Bug 189862

Summary: Amavisd-new and clamav mutual integration in FC5 (with Postfix, SpamAssassin and other components too)
Product: [Fedora] Fedora Reporter: Razvan Sandu <rsandu>
Component: clamavAssignee: Enrico Scholz <rh-bugzilla>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: 5CC: extras-qa, steve
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-04-26 14:52:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Razvan Sandu 2006-04-25 11:17:56 UTC 
Description of problem:

Despite the fact that both amavisd-new and clamav components were integrated in
FC5 Extras and some precious clues were given into clamav-server's README, there
is no clear way how to build a complete antivirus system.

When installing, the amavisd-new RPM package seems to "detect" the presence of
clamav and activates the coresponding options. However, there are some
contradictions between the indications given in clamav-server's README file and
the actual configuration done by the RPM packages.

Because the lack of integration, system become unstable after nightly updates
done by yum (the antivirus system locks up, preventing Postfix's delivery of
mails in users' mailboxes) or/and clamav's database update is not possible due
to RPM's changing of files/directories' permissions.


Version-Release number of selected component (if applicable):
amavisd-new-2.3.3-5.fc5
clamav-server-0.88.1-1.fc5
clamav-data-0.88.1-1.fc5
clamav-lib-0.88.1-1.fc5
clamav-update-0.88.1-1.fc5
spamassassin-3.1.1-1.fc5
postfix-2.2.8-1.2

How reproducible:
Install Postfix, amavisd-new and clamav components on a stoc FC5 system, using
packages provided by FC5 Extras.

Steps to Reproduce:
1.
2.
3.
  
Actual results:
- Whole mailsystem locks up due to antivirus filter failure, after yum upgrading
packages during the night.
- Freshclam is unable to update clamav's database after an yum upgrade, due du
RPM's changing files/directories permissions
- No single piece of documentation included in the RPM states how to properly
integrate all these in a production-class system (Postfix, amavisd-new, clamav,
spamassassin and others like Razor, Pyzor, etc.)


Expected results:

- The provided RPM packages should work together using the supplied
configuration files, with minimal changes.

- A clear piece of documentation should exist, referring to the actual config
files provided by the RPM packages.

- By all means, the antivirus filter should survive a yum upgrade.

- The system should work in a SELinux-enabled environment (acces to various
files/directories should be allowed for all necessary daemons, by the default
selinux-targeted policy).

Additional info:
I consider all these highly critical, due to the following facts:
- clamav +amavisd-new seems to be the only true GPLed antivirus solution on the
market today;
- this configuration is widely used - on many RedHat/Fedora Linux mailservers
that services a LAN of Windows workstations, in production/business environments.
Comment 1 Steven Pritchard 2006-04-26 14:52:48 UTC 
/usr/share/doc/amavisd-new-2.4.0/README_FILES/README.fedora has directions for
setting up postfix + amavisd-new.  If you have a problem with that
documentation, please open a bug against amavisd-new with your suggestions.  (I
know I hand-wave over the clamd setup a little, and I'd be happy to fix that if
it isn't clear how to set up clamd, freshclam, etc. properly.)

If you see SELinux-related failures, please open a bug against
selinux-policy-targeted.