Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] ClamAV

Featured Replies

On 6/18/2022 at 11:29 AM, Squid said:

It's listed in the logs for the app.  The script post much earlier should alert you as to which file(s)

It does nothing.  That's for you to decide what to do with it

Sorry.  I wasnt sure if the script notifies which files are detected as infected.  I grabbed by script from somewhere on this forum a while back and it only stated I had an infected file with no other information regarding it.  I did manually check the logs but didnt know what I was looking for as the logs also just reported it found a file but not where it was.  Updated my script with the most recent iteration I saw posted.  Thanks.

  • Replies 336
  • Views 113.1k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You would make another instance of the container.  Each instance scans whatever is specified

  • chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav chown -R nobody:users  /mnt/cache/appdata/clamav

Posted Images

So about 10 mins into the scan I get this error.  All disk spin down after this so I am pretty sure its not scanning anymore.  Any ideas?

LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached

 

  • 2 weeks later...
On 4/17/2022 at 1:54 AM, Masterwishx said:

updated Helediron scan script for use with the shares that have space between ...

i tried to put 'pc backups' ,pc\ backups or pc backups in FOLDERSWEEKLY, None of them work.

any ideas how to put folder name with space correctly to get script to work?

 

cl1.png

cl2.png

cl3.png

On 7/12/2022 at 10:23 AM, gtishtar said:

i tried to put 'pc backups' ,pc\ backups or pc backups in FOLDERSWEEKLY, None of them work.

any ideas how to put folder name with space correctly to get script to work?

 

cl1.png

cl2.png

cl3.png

 

Yes, use my updated script to use spaces in Shares Folders.

 

script

 

17.1.24

Updated script for Exclude SubFolders.

Also on https://github.com/masterwishx/Unraid-User-Scripts/tree/main/ClamAV Scan

 

script

 

# Set to Exclude Subfolders "yes/no".

exclude_subfolders="yes"

 

EXCLUDEDSUBFOLDERS=("Test" "Adobe Documents")

 

 

 

Edited by Masterwishx

  • Author
On 6/27/2022 at 2:34 PM, jmztaylor said:

So about 10 mins into the scan I get this error.  All disk spin down after this so I am pretty sure its not scanning anymore.  Any ideas?

LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached

 

 

From what I've experienced, it's usually due to permissions on the appdata folder for Clam.

Try to run that aforementioned fix for perms and see if that helps.

  • Author
On 6/18/2022 at 10:29 AM, Squid said:

It's listed in the logs for the app.  The script post much earlier should alert you as to which file(s)

It does nothing.  That's for you to decide what to do with it

 

Squid is, of course, correct.

You can check the documentation that I have provided on Docker Hub and pass those parameters via Post Arguments in the container config.

16 hours ago, TQ said:

 

From what I've experienced, it's usually due to permissions on the appdata folder for Clam.

Try to run that aforementioned fix for perms and see if that helps.

 

Nope that did nothing

  • Author
 
Nope that did nothing

Have you tried changing this?

--bytecode-timeout=N - set bytecode timeout (in milliseconds)
2 hours ago, TQ said:


Have you tried changing this?

--bytecode-timeout=N - set bytecode timeout (in milliseconds)

 

Yeah I even put it at a ridiculous amount and disks will spin down after 15 mins so it means it just quit working altogether anyways.

  • Author
21 hours ago, jmztaylor said:

 

Yeah I even put it at a ridiculous amount and disks will spin down after 15 mins so it means it just quit working altogether anyways.

 

I just updated my container on my backup Unraid and ran it. 

Ran over 2 hours.

Output.
 

Freshclam updated the DB

ClamAV 0.104.3/26603/Sat Jul 16 07:57:28 2022

Scanning /scan

----------- SCAN SUMMARY -----------
Known viruses: 8622360
Engine version: 0.104.3
Scanned directories: 674
Scanned files: 19907
Infected files: 0
Data scanned: 118466.76 MB
Data read: 266611.65 MB (ratio 0.44:1)
Time: 7262.284 sec (121 m 2 s)
Start Date: 2022:07:16 15:03:23
End Date:   2022:07:16 17:04:25

2022-07-16T17:04:25+00:00 ClamAV scanning finished

 

I think something is up with your permissions on those files.

