SUCCESS)
 Main PID: 1575 (clamd)
● amavisd.service - Amavis mail content checker
   Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled;
vendor preset: disabled)
   Active: active (running) since Fri 2020-09-25 11:28:58 WAT; 19min
ago
     Docs: http://www.ijs.si/software/amavisd/#doc
  Process: 1036 ExecStart=/usr/sbin/amavisd -c
/etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS)
 Main PID: 1559 (/usr/sbin/amavi)
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled;
vendor preset: disabled)
   Active: active (running) since Fri 2020-09-25 11:28:50 WAT; 19min
ago
  Process: 1080 ExecStart=/usr/sbin/postfix start (code=exited,
status=0/SUCCESS)
  Process: 1077 ExecStartPre=/usr/libexec/postfix/chroot-update
(code=exited, status=0/SUCCESS)
  Process: 1031 ExecStartPre=/usr/libexec/postfix/aliasesdb
(code=exited, status=0/SUCCESS)
 Main PID: 1162 (master)




More information about the amavis-users mailing list