Problem setting up ClamAV and SpamAsassin, configuration has no effect

tonisk · December 22, 2019, 9:15pm

Running latest axigen in docker

Current Server version: 10.3.0.66
Current WebMail version: 10.3.0
Current WebAdmin version: 10.3.0

I have SpamAssassin and ClamAV running as separate docker containers and they are linked to axigen container.

host clamavd is 172.17.0.3
host spamassassin is 172.17.0.4

When I exec bash to axigen container, I can access both services either by ip or name.

I configured the host addresses in run/axigen.cfg as follows:

{
name = “AV:ClamAV”
address = “inet://clamavd:3310”
protocolFile = “/var/opt/axigen/filters/clam-av.afsl”
idleTimeout = 300
actionOnMatch = pass
maxConnections = 10
maxMessageSize = 10240
}

{
name = “AV:SpamAssassin”
address = “inet://spamassassin:783”
protocolFile = “/var/opt/axigen/filters/spamassassin.afsl”
idleTimeout = 300
actionOnMatch = pass
maxConnections = 10
maxMessageSize = 10240
}

Stopped and started the axigen docker container and enabled ClamAV and SpamAssassin in Supported Applications.

Still axigen can’t connect to them.
From logs it seems the configuration has no effect and axigen still tries to connect to 127.0.0.1.

2019-12-22 21:02:13 +0000 02 mail PROCESSING:002E1DD0: Filter ClamAV(127.0.0.1:3310):[ERROR]: Could not connect to filter
2019-12-22 21:02:13 +0000 02 mail PROCESSING:002E1DD0: Error connecting to socket filter: ClamAV(127.0.0.1:3310)

2019-12-22 21:02:13 +0000 02 mail PROCESSING:0032CBE9: Filter SpamAssassin Filter(127.0.0.1:783):[ERROR]: Could not connect to filter
2019-12-22 21:02:13 +0000 02 mail PROCESSING:0032CBE9: Error connecting to socket filter: SpamAssassin Filter(127.0.0.1:783)

I tried setting addresses in axigen.cfg as names or ip addresses but results are the same.

Any idea what I’m doing wrong?

Tõnis

tonisk · December 22, 2019, 10:06pm

Was also checking from the management CLI if the server has read the config file correctly, and it seems it has.

<server-filters#> list socketfilters
The list of Socket Filters:
name            | address                            | protocolFile
--------------------------------------------------------------------------------------------------
AV:AVAST-INET   | inet://127.0.0.1:5036              | /var/opt/axigen/filters/avast-av.afsl
AV:AVAST-LOCAL  | local:///var/run/avast4/local.sock | /var/opt/axigen/filters/avast-av.afsl
AV:AVG          | inet://127.0.0.1:55555             | /var/opt/axigen/filters/avg.afsl
AV:ClamAV       | inet://clamavd:3310                | /var/opt/axigen/filters/clam-av.afsl
AV:Commtouch    | inet://127.0.0.1:8088              | /var/opt/axigen/filters/commtouch.afsl
AV:Cyren        | inet://127.0.0.1:9088              | /var/opt/axigen/filters/cyren.afsl
AV:SpamAssassin | inet://spamassassin:783            | /var/opt/axigen/filters/spamassassin.afsl
AV:Tnef         | inet://127.0.0.1:8888              | /var/opt/axigen/filters/axi-tnef.afsl
ClamAV-local    | local:///var/run/clamav/clamd.ctl  | filters/clam-av.afsl

<server-filters#> SHOW SocketFilter AV:ClamAV
The attributes for the SocketFilter: AV:ClamAV:
actionOnMatch = pass
address = "inet://clamavd:3310"
idleTimeout = 300
maxConnections = 10
maxMessageSize = 10240
name = "AV:ClamAV"
protocolFile = "/var/opt/axigen/filters/clam-av.afsl"

<server-filters#> SHOW SocketFilter AV:SpamAssassin
The attributes for the SocketFilter: AV:SpamAssassin:
actionOnMatch = pass
address = "inet://spamassassin:783"
idleTimeout = 300
maxConnections = 10
maxMessageSize = 10240
name = "AV:SpamAssassin"
protocolFile = "/var/opt/axigen/filters/spamassassin.afsl"

MailTec1 · January 7, 2020, 12:28am

I had the same issue. I believe I got SpamAssassin working but not ClamAV.
See Below the responce I got. I will watch to see your outcome. I gave up and went back to running a server on CentOS but would love to run Axigen in Docker if I could get the same results.

