July 28, 20214 yr On 7/19/2021 at 4:27 PM, luca2 said: Hi, thx for the docker! I tri3ed -after install- to add: --max-scansize=4000N --max-filesize=4000N but as soon as I press save, the docker disappears. Anyone expiriencieng the same? Rgds Also to note, based on what I read earlier in the thread, it should be 4000"M", not 4000"N".
July 28, 20214 yr On 4/18/2021 at 8:32 AM, SmokeyColes said: Great thank you, "Antivirus Scan Started" and the schedule is set in User Scripts. I am a little confused - what is it actually scanning? Every disk in the array or just dockers? Once it finds a file, does it inform you and does it treat it? Thanks Chris I've never created a custom script before and am pretty confused on the formatting. Can you or someone else share your script for getting a virus scan to execute automatically on a schedule via User Scripts?
July 28, 20214 yr 9 hours ago, ThatTallGuy21 said: I've never created a custom script before and am pretty confused on the formatting. Can you or someone else share your script for getting a virus scan to execute automatically on a schedule via User Scripts? The script to use in user scripts is in the OP
September 4, 20214 yr Hi everyone ! i'm getting this errors / warnings : Updating ClamAV scan DB ClamAV update process started at Sat Sep 4 08:52:39 2021 WARNING: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN). WARNING: You are still on cool-down until after: 2021-09-04 12:48:27 This means that you have been rate limited by the CDN. 1. Run FreshClam no more than once an hour to check for updates. FreshClam should check DNS first to see if an update is needed. 2. If you have more than 10 hosts on your network attempting to download, it is recommended that you set up a private mirror on your network using cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the CDN and your own network. 3. Please do not open a ticket asking for an exemption from the rate limit, it will not be granted. Freshclam updated the DB ClamAV 0.103.3/26217/Wed Jun 30 11:10:04 2021 Scanning /scan LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** Any idea what the problem could be ? I'm running ClamAV on a monthly basis, nothing more
September 5, 20214 yr Author 16 hours ago, AmokK said: Hi everyone ! i'm getting this errors / warnings : Updating ClamAV scan DB ClamAV update process started at Sat Sep 4 08:52:39 2021 WARNING: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN). WARNING: You are still on cool-down until after: 2021-09-04 12:48:27 This means that you have been rate limited by the CDN. 1. Run FreshClam no more than once an hour to check for updates. FreshClam should check DNS first to see if an update is needed. 2. If you have more than 10 hosts on your network attempting to download, it is recommended that you set up a private mirror on your network using cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the CDN and your own network. 3. Please do not open a ticket asking for an exemption from the rate limit, it will not be granted. Any idea what the problem could be ? I'm running ClamAV on a monthly basis, nothing more You've been rate limited. Are you behind a large NAT? That error indicates rate limited. If you continue to have issues, rebuild the container and try again. If that doesn't work, try manually installing the main db files into a bind mounted dir and see if that works.
September 7, 20214 yr I completely deleted the container including appdata folder, rebuilt it, no problems now. Not being behind a large NAT by the way, just my personal home connection. Thanks for your help @TQ Edited September 7, 20214 yr by AmokK typo error
October 11, 20214 yr Thank you @TQ for this. EDIT 2024-01-14: please see updated version here: I wrote another user script to start and control the scanning. With it you can select which shares to scan. The script can be scheduled. You can select one day in a week when the script runs another set of shares. The intention is to scan a small set daily and then a full scan once per week, and and completely avoid scanning some shares. Some snippets as a sample: # Edit these parameters: # List of Unraid shares to scan under /mnt/user. Check YOUR Unraid "Shares" tab. # Put a space between each share name. FOLDERSDAILY="incoming shared" FOLDERSWEEKLY="isos incoming shared backups myverybigshare" # Select which day is weekly scan day (1=mon, 7=sun). WEEKLYDAY=2 The script writes the target directories into a parameter file. # Switch to advanced mode (click basic mode at top right) and change # "Post parameters" to "-i -f /var/lib/clamav/clamavtargets.txt". # This tells the scanner to use a target list in a file instead of # scanning every Unraid share. This is the only required change to the container definition. The user script writes the parameter file and runs the container. Full script is here: https://github.com/Helediron/unraid-dailyclamavscan Credits to @Squid for the original script, on which this is based. Edited January 14, 20242 yr by Helediron Endorsing another user's updates
October 18, 20214 yr On 10/11/2021 at 12:11 PM, Helediron said: I wrote another user script to start and control the scanning. With it you can select which shares to scan. The script can be scheduled. You can select one day in a week when the script runs another set of shares. The intention is to scan a small set daily and then a full scan once per week, and and completely avoid scanning some shares. Thanks Helediron. Can I do a daily scan of cache without making huge changes to the script?