  • 3 weeks later...

Not quite sure what I could be doing wrong here...I just installed the ClamAV app, but when running it I get:

 

2022-08-01T03:21:54+00:00 ClamAV process starting

Updating ClamAV scan DB
Hint: The database directory must be writable for UID 100 or GID 101


An error occurred (freshclam returned with exit code '2')

 

The Docker is pointed to /mnt/user/appdata/clamav/ for the ClamAV Signatures, and successfully created the folder during deployment. After deployment the /appdata/clamav folder is owned by nobody with permissions drwxr-xr-x I've also confirmed PGID and PUID are the same as all my other Docker containers which are working fine.

 

What can I do to fix this so ClamAV can run?

3 minutes ago, Aractor said:

Not quite sure what I could be doing wrong here...I just installed the ClamAV app, but when running it I get:

 

2022-08-01T03:21:54+00:00 ClamAV process starting

Updating ClamAV scan DB
Hint: The database directory must be writable for UID 100 or GID 101


An error occurred (freshclam returned with exit code '2')

 

The Docker is pointed to /mnt/user/appdata/clamav/ for the ClamAV Signatures, and successfully created the folder during deployment. After deployment the /appdata/clamav folder is owned by nobody with permissions drwxr-xr-x I've also confirmed PGID and PUID are the same as all my other Docker containers which are working fine.

 

What can I do to fix this so ClamAV can run?

Read a bit further back in the thread and found the solution mentioned, worked like a charm.

 

  • 4 weeks later...

is the script at page 1 the one people still use for scheduled scans?

@TQ can we change UTC time used to local ?

On 6/16/2019 at 4:57 PM, Squid said:

Updated to include the infected file in the notification

#!/usr/bin/php
<?
exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"');
exec('docker start ClamAV');
for ( ;; ) {
  $status = trim(exec("docker ps | grep ClamAV"));
  if ( ! $status ) break;
  sleep(60);
}
exec("docker logs ClamAV 2>/dev/null",$logs);
foreach ($logs as $line) {
  $virus = explode(" ",$line);
  if (trim(end($virus)) == "FOUND" ) {
    $infected .= "$line\n";
  }
}

if ( ! $infected ) $infected = "No infections found\n";

exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"');
?>

 

 

script 689 B · 93 downloads

 

I tinkered a bit with this script. The "original" quoted here, does a 

docker logs ClamAV

which makes the script look at all logs, for all runs, ever (sort of). So if you actually had a virus, you'll end up alerting for that virus for all eternity, even tough you might have removed it. I updated the script to use:

docker logs --since 23h ClamAV

to just consider the latest 23 hours (or whatever you feel is reasonable). Personally I run the scan on a daily basis. My changes also modifies the severity level of the notification to 'alert' if a virus has been found. 

 

#!/usr/bin/php
<?
exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"');
exec('docker start ClamAV');
for ( ;; ) {
  $status = trim(exec("docker ps | grep ClamAV"));
  if ( ! $status ) break;
  sleep(60);
}

exec("docker logs --since 23h ClamAV 2>/dev/null",$logs);
foreach ($logs as $line) {
  $virus = explode(" ",$line);
  if (trim(end($virus)) == "FOUND" ) {
    $infected .= "$line\n";
  }
}

$level = "alert";
if ( ! $infected ) {
    $infected = "No infections found\n";
    $level = "normal";
}
exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i '.escapeshellarg($level));
?>

 

Edited by FredrikJL

  • 4 weeks later...

When I start up the container Freshclamd starts and then appears to hang. The log shows the following with the SelfCheck statement repeating every 10 minutes and not stopping.

Starting Freshclamd
ClamAV update process started at Sun Oct  2 14:57:04 2022
daily.cld database is up-to-date (version: 26677, sigs: 2006327, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Sun Oct  2 15:07:38 2022 -> SelfCheck: Database status OK.
Sun Oct  2 15:17:39 2022 -> SelfCheck: Database status OK.
Sun Oct  2 15:27:40 2022 -> SelfCheck: Database status OK.
Sun Oct  2 15:37:41 2022 -> SelfCheck: Database status OK.

