[Mimedefang] Error with mimedefang + clamd

Fri Nov 24 05:21:26 EST 2017

If your policy permits it, the next steps I would take would be:

1.	Enable the "-D" option in MIMEDefang to leave the spool directories in place after scanning, so that you have an example to work with.  Restart MIMEDefang to make this active.  You only need to have this enabled until you have processed 3-4 messages, rather than storing everything. 

2.	"su - -s /bin/sh clamscan" and then "cd /var/spool/MIMEDefang"

3.	Inspect the permissions on the spool folders to ensure that the group access is present:

		total 104
		drwxr-x---. 23 defang defang 4096 Nov 24 09:40 .
		drwxr-xr-x. 17 root   root   4096 Nov  5  2016 ..
		srw-rw----.  1 defang defang    0 Oct 31 12:03 clamd.sock
		drwxr-x---.  4 defang defang 4096 Nov 24 07:55 mdefang-vAO7tER3031965
		drwxr-x---.  4 defang defang 4096 Nov 24 07:57 mdefang-vAO7vcqG032097
		drwxr-x---.  4 defang defang 4096 Nov 24 08:01 mdefang-vAO802P1032251

4.  Also verify here that the clamd.sock socket file is present, and is writable by MIMEDefang, otherwise the request to scan the file cannot be sent.  If it does not exist in this folder, how does MIMEDefang find it?  Hint - line 174 of /usr/bin/mimedefang.pl:
		$ClamdSock  = '/var/spool/MIMEDefang/clamd.sock';

5.  Try to "cd" into one of the folders as clamscan, and see what happens.  If it works, the group memberships and spool folder permissions are correct.  Run clamscan on the INPUTMSG file, and also on Work/* to confirm that they can be scanned.

If all of this works, and yet it still doesn't want to play from MIMEDefang, I'm stumped.

Paul.