Nov '19

Hello,

Our advice is to use a dedicated container for SpamAssassin (for example this one ) and configure Axigen to connect to it*. Same approach should work for ClamAV as well.

HTH,
Ioan

in axigen.cfg update the address for “AV:Spamassassin” from the default value ( inet://127.0.0.1:783 ) to the one specific for your installation (like below), restart Axigen and enable Spamassassin built-in external application filter from WebAdmin > Security & Filtering > Antivirus & AntiSpam > Supported Applications (igrnore that you may get ‘could not connect’ status for this particular configuration)

  {
         name = "AV:SpamAssassin"
         address = "inet://172.17.0.1:783"
         protocolFile = "/var/opt/axigen/filters/spamassassin.afsl"
         idleTimeout = 300
         actionOnMatch = pass
         maxConnections = 10
         maxMessageSize = 10240
  }

P.S. could you link me to the Docker Hub versions of Spamassassin and ClamAV you are running? Thanks!

tonisk · January 7, 2020, 5:02pm

When researching the issue I found your problem also.

Seems that theres a problem in axigen code, it seems that it ignores the configured “address” parameter and just connects to 127.0.0.1. Thats what I saw from the logs.

I run clamavd as

  docker run -d \
    --restart unless-stopped \
    --name clamavd \
    dinkel/clamavd

and spamassassin as

  docker run -d \
    --restart unless-stopped \
    --name spamassassin \
    dinkel/spamassassin

and finally axigen as

  docker run -dt \
    --name=axigen \
    -h $MAILHOST  \
    --restart unless-stopped \
    -v /data/axigen:/var/opt/axigen \
    -p 8080:80 \
    -p 8443:443 \
    -p 993:993 \
    -p 995:995 \
    -p 25:25 \
    -p 465:465 \
    -p 9000:9000 \
    -p 9443:9443 \
    -p 7000:7000 \
    --link clamavd:clamavd \
    --link spamassassin:spamassassin \
    axigen/axigen

MailTec1 · January 8, 2020, 8:54pm

Good, (sort of) I know now I am not the only one thinking it was a possible Axigen code issue.

I was testing using the same Docker Spamassassin and ClamAV as you. Once The issue is resolved I will try running Axigen in docker again. Thanks you very much for reply.

Axigen Support please look into the issue and confirm we would much appreciate it and thanks for a wonderful Mail Server software.

MT1

tonisk · January 11, 2020, 1:21pm

I had some time to work with axigen today.

Strangely enough, got them working with hard coded ip address instead of the linked host names. Not sure what issues I had before.

Spamassassin is working with ip address of the container, but still showing as “Could not connect” in the ui. There is traffic to spamassassin container and spam checking is working.

Also got clamavd connection working with container ip, but axigen is sending link to a temp file inside axigen, so I had to mount the axigen volume to clamavd with "-v /data/axigen/queue:/var/opt/axigen/queue ".
clamavd process did not have reading rights to the linked file, so I added new group for that gid and added clamav user to that group. Virus checking is also working now.

Tõnis

indreias · January 13, 2020, 3:02pm

Hello all,

Yes, the filterDetect method called by WebAdmin during the login event is using hardcoded values and this is why I have mentioned (here) to ignore the status displayed in WebAdmin if the default address is changed for any of the AFSL filters.

I’ve just opened a bug report (for your reference: AXI-2833) and I’ll provide you an update as soon we’ll have a fix available.

Best regards,
Ioan

MailTec1 · January 14, 2020, 1:25am

That is great news,

Can you share with me your docker commands like above. I did not know there was issues with the “Axigen Link” and needing to create a new group but can definitely give it a try.

Much appropriate! Feel free to PM me the info if you don’t want to post it.

P.S. looking forward to the Bug fix. Thx loan.

MT1

tonisk · January 14, 2020, 12:54pm

I’m running clamavd container with a command:

docker run -d \
  --restart unless-stopped \
  --name clamavd \
  -v /data/axigen/queue:/var/opt/axigen/queue \
  dinkel/clamavd

Since I was adding new -v argument I had to remove the old clamavd container before.

In my case the gid of the files in axigen volume was 220, so I added the group axigen and added user clamav there with commands (inside clamavd container):

groupadd -g 220 axigen
usermod -a -G axigen clamav

Then I had to stop and start the clamavd container for the change to take effect.

Hope that helps.

Tõnis

Capino · December 7, 2023, 8:43am

I was setting up Axigen docker and wanted to add ClamAV.
But saw that the dinkel/clamav docker has not been updated for 6 years.
Therefore I created my own docker specially for Axigen.
This can be found here clamav-axigen