ClamAV or other AV docker available?


shaunvis

Recommended Posts

I'm an unraid newbie, been trying the demo. I'm pretty sure I'll be moving all my data over & purchasing a license but was wondering about antivirus software available. It's the one thing I haven't found yet.

 

I have an app on my Synology that monitors and scans files on my NAS. Is there something for unraid? Like a docker that will scan and monitor all my shares?

 

Or would I need to set up a VM with something and do it that way?

 

Thanks!

Link to comment
  • 6 months later...
1 minute ago, kizer said:

I admittedly must say I took a look at it and was at a loss on how to really install it.


Sent from my iPhone using Tapatalk

You can easily do this until I get it working with CA.

From the shell of your unRAID server

docker run -it -d -v clamav-db:/var/lib/clamav -v /mnt/user:/scan:ro tquinnelly/clamav -i

That will install the docker container, and it will start up, update the virus db, and start scanning /mnt/user.

 

Hope that helps.

Link to comment
2 minutes ago, TQ said:
You can easily do this until I get it working with CA.
From the shell of your unRAID server

docker run -it -d -v clamav-db:/var/lib/clamav -v /mnt/user:/scan:ro tquinnelly/clamav -i
 

That will install the docker container, and it will start up, update the virus db, and start scanning /mnt/user.
 
Hope that helps.


Thanks I’ll give it a try soon. I wasn’t sure if it was just that easy. 

Sent from my iPhone using Tapatalk

 

 

Link to comment

@TQ

 

It did a download and then it gave me the following after extracting.

 

root@Tower:~# docker run -it -d -v clamav-db:/var/lib/clamav -v /mnt/user:/scan:ro tquinnelly/clamav -i
f30ffdf2f0124b12e3b44a4e04dd23ea0529f873db0bbc1a7741ce392708820f
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "exec: \"/scan.sh\": permission denied": unknown.

 

Also where is it installing the files to? Location wise that is.

 

I think I'll wait a bit to see where this goes. 😀

Thanks for working on this.

Link to comment
1 hour ago, kizer said:

@TQ

 

It did a download and then it gave me the following after extracting.

 


root@Tower:~# docker run -it -d -v clamav-db:/var/lib/clamav -v /mnt/user:/scan:ro tquinnelly/clamav -i
f30ffdf2f0124b12e3b44a4e04dd23ea0529f873db0bbc1a7741ce392708820f
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "exec: \"/scan.sh\": permission denied": unknown.

 

Looks like an issue with chmod +x scan.sh. Thanks for drawing my attention to that. 
Just did another build and that error goes away and works (not unraid)

 

Issue of UID/GID is now prevalent for unRAID. Will resolve for unRAID soon.

Link to comment
23 hours ago, kizer said:

@TQ

...

Also where is it installing the files to? Location wise that is.

 

I think I'll wait a bit to see where this goes. 😀

Thanks for working on this.

The files are installed to the local image upon first launch, then updated every time you launch it again.

I just moved that out of the image and into a mnt point on my unRAID and that seems to work great. Doesn't take up space in the docker.img file.

 

Also, just requested it be added to CA.

Link to comment

Looks like it failed though.

 

root@Brunnhilde:~# docker run -it tquinnelly/clamav -i
2019-06-15T16:16+0000 ClamAV scanning started
Updating ClamAV scan DB
ClamAV update process started at Sat Jun 15 16:16:00 2019
Downloading main.cvd [100%]
main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily.cvd [100%]
daily.cvd updated (version: 25481, sigs: 1594709, f-level: 63, builder: raynman)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 328, sigs: 94, f-level: 63, builder: neo)
Database updated (6161052 signatures) from database.clamav.net (IP: 104.16.219.84)
Freshclam updated the DB
Scanning /scan
/scan: No such file or directory
WARNING: /scan: Can't access file

----------- SCAN SUMMARY -----------
Known viruses: 6151733
Engine version: 0.101.2
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 25.827 sec (0 m 25 s)

 

Link to comment
19 minutes ago, wgstarks said:

Looks like it failed though.

 


root@Brunnhilde:~# docker run -it tquinnelly/clamav -i
2019-06-15T16:16+0000 ClamAV scanning started
Updating ClamAV scan DB
ClamAV update process started at Sat Jun 15 16:16:00 2019
Downloading main.cvd [100%]
main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily.cvd [100%]
daily.cvd updated (version: 25481, sigs: 1594709, f-level: 63, builder: raynman)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 328, sigs: 94, f-level: 63, builder: neo)
Database updated (6161052 signatures) from database.clamav.net (IP: 104.16.219.84)
Freshclam updated the DB
Scanning /scan
/scan: No such file or directory
WARNING: /scan: Can't access file

----------- SCAN SUMMARY -----------
Known viruses: 6151733
Engine version: 0.101.2
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 25.827 sec (0 m 25 s)

 

You ran it via command line w/o any parameters.

If you run it via command line, you'll have to run it like I mention on github.

docker run -it \
  -v /path/to/scan:/scan:ro \ 
  tquinnelly/clamav -i

It doesn't know what to scan.

Edited by TQ
Link to comment

image.thumb.png.26323453dcf2d75029cfee040cd2c6ad.png

 

This is what it looks like running from CA. It adds the default `/mnt/user` as the scan target.

 

/# docker logs -f ClamAV
2019-06-15T11:34-0500 ClamAV scanning started
Updating ClamAV scan DB
ClamAV update process started at Sat Jun 15 11:34:19 2019
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-25481.cdiff [100%]
daily.cld updated (version: 25481, sigs: 1594709, f-level: 63, builder: raynman)
bytecode.cvd is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
Database updated (6161052 signatures) from database.clamav.net (IP: 104.16.218.84)
Freshclam updated the DB
Scanning /scan

 

Edited by TQ
Link to comment
2 minutes ago, TQ said:

image.thumb.png.26323453dcf2d75029cfee040cd2c6ad.png

 

This is what it looks like running from CA. It adds the default `/mnt/user` as the scan target.

How would I run it if not from command line? I don’t see any other way to launch it.

 

Edit: I did install the docker via CA as you showed in your post.

Edited by wgstarks
Link to comment

Ah I think it was having issues attempting to Scan my TimeMachine Backup Shares. Would be really nice if we could tell it not to scan Specific Shares. In the mean time I just told it to scan a Specific Share opposer to /mnt/user. With the /scan config option in the Template.

 

 

Scanned Half of my Ripped Media. No known viruses. Lol. Only Half simply because I directed it to a specific share.

 

Link to comment
21 minutes ago, Squid said:

Template works for me.  You don't need to issue the cli command.

 

Just start it from the docker tab.  When its finished the container will stop and you can look at the logs

Thanks. I get it now. Do I also need to manually start the recursing_einstein docker that CA installed along with ClamAV?

Link to comment
Thanks. I get it now. Do I also need to manually start the recursing_einstein docker that CA installed along with ClamAV?

 

 

Uh I think that was part of the Old Docker. I don’t have that in my Docker list anymore. I deleted everything and reinstalled the new Docker and everything works fine.

 

 

Sent from my iPhone using Tapatalk

Link to comment

Hmmm I don’t know. I just checked my Dockers list again and there is no mention of that. I’ve ran the Clam Docker 4x and it hasn’t recreated it once. Heck I’ve even modified the Template a few times to have it scan specific shares. I’ll try and uninstall it and see if it creates it. I know it did the first time a day or two ago. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.