Running a ps shows the following two clam processes:

   12 clamav    0:24 clamd --foreground
   41 clamav    0:00 freshclam --checks=1 --daemon --foreground --stdout --user=clamav

 

Any ideas on what is wrong?

  • 1 month later...

I have the same issue any ideas as to the problem?

Starting Freshclamd
ClamAV update process started at Sun Oct  2 14:57:04 2022
daily.cld database is up-to-date (version: 26677, sigs: 2006327, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Sun Oct  2 15:07:38 2022 -> SelfCheck: Database status OK.
Sun Oct  2 15:17:39 2022 -> SelfCheck: Database status OK.
Sun Oct  2 15:27:40 2022 -> SelfCheck: Database status OK.
Sun Oct  2 15:37:41 2022 -> SelfCheck: Database status OK.

 

  • Author
32 minutes ago, mauriceatkinson@btconnect. said:

I have the same issue any ideas as to the problem?

Starting Freshclamd
ClamAV update process started at Sun Oct  2 14:57:04 2022
daily.cld database is up-to-date (version: 26677, sigs: 2006327, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Sun Oct  2 15:07:38 2022 -> SelfCheck: Database status OK.
Sun Oct  2 15:17:39 2022 -> SelfCheck: Database status OK.
Sun Oct  2 15:27:40 2022 -> SelfCheck: Database status OK.
Sun Oct  2 15:37:41 2022 -> SelfCheck: Database status OK.

 

 

I cannot reproduce. Here is my start up just moments ago...

2022-11-05T17:43:48+00:00 ClamAV process starting

Updating ClamAV scan DB
ClamAV update process started at Sat Nov  5 17:43:49 2022
daily database available for update (local version: 26706, remote version: 26711)
Testing database: '/var/lib/clamav/tmp.e364402c7f/clamav-ee0a95b108d7db8f9cd5ab0ba1ab6c53.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 26711, sigs: 2010014, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory


Freshclam updated the DB


ClamAV 0.104.3/26711/Sat Nov  5 07:49:31 2022

 

This almost seems as if there is a permission issue updating the c?d files.

Try this: 

If that does not solve it, delete all contents of your ClamAV appdata folder and restart the container. 

/cc @SwampyShadow

  • 1 month later...

Hi there, I installed the clamav docker with the default set up. When started it appears to update and then sit idle. Log shows

 

Quote

Starting Freshclamd
Starting ClamAV
Socket for clamd not found yet, retrying (0/1800) ...ClamAV update process started at Wed Dec 28 14:01:29 2022
daily.cvd database is up-to-date (version: 26764, sigs: 2014489, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Socket for clamd not found yet, retrying (23/1800) ...Wed Dec 28 14:01:52 2022 -> Limits: Global time limit set to 120000 milliseconds.
Wed Dec 28 14:01:52 2022 -> Limits: Global size limit set to 419430400 bytes.
Wed Dec 28 14:01:52 2022 -> Limits: File size limit set to 104857600 bytes.
Wed Dec 28 14:01:52 2022 -> Limits: Recursion level limit set to 17.
Wed Dec 28 14:01:52 2022 -> Limits: Files limit set to 10000.
Wed Dec 28 14:01:52 2022 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Wed Dec 28 14:01:52 2022 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Wed Dec 28 14:01:52 2022 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Wed Dec 28 14:01:52 2022 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Wed Dec 28 14:01:52 2022 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Wed Dec 28 14:01:52 2022 -> Limits: MaxPartitions limit set to 50.
Wed Dec 28 14:01:52 2022 -> Limits: MaxIconsPE limit set to 100.
Wed Dec 28 14:01:52 2022 -> Limits: MaxRecHWP3 limit set to 16.
Wed Dec 28 14:01:52 2022 -> Limits: PCREMatchLimit limit set to 100000.
Wed Dec 28 14:01:52 2022 -> Limits: PCRERecMatchLimit limit set to 2000.
Wed Dec 28 14:01:52 2022 -> Limits: PCREMaxFileSize limit set to 104857600.
Wed Dec 28 14:01:52 2022 -> Archive support enabled.
Wed Dec 28 14:01:52 2022 -> AlertExceedsMax heuristic detection disabled.
Wed Dec 28 14:01:52 2022 -> Heuristic alerts enabled.
Wed Dec 28 14:01:52 2022 -> Portable Executable support enabled.
Wed Dec 28 14:01:52 2022 -> ELF support enabled.
Wed Dec 28 14:01:52 2022 -> Mail files support enabled.
Wed Dec 28 14:01:52 2022 -> OLE2 support enabled.
Wed Dec 28 14:01:52 2022 -> PDF support enabled.
Wed Dec 28 14:01:52 2022 -> SWF support enabled.
Wed Dec 28 14:01:52 2022 -> HTML support enabled.
Wed Dec 28 14:01:52 2022 -> XMLDOCS support enabled.
Wed Dec 28 14:01:52 2022 -> HWP3 support enabled.
Wed Dec 28 14:01:52 2022 -> Self checking every 600 seconds.
Wed Dec 28 14:01:52 2022 -> Set stacksize to 1048576
socket found, clamd started.

