TQ Posted May 25, 2023 Author Share Posted May 25, 2023 On 5/11/2023 at 6:15 AM, bmartino1 said: I've noticed that my logs are in UTC time. is there a way to get the alpine packaged installed for TZ data to pass and update the scan log to be in time zone time? Reviewing this docker. for logs and time. https://serverfault.com/questions/683605/docker-container-time-timezone-will-not-reflect-changes I have found that the log is in UTC Time. Is there a way for me to add a custom script to run or to pass the TZ via environments to use local time for clam AV logging? I believe a package would have to be added to the alpine image to accomplish this. -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro Sure. I think that would be not too difficult. Feel free to open a PR if you have the time! Quote Link to comment
Bremsklotz Posted July 10, 2023 Share Posted July 10, 2023 What does these warn and error messages mean? Quote LibClamAV Warning: Bytecode run timed out in interpreter after 205000 opcodes LibClamAV Warning: Bytecode 'BC.Pdf.Exploit.CVE_2017_2818-6399052-0.{}' (id: 76) failed to run: Exceeded time limit and Quote LibClamAV Error: cli_html_normalise: style chunk size underflow Quote Link to comment
TQ Posted July 10, 2023 Author Share Posted July 10, 2023 Googled these for ya. Bytecode run timed out in interpreter after 205000 opcodes This indicates that ClamAV was running a bytecode signature and that it exceeded a time limit. Normally safe to ignore... cli_html_normalize: style chunk size underflow You can ignore the error message. It is a part of a safety bounds check that was added in a new feature in ClamAV 1.1.0. We did not expect that error message to occur within a normal file. The file causing the error message would be visible in the logs right after this message. 1 1 Quote Link to comment
CuriousMind Posted July 15, 2023 Share Posted July 15, 2023 (edited) So is this an app that comes configured incorrectly, or just needing a lot of setup? The Support page and ReadMe both make it sound Plug & Play outside of selecting the folder to scan, and of course there are the script suggestions in this thread, but I have not been able to get that far as I cannot even get it to scan. I can manually change the permissions, but I feel like if that is a necessary step too get things working the app should either do it itself, or, if that is not possible, it should say it somewhere obvious. ERROR: Failed to save freshclam.dat! WARNING: Failed to create a new freshclam.dat! ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! 2023-07-15T12:36:32+00:00 ClamAV process starting Unpdating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') 2023-07-15T12:36:39+00:00 ClamAV process starting Unpdating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') 2023-07-15T12:44:23+00:00 ClamAV process starting Unpdating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') Edited July 15, 2023 by CuriousMind Quote Link to comment
TQ Posted July 15, 2023 Author Share Posted July 15, 2023 19 minutes ago, CuriousMind said: So is this an app that comes configured incorrectly, or just needing a lot of setup? The Support page and ReadMe both make it sound Plug & Play outside of selecting the folder to scan, and of course there are the script suggestions in this thread, but I have not been able to get that far as I cannot even get it to scan. I can manually change the permissions, but I feel like if that is a necessary step too get things working the app should either do it itself, or, if that is not possible, it should say it somewhere obvious. ERROR: Failed to save freshclam.dat! WARNING: Failed to create a new freshclam.dat! ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! 2023-07-15T12:36:32+00:00 ClamAV process starting Unpdating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') 2023-07-15T12:36:39+00:00 ClamAV process starting Unpdating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') 2023-07-15T12:44:23+00:00 ClamAV process starting Unpdating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') FIxing it is simple. The permissions are incorrect. Passing the UID and GID should solve this problem. If not, you can use the snippet below and this should solve the problem for you. chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav && chown -R nobody:users /mnt/cache/appdata/clamav Updating the xml file to include these details... 2 Quote Link to comment
