CLAMAV on Centos Mail Server: Can't connect to UNIX socket clamd.sock

In my Centos 6.4 server, I am using Postfix and Dovecot with Amavis/ClamAV filter. Lately I have been trying to solve my spam problem(only occurs in Gmail and Hotmail) so I've been tailing logs.

Though I can send and receive e-mails, I have realized that Clamav causes error in /var/log/maillog so I think perhaps it can help my spam problem if I can solve this error.

That's the main error, I think the rest of the process goes allright.

(!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory

Test information:

XX.XX.XX.XX: Sender Client IP (This time Thunderbird)
YY.YY.YY.YY: My mail server IP
[email protected]: Sender address
[email protected]: Receiver address (This time Gmail)

When I send an e-mail from a mail account in my server, Here's how /var/log/maillog looks:

postfix[3422]: warning: XX.XX.XX.XX: hostname XX.XX.XX.XX.static.ttnet.com.tr verification failed: Name or service not known
postfix[3422]: connect from unknown[XX.XX.XX.XX]
postfix[3422]: setting up TLS connection from unknown[XX.XX.XX.XX]
postfix[3422]: Anonymous TLS connection established from unknown[XX.XX.XX.XX]: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
postfix[3422]: D894AC1E61: client=unknown[XX.XX.XX.XX], sasl_method=PLAIN, [email protected]
postfix/cleanup[3429]: D894AC1E61: message-id=<[email protected]>
postfix/qmgr[1310]: D894AC1E61: from=<[email protected]>, size=862, nrcpt=1 (queue active)
amavis[3326]: (03326-01) ESMTP::10024 /var/amavis/tmp/amavis-20131030T102202-03326-IY7b8Pdi: <[email protected]> -> <[email protected]> SIZE=862 Received: from host.mydomain.com ([127.0.0.1]) by localhost (mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <[email protected]>; Wed, 30 Oct 2013 10:22:02 +0000 (UTC)
amavis[3326]: (03326-01) Checking: MemHkAhbAuqt [XX.XX.XX.XX] <[email protected]> -> <[email protected]>
amavis[3326]: (03326-01) Open relay? Nonlocal recips but not originating: [email protected]
amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: 2
amavis[3326]: (03326-01) ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (1)
postfix[3422]: disconnect from unknown[XX.XX.XX.XX]
amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory
amavis[3326]: (03326-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (2)
amavis[3326]: (03326-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.sock: No such file or directory
amavis[3326]: (03326-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.sock (All attempts (1) failed connecting to /var/run/clamav/clamd.sock) at (eval 113) line 600.\n
amavis[3326]: (03326-01) (!)WARN: all primary virus scanners failed, considering backups
postfix[3433]: connect from unknown[127.0.0.1]
postfix[3433]: E52C1C1E71: client=unknown[127.0.0.1]
postfix/cleanup[3429]: E52C1C1E71: message-id=<[email protected]>
postfix/qmgr[1310]: E52C1C1E71: from=<[email protected]>, size=1279, nrcpt=1 (queue active)
amavis[3326]: (03326-01) FWD from <[email protected]> -> <[email protected]>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E52C1C1E71
amavis[3326]: (03326-01) Passed CLEAN {RelayedOpenRelay}, [XX.XX.XX.XX]:33926 [XX.XX.XX.XX] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: MemHkAhbAuqt, Hits: 0.106, size: 862, queued_as: E52C1C1E71, 14736 ms
postfix/smtp[3430]: D894AC1E61: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0.53/0.01/0.01/15, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E52C1C1E71)
postfix/qmgr[1310]: D894AC1E61: removed
amavis[3326]: (03326-01) extra modules loaded: unicore/lib/gc_sc/Digit.pl, unicore/lib/gc_sc/SpacePer.pl
postfix/smtp[3436]: E52C1C1E71: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.142.27]:25, delay=1.2, delays=0.01/0.02/0.68/0.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1383128540 x12si3704513igx.15 - gsmtp)
postfix/qmgr[1310]: E52C1C1E71: removed
dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=3439, secured
dovecot: imap([email protected]): Disconnected: Logged out bytes=90/777

And here's the source code of received mail in Gmail:

Delivered-To: [email protected]
Received: by 10.68.54.102 with SMTP id i6csp217498pbp;
        Wed, 30 Oct 2013 03:22:20 -0700 (PDT)
X-Received: by 10.50.6.99 with SMTP id z3mr1702938igz.27.1383128540254;
        Wed, 30 Oct 2013 03:22:20 -0700 (PDT)
Return-Path: <[email protected]>
Received: from host.mydomain.com (mydomain.com. [YY.YY.YY.YY])
        by mx.google.com with ESMTPS id x12si3704513igx.15.2013.10.30.03.22.19
        for <[email protected]>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Wed, 30 Oct 2013 03:22:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates YY.YY.YY.YY as permitted sender) client-ip=YY.YY.YY.YY;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates YY.YY.YY.YY as permitted sender) [email protected]
Received: from localhost (unknown [127.0.0.1])
    by host.mydomain.com (Postfix) with ESMTP id E52C1C1E71
    for <[email protected]>; Wed, 30 Oct 2013 10:22:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mydomain.com
Received: from host.mydomain.com ([127.0.0.1])
    by localhost (mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id MemHkAhbAuqt for <[email protected]>;
    Wed, 30 Oct 2013 10:22:02 +0000 (UTC)
Received: from [192.168.2.15] (unknown [XX.XX.XX.XX])
    (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
    (No client certificate requested)
    by host.mydomain.com (Postfix) with ESMTPSA id D894AC1E61
    for <[email protected]>; Wed, 30 Oct 2013 10:22:01 +0000 (UTC)
Message-ID: <[email protected]>
Date: Wed, 30 Oct 2013 12:21:47 +0200
From: mydomain Development Base <[email protected]>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: [email protected]
Subject: That's the mail
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <font face="Helvetica, Arial, sans-serif">What's up?</font>
  </body>
</html>

Though it all seems fine and have scanned by amavisd-new, it goes to spam. I don't necessarily ask why but if it's related to not being scanned correctly, I need to fix this issue.

And here's how I use CLAMAV in /etc/amavisd.conf file:

['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
  qr/\bOK$/m, qr/\bFOUND$/m,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

The file clamd.sock is not exist under /var/run/clamav/ dir, and this dir is chowned by clamav user and group (the service doesn't start when it's not). I don't know if it's a dynamic file that is being created and deleted on runtime but I don't think there's any issue with permissions, perhaps some process or service is missing to create the file.

Any ideas? Thanks in advance.