Wed Dec 28 14:12:31 2022 -> SelfCheck: Database status OK.

 

scan folder : "/mnt/cache/downloads"

appdata: "/mnt/cache/appdata/clamav/"

UID 100 GUID 101

BRIDGE mode

 

When I log in the docker I can manually start the scan with the "clamscan --recursive /scan" command.

 

Any hint what is wrong here ? And why it is not automatically starting once I start the docker, is most appreciated. TIA


 

 

 

Edited by unrateable

  • 2 weeks later...

Is the "official" tagged version of ClamAV disfunctional compared to TQ's repo version? I installed the "Offical" one.. but it seems useless compared to what I've seen in this thread.

  • Author
On 12/28/2022 at 7:11 AM, unrateable said:

Hi there, I installed the clamav docker with the default set up. When started it appears to update and then sit idle. Log shows

 

 

scan folder : "/mnt/cache/downloads"

appdata: "/mnt/cache/appdata/clamav/"

UID 100 GUID 101

BRIDGE mode

 

When I log in the docker I can manually start the scan with the "clamscan --recursive /scan" command.

 

Any hint what is wrong here ? And why it is not automatically starting once I start the docker, is most appreciated. TIA


 

 

 

 

It would appear that this is not my container. 
I'm not notifying `clamd` due to it not being present in my build.

 

  • Author
10 hours ago, SLNetworks said:

Is the "official" tagged version of ClamAV disfunctional compared to TQ's repo version? I installed the "Offical" one.. but it seems useless compared to what I've seen in this thread.

 

Unfortunately, I'm not sure.

I know this one works using the template in CA.

21 minutes ago, TQ said:

 

Unfortunately, I'm not sure.

I know this one works using the template in CA.

So neither of 'em have a webUI. What is to happen if it comes across an infected file?

  • Author
1 hour ago, SLNetworks said:

So neither of 'em have a webUI. What is to happen if it comes across an infected file?

That's really for you to decide.

ClamAV has never had a webUI afaik.

 

Take a look at all my documentation (from the first post) and you'll find the answers to your questions.

  • 2 weeks later...

If I add "--max-filesize=200M --max-scansize=500M" to Post Arguments, my log is empty and I am unsure if it has done anything.

 

If I add a -i, it fails with this in the log:

clamd: illegal option -- i
ERROR: Unknown option passed
ERROR: Can't parse command line options

 

These options also fail:

-f /scan/appdata/clamav/clamavtargets.txt
clamd: illegal option -- f
ERROR: Unknown option passed
ERROR: Can't parse command line options

--file-list=/scan/appdata/clamav/clamavtargets.txt
clamd: unrecognized option `--file-list=/scan/appdata/clamav/clamavtargets.txt'
ERROR: Unknown option passed
ERROR: Can't parse command line options

 

I have to be missing something because there aren't other posts about this. What's going on?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.