Amavisd-new: UNCHECKED contents in mail FROM LOCAL (since upgrade to UCS 4.3)


#1

Hi,

yesterday i updated my UCS 4.2-3 to UCS 4.3. On the Mailserver (with Kopano installed) i now get for all mails (it seeme at least) these anoying notifications in Addition.

From: Amavavisd-new
Subject: UNCHECKED contents in mail FROM LOCAL [127.0.0.1]

No viruses were found.

Content type: Unchecked
Internal reference code for the message is 29673-06/U3GzfjWWn1SZ

First upstream SMTP client IP address: [127.0.0.1] localhost

Return-Path: <mymail@maildomain.de>
From: =?utf-8?Q?My_Mailname?= <mymail@maildomain.de>

Isn’t my email not checked anymore (why) ?
But it says ‘no Virus found’
Maybe it related to the utf-8 Settings?

Any help would be nice, only disabling it in a amavisd-new template file would not
correct the underlying error?

Edit: This Info is also new since update:

From: Amavisd-new
Subject: Spam FROM LOCAL [127.0.0.1]:54214 <producao@typepropaganda.com.br>

Content type: Unchecked
Internal reference code for the message is 29674-05/QEoGnWtw9XYI

First upstream SMTP client IP address: [127.0.0.1] localhost According to a 'Received:' trace, the message apparently originated at:
  [177.221.107.137], ucsbak.mailhost.me localhost [127.0.0.1]

Return-Path: <producao@typepropaganda.com.br>
From: producao@typepropaganda.com.br
Message-ID: <ax6q2q1-3x9atz-97@typepropaganda.com.br>
Subject: Info
Not quarantined.

The message WILL BE relayed to:
<Joe@user.nowhere>

Spam scanner report:
Spam detection software, running on the system "ucsbak.friedrichnet.de", has identified this incoming email as possible spam.  The original message has been attached to this so you can view it or label similar future email.  If you have any questions, see the administrator of that system for details.

Content preview:  Hi Interesting news for you! More info - http://glavk.info/
   [...] 

Content analysis details:   (7.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at http://www.dnswl.org/, low
                            trust
                            [178.254.4.101 listed in list.dnswl.org]
 3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                            [score: 1.0000]
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: glavk.info]
 3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                            [177.221.107.137 listed in zen.spamhaus.org]
 0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                            [score: 1.0000]
 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS

Regards
Neobiker


#2

It seems that amavisd-new can’t find/start clamav, but it is installed.

Log /var/log/mail.log

Apr 30 15:10:35 ucsbak amavis[11182]: (11182-04) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/cl
amav/clamd.ctl: No such file or directory
Apr 30 15:10:36 ucsbak amavis[11182]: (11182-04) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/cl
amav/clamd.ctl: No such file or directory
Apr 30 15:10:36 ucsbak amavis[11182]: (11182-04) (!)Clam Antivirus-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
Apr 30 15:10:42 ucsbak amavis[11182]: (11182-04) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Apr 30 15:10:42 ucsbak amavis[11182]: (11182-04) (!)Clam Antivirus-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 98) line 613.\n
Apr 30 15:10:42 ucsbak amavis[11182]: (11182-04) (!)WARN: all primary virus scanners failed, considering backups
Apr 30 15:10:42 ucsbak amavis[11182]: (11182-04) (!!)AV: ALL VIRUS SCANNERS FAILED
Apr 30 15:10:43 ucsbak postfix/smtpd[29771]: connect from localhost[127.0.0.1]

root@ucsbak:/var/log# systemctl status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/clamav-daemon.service.d
           └─extend.conf
   Active: inactive (dead)
Condition: start condition failed at Mon 2018-04-30 16:20:58 CEST; 5min ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           http://www.clamav.net/lang/en/doc/
root@ucsbak:/var/log# systemctl restart clamav-daemon
root@ucsbak:/var/log# systemctl status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/clamav-daemon.service.d
           └─extend.conf
   Active: inactive (dead)
Condition: start condition failed at Mon 2018-04-30 16:26:22 CEST; 1s ago
           └─ ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not met
     Docs: man:clamd(8)
           man:clamd.conf(5)
           http://www.clamav.net/lang/en/doc/
root@ucsbak:/var/log#

root@ucsbak:/var/lib/clamav# ls -l
insgesamt 760
-rw-r--r-- 1 clamav clamav 766976 Dez  7 04:35 bytecode.cld
drwxr-xr-x 2 clamav clamav   4096 Jun 21  2015 clamav-13fbf3fc4b95f800602e648d899b1b27.tmp
-rw------- 1 clamav clamav   1092 Apr 28 13:50 mirrors.dat
root@ucsbak:/var/lib/clamav#

root@ucsbak:/var/run# ls cla*
ls: Zugriff auf 'cla*' nicht möglich: Datei oder Verzeichnis nicht gefunden
root@ucsbak:/var/run# ls
acpid.pid      console-setup    docker       kopano        mysqld    rpcbind       screen           stunnel4         umc-web-server.pid
acpid.socket   crond.pid        docker.pid   ldapi         nagios    rpcbind.lock  sendsigs.omit.d  sysconfig        univention-management-console
agetty.reload  crond.reboot     docker.sock  lock          named     rpcbind.sock  shm              systemd          univention-runit.pid
amavis         dbus             fetchmail    log           network   rpc_pipefs    slapd            tmpfiles.d       univention-saml
apache2        dhcpd.pid        inetd.pid    lvm           nscd      rsyslogd.pid  spamd.pid        udev             user
atd.pid        dmeventd-client  initctl      motd.dynamic  ntpd.pid  samba         sshd             udsnotifier.pid  utmp
blkmapd.pid    dmeventd-server  initramfs    mount         plymouth  saslauthd     sshd.pid         umc-server.pid   xtables.lock
root@ucsbak:/var/run#

root@ucsbak:/var/run# dpkg -l clama\*
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
         Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name                            Version              Architektur          Beschreibung
+++-===============================-====================-====================-====================================================================
ii  clamav                          0.99.2+dfsg-6+b1A~4. amd64                anti-virus utility for Unix - command-line interface
ii  clamav-base                     0.99.2+dfsg-6+b1A~4. all                  anti-virus utility for Unix - base package
ii  clamav-daemon                   0.99.2+dfsg-6+b1A~4. amd64                anti-virus utility for Unix - scanner daemon
un  clamav-data                     <keine>              <keine>              (keine Beschreibung vorhanden)
un  clamav-docs                     <keine>              <keine>              (keine Beschreibung vorhanden)
ii  clamav-freshclam                0.99.2+dfsg-6+b1A~4. amd64                anti-virus utility for Unix - virus database update utility
root@ucsbak:/var/run#


Kopano Migration