October 18, 20214 yr 5 hours ago, rbronco21 said: Thanks Helediron. Can I do a daily scan of cache without making huge changes to the script? Hi, script parameter and container parameter customisation sshould be enough. ClamAV scans whatever it finds in the Docker container's internal /scan folder, which usually is mapped to external folder /mnt/user. If you change that container parameter to e.g. /mnt/cache (assuming "standard" naming), then you can direct the container to scan the cache. Now, if you want to scan the cache completely, you don't need my script. Just point the container to the cache as above and run the container. This one-liner starts the scan: docker start ClamAV Put that into a user script, schedule it daily and you're done. If you want the folder selection or those fancy notifications, then continue. -> To modify the script, there are more parameters in the script to customise. Find this block: #Technical parameters # name of the container. CONTAINER=ClamAV # Location of ClamAV application data folder in Unraid host. # Must match with container parameter "ClamAV Signatures:" HOSTAPPDATA=/mnt/user/appdata/clamav # Location of scanned directory. # Must match with container parameter "Folder to Scan:" HOSTSCANDIR=/mnt/user ... and customize the script too. The script parameter HOSTSCANDIR must match with the container parameter. Change "HOSTSCANDIR=/mnt/user" to "HOSTSCANDIR=/mnt/cache". Put into FOLDERSDAILY and FOLDERSWEEKLY directories right under /mnt/cache, e.g. FOLDERSDAILY="domains isos" . If you want to run both user shares and directories under cache, it's getting more complex. There are two options: If you want to scan both /mnt/cache and /mnt/user completely, then set the scan point to /mnt and set FOLDERSDAILY and FOLDERSWEEKLY to "cache user" . We just moved here one step higher in folder hierarchy. If you want to scan subsets in both, then you have to duplicate the ClamAV container and script and customise them independently. In the second script you have to change CONTAINER and HOSTAPPDATA to match the second container. (Actually i don't yet know how that's done in Unraid, i'm Unraid noob). The script prints some debugging info. You'll see that if you run the script interactively with User Script plugin. It verifies that the folders actually exist and prints what it finds and finds not. If the scan takes long time, you can safely stop the script, but remember to stop the ClamAV container too. Edited October 18, 20214 yr by Helediron
November 7, 20214 yr I just started a 2nd scan after two months, and the notify script still picks up the previous infection (a file that I since removed) from the ClamAV docker logs, so I still get an FOUND message. Anyone else seeing this?
November 11, 20214 yr Hoping someone might be able to help me out with a part of my setup. I have the ClamAv from https://hub.docker.com/r/mkodockx/docker-clamav setup so that I can run this as an active daemon scanner for Nextcloud which I got working But I note the below error I am not sure how I would go about changing things to not hit the time limit.. for the database test. Below is the error log that I have. Thu Nov 11 05:53:25 2021 -> ClamAV update process started at Thu Nov 11 05:53:25 2021 Thu Nov 11 05:53:26 2021 -> ^Your ClamAV installation is OUTDATED! Thu Nov 11 05:53:26 2021 -> ^Local version: 0.102.4 Recommended version: 0.103.4 Thu Nov 11 05:53:26 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Thu Nov 11 05:53:26 2021 -> daily database available for update (local version: 26349, remote version: 26350) Thu Nov 11 05:53:28 2021 -> Testing database: '/var/lib/clamav/tmp.da8a6/clamav-657c926e1e7e31ed3ddaa24ef0748942.tmp-daily.cld' ... Thu Nov 11 05:53:33 2021 -> Database test passed. Thu Nov 11 05:53:33 2021 -> daily.cld updated (version: 26350, sigs: 1943487, f-level: 90, builder: raynman) Thu Nov 11 05:53:34 2021 -> main.cld database is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Thu Nov 11 05:53:34 2021 -> bytecode.cld database is up to date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
November 23, 20214 yr Quote 2021-11-23T21:30:18+00:00 ClamAV process starting Updating ClamAV scan DB ERROR: Can't create freshclam.dat in /var/lib/clamav ERROR: Failed to save freshclam.dat! WARNING: Failed to create a new freshclam.dat! ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings.
November 24, 20214 yr Author 4 hours ago, neverendingtech said: Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. Wherever you're mounting those directories, you do not have access. If you've not mounted those directories, then your docker.img file is full.
November 28, 20214 yr On 11/23/2021 at 10:41 PM, neverendingtech said: Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. I'm getting the same error and am confused about what I need to do...
November 30, 20214 yr On 11/24/2021 at 3:11 AM, neverendingtech said: Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. Can you check the config for appdata mount? i also had the issue, but my app data was configured like this (default value) /mnt/cache/appdata/claimav However this is supposed to be from the user shares. Update the path to /mnt/user/appdata/clamav or choose appdata folder manually, rather than using the default value.
November 30, 20214 yr 1 hour ago, NotYourAverageDev said: Can you check the config for appdata mount? i also had the issue, but my app data was configured like this (default value) /mnt/cache/appdata/claimav However this is supposed to be from the user shares. Update the path to /mnt/user/appdata/clamav or choose appdata folder manually, rather than using the default value. I had changed that, but for some reason it still created the appdata/clamav folder with the wrong permissions. (rwx r-x r-x, which incidentally is the same as for my resilio and avidemux dockers, without any issues). I manually created the appdata/clamav folder via Windows Explorer and now it works just fine. Thanks for the hint though!
