We help IT Professionals succeed at work.

amavisd-new, redhat linux 9, sendmail and AVG virus scanner

Medium Priority
Last Modified: 2007-12-19
I have installed the AVG virus scanner daemon on Redhat Linux 9, hooked up Dazuko, and also (I think) configured amavisd-new so that it uses the AVG scanner (when I run the amavisd-new daemon in debug mode it apparently starts up fine and conencts it to the avg scanner).

However, I'm now having trouble hooking amavisd-new up to sendmail. amavisd. I added the following lines to sendmail.mc and regenerated sendmail.cf

dnl Change Mlocal to use AMaViS-Perl
define(`AMAVIS_LOCAL_MAILER_ARGS', `-d $u')
define(`LOCAL_MAILER_PATH', `/usr/sbin/amavis')dnl
dnl please set the path to your procmail accordingly!
dnl the following works only with sendmail 8.10.x or above

I then restarted sendmail, and sent myself a test message. This got bounced with an error 255. The error log shows the following

Mar 27 10:59:36 garcia sendmail[4995]: starting daemon (8.12.8): SMTP+queueing@01:00:00
Mar 27 10:59:36 garcia sm-msp-queue[5004]: starting daemon (8.12.8): queueing@01:00:00
Mar 27 11:00:43 garcia sendmail[5017]: i2RB0fDD005017: from=<drjohnbrooke@hotmail.com>, size=830, class=0, nrcpts=1, msgid=<Sea2-F41iCMI2q5Knp50002bd4e@hotmail.com>, proto=ESMTP, daemon=MTA, relay=sea2-f41.sea2.hotmail.com []
Mar 27 11:00:43 garcia amavisd[5019]: starting.  amavis 0.3.12 Tue Jan 27 18:30:14 GMT 2004
Mar 27 11:00:44 garcia amavisd[5022]: mail forwarding failed, retry: Insecure dependency in exec while running with -T switch at /usr/sbin/amavis line 581, <GEN0> line 26. (message-id=<Sea2-F41iCMI2q5Knp50002bd4e@hotmail.com>)
Mar 27 11:00:44 garcia amavisd[5022]: do_exit:481 - ending execution with 75
Mar 27 11:00:44 garcia amavisd[5019]: do_exit:594 - ending execution with 255
Mar 27 11:00:44 garcia sendmail[5018]: i2RB0fDD005017: to=<drjohn@contingent-solutions.com>, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=31044, dsn=5.3.0, stat=unknown mailer error 255
Mar 27 11:00:44 garcia sendmail[5018]: i2RB0fDD005017: i2RB0iDD005018: DSN: unknown mailer error 255
Mar 27 11:00:45 garcia sendmail[5018]: i2RB0iDD005018: to=<drjohnbrooke@hotmail.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=32068, relay=mx4.hotmail.com. [], dsn=2.0.0, stat=Sent ( <200403271100.i2RB0iDD005018@localhost.localdomain> Queued mail for delivery)

So what am I doing wrong here?

Watch Question


It looks like Amavis has a problem with the Perl -T flag ('tainted') - or the other way around. I found one report (even though for RH 8) that describes this symptom: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107532
- unfortunately without a solution.

You could try to upgrade to a newer version of Amavis.
You could also try to remove the -T from the first line of the /usr/sbin/amavis script - BUT THIS MAY OPEN YOUR SYSTEM TO SECURITY PROBLEMS.
I'm using amavisd-new-200030616 - is there something newer than this?

I went back to the README files for amavisd-new and the configuration change they recommend is to put in

define(`LOCAL_MAILER_ARGS',`amavis $f $u --' LOCAL_MAILER_PATH `-d $u')dnl

However, this still doesn't work. The message doesn't get bounced this time, it gets deferred....

Mar 27 12:15:14 garcia sendmail[5614]: i2RCFDR8005614: from=<drjohnbrooke@hotmail.com>, size=819, class=0, nrcpts=1, msgid=<Sea2-F20AODDD3OaiPZ0002c108@hotmail.com>, proto=ESMTP, daemon=MTA, relay=sea2-f20.sea2.hotmail.com []
Mar 27 12:15:14 garcia amavisd[5616]: starting.  amavis 0.3.12 Tue Jan 27 18:30:14 GMT 2004
Mar 27 12:15:15 garcia amavisd[5619]: mail forwarding failed, retry: Insecure dependency in exec while running with -T switch at /usr/local/sbin/amavis line 581, <GEN0> line 25. (message-id=<Sea2-F20AODDD3OaiPZ0002c108@hotmail.com>)
Mar 27 12:15:15 garcia amavisd[5619]: do_exit:481 - ending execution with 75
Mar 27 12:15:15 garcia amavisd[5616]: do_exit:594 - ending execution with 75
Mar 27 12:15:15 garcia sendmail[5615]: i2RCFDR8005614: to=<drjohn@contingent-solutions.com>, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=31033, dsn=4.0.0, stat=Deferred: local mailer (/usr/local/sbin/amavis) exited with EX_TEMPFAIL

The problem still seems to be the -T switch.

What exactly is the security issue? I don't want to open security holes, I'm trying to close them!!


The -T switch makes Perl scripts more secure. You can find more about this in this FAQ: http://gunther.web66.com/FAQS/taintmode.html


What exactly is line 581 in the amavis script? Which version of Perl are you running?
The section of the amavis script in question is

        # sending mail, sendmail version
        # For sendmail, we call the "real" local delivery agent
        open(MAIL, "|-") || exec($LDA, @LDAARGS);
        while (<$fh>) {
                next if ($seen_xheader == 0 && m/^$X_HEADER_TAG:/o);
                if ($seen_xheader == 0 && m/\A\r?\n\Z/) {
                        print MAIL "$X_HEADER_TAG: $X_HEADER_LINE\n";
                        $seen_xheader = 1;
                print MAIL $_;

Line 581 is the "open (MAIL, "|-") || exec($LDA, @LDAARGS);"

I seem to be running Perl v5.8.0.

I'm also using Perl v5.8.0, my Amavis version is 0.3.12pre8 (Mar 17 2003), and it does not have this line (and I also don't have this problem). Maybe the solution is not to install a newer version, but an older version of Amavis.
Well, I tried running the Amavis script without the -T switch on Perl, and it didn't fall over but any messages went into some sort of black hole somewhere and never re-emerged. I'll investigate going backwards to an older version of Amavis, though at the moment I can't find the particular version you're running.
In the end I switched from Sendmail to Postfix - it was a lot easier to configure amavisd to work with it....
Unlock this solution and get a sample of our free trial.
(No credit card required)
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.