December 2, 20214 yr I'm having the same permissions issue deploying this container with unraid version 6.10.0-rc2 The only solution I've found so far is changing /mnt/user/appdata/clamav to 777 2021-12-02T22:10:35+00:00 ClamAV process starting Updating ClamAV scan DB ERROR: Can't create freshclam.dat in /var/lib/clamav ERROR: Failed to save freshclam.dat! WARNING: Failed to create a new freshclam.dat! ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') Mappings: /var/lib/clamav <-> /mnt/user/appdata/clamav /scan <-> /mnt/user USER_ID & GROUP_ID are set to 99/100 root@darktower:~# stat /mnt/user/appdata/clamav File: /mnt/user/appdata/clamav Size: 0 Blocks: 0 IO Block: 4096 directory Device: 0,51 Inode: 13792273858936362 Links: 1 Access: (0755/drwxr-xr-x) Uid: ( 99/ nobody) Gid: ( 100/ users) Access: 2021-12-02 16:10:03.832225925 -0600 Modify: 2021-12-02 16:10:03.832225925 -0600 Change: 2021-12-02 16:10:03.832225925 -0600 Edited December 2, 20214 yr by ceddybu
December 4, 20214 yr Hi, has someone an idea how to get notice of errors or a found virus without checking the log manually each time?
December 4, 20214 yr 3 minutes ago, jeuser said: Hi, has someone an idea how to get notice of errors or a found virus without checking the log manually each time? I'm using one of the scripts in this thread, gives me notifications, which are handled by the default unraid notifications, however you have them set up.
December 4, 20214 yr Author 1 hour ago, Sayuuk said: I'm using one of the scripts in this thread, gives me notifications, which are handled by the default unraid notifications, however you have them set up. Precisely. Squid posted a script that I linked in the original post.
December 4, 20214 yr OK, I used an infected testfile but I get no notification. ClamAV 0.103.3/26373/Sat Dec 4 09:32:50 2021 Scanning /scan LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached /scan/data/2_read/.sync/Archive/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND /scan/data/2_read/eicar.com: Win.Test.EICAR_HDB-1 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 8581021 Engine version: 0.103.3 Scanned directories: 32429 Scanned files: 133491 Infected files: 2 Data scanned: 95934.23 MB Data read: 2209284.16 MB (ratio 0.04:1) Time: 15151.955 sec (252 m 31 s) Start Date: 2021:12:04 17:50:13 End Date: 2021:12:04 22:02:45
December 12, 20214 yr Hi, is it only me with and my setup is wrong? Do you get a notice when ClamAV detects a virus?
December 13, 20214 yr On 10/18/2021 at 5:50 PM, Helediron said: Hi, script parameter and container parameter customisation sshould be enough. ClamAV scans whatever it finds in the Docker container's internal /scan folder, which usually is mapped to external folder /mnt/user. If you change that container parameter to e.g. /mnt/cache (assuming "standard" naming), then you can direct the container to scan the cache. Now, if you want to scan the cache completely, you don't need my script. Just point the container to the cache as above and run the container. This one-liner starts the scan: docker start ClamAV Put that into a user script, schedule it daily and you're done. If you want the folder selection or those fancy notifications, then continue. -> To modify the script, there are more parameters in the script to customise. Find this block: #Technical parameters # name of the container. CONTAINER=ClamAV # Location of ClamAV application data folder in Unraid host. # Must match with container parameter "ClamAV Signatures:" HOSTAPPDATA=/mnt/user/appdata/clamav # Location of scanned directory. # Must match with container parameter "Folder to Scan:" HOSTSCANDIR=/mnt/user ... and customize the script too. The script parameter HOSTSCANDIR must match with the container parameter. Change "HOSTSCANDIR=/mnt/user" to "HOSTSCANDIR=/mnt/cache". Put into FOLDERSDAILY and FOLDERSWEEKLY directories right under /mnt/cache, e.g. FOLDERSDAILY="domains isos" . If you want to run both user shares and directories under cache, it's getting more complex. There are two options: If you want to scan both /mnt/cache and /mnt/user completely, then set the scan point to /mnt and set FOLDERSDAILY and FOLDERSWEEKLY to "cache user" . We just moved here one step higher in folder hierarchy. If you want to scan subsets in both, then you have to duplicate the ClamAV container and script and customise them independently. In the second script you have to change CONTAINER and HOSTAPPDATA to match the second container. (Actually i don't yet know how that's done in Unraid, i'm Unraid noob). The script prints some debugging info. You'll see that if you run the script interactively with User Script plugin. It verifies that the folders actually exist and prints what it finds and finds not. If the scan takes long time, you can safely stop the script, but remember to stop the ClamAV container too. Is it possible to use share names with spaces in the name, I tried messing with the script but I wasn't able figure out how to do this. Any help is appreciated!
December 20, 20214 yr Can someone tell me if the ClamAV container is impacted by the Log4j vulnerability?
December 29, 20214 yr Author No vulns detected. Updated the images to address the vulns found post-scan.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.