TQ Posted July 15, 2023 Author Share Posted July 15, 2023 On 5/11/2023 at 6:15 AM, bmartino1 said: I've noticed that my logs are in UTC time. is there a way to get the alpine packaged installed for TZ data to pass and update the scan log to be in time zone time? Reviewing this docker. for logs and time. https://serverfault.com/questions/683605/docker-container-time-timezone-will-not-reflect-changes I have found that the log is in UTC Time. Is there a way for me to add a custom script to run or to pass the TZ via environments to use local time for clam AV logging? I believe a package would have to be added to the alpine image to accomplish this. -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro Added tzdata in new build. LMK if that works. Quote Link to comment
SShadow Posted July 19, 2023 Share Posted July 19, 2023 @TQ I downloaded the latest update and the logs now match the system time. Thank you! 1 Quote Link to comment
Germy_Lizard Posted July 23, 2023 Share Posted July 23, 2023 Hey there everyone, Was wondering if someone had sec to help me out? I did a clean install of ClamAV recently, now the logs are showing that the container is stuck doing a self check? (Logs Attached) Unraid Version: 6.12.2 Any and all help is appreciated ClamAV Logs.txt Quote Link to comment
TQ Posted July 23, 2023 Author Share Posted July 23, 2023 6 hours ago, Germy_Lizard said: Hey there everyone, Was wondering if someone had sec to help me out? I did a clean install of ClamAV recently, now the logs are showing that the container is stuck doing a self check? (Logs Attached) Unraid Version: 6.12.2 Any and all help is appreciated ClamAV Logs.txt 2.55 kB · 1 download This doesnt look like the output from my container. I think some wires are crossed. Socket for clamd not found yet, retrying (18/1800) ...Sat Jul 22 20:29:14 2023 -> Limits: Global time limit set to 120000 milliseconds. Sat Jul 22 20:29:14 2023 -> Limits: Global size limit set to 419430400 bytes. Sat Jul 22 20:29:14 2023 -> Limits: File size limit set to 104857600 bytes. Sat Jul 22 20:29:14 2023 -> Limits: Recursion level limit set to 17. Sat Jul 22 20:29:14 2023 -> Limits: Files limit set to 10000. Sat Jul 22 20:29:14 2023 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes. Sat Jul 22 20:29:14 2023 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes. Sat Jul 22 20:29:14 2023 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes. Sat Jul 22 20:29:14 2023 -> Limits: MaxScriptNormalize limit set to 20971520 bytes. Sat Jul 22 20:29:14 2023 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Sat Jul 22 20:29:14 2023 -> Limits: MaxPartitions limit set to 50. Sat Jul 22 20:29:14 2023 -> Limits: MaxIconsPE limit set to 100. Sat Jul 22 20:29:14 2023 -> Limits: MaxRecHWP3 limit set to 16. Sat Jul 22 20:29:14 2023 -> Limits: PCREMatchLimit limit set to 100000. Sat Jul 22 20:29:14 2023 -> Limits: PCRERecMatchLimit limit set to 2000. Sat Jul 22 20:29:14 2023 -> Limits: PCREMaxFileSize limit set to 104857600. Sat Jul 22 20:29:14 2023 -> Archive support enabled. Sat Jul 22 20:29:14 2023 -> AlertExceedsMax heuristic detection disabled. Sat Jul 22 20:29:14 2023 -> Heuristic alerts enabled. Sat Jul 22 20:29:14 2023 -> Portable Executable support enabled. Sat Jul 22 20:29:14 2023 -> ELF support enabled. Sat Jul 22 20:29:14 2023 -> Mail files support enabled. Sat Jul 22 20:29:14 2023 -> OLE2 support enabled. Sat Jul 22 20:29:14 2023 -> PDF support enabled. Sat Jul 22 20:29:14 2023 -> SWF support enabled. Sat Jul 22 20:29:14 2023 -> HTML support enabled. Sat Jul 22 20:29:14 2023 -> XMLDOCS support enabled. Sat Jul 22 20:29:14 2023 -> HWP3 support enabled. Sat Jul 22 20:29:14 2023 -> Self checking every 600 seconds. Sat Jul 22 20:29:14 2023 -> Set stacksize to 1048576 socket found, clamd started. My container does not use `clamd`, only Freshclam and Clamscan. 1 Quote Link to comment
IronBeardKnight Posted August 21, 2023 Share Posted August 21, 2023 For those of you that have setup the script to go with the ClamAV container but have noticed little to no activity coming from it when running "Docker Stats" this may be the fix to your issue. I don't believe that the container is setup to do a scan on startup so you may have to trigger it by adding this line to the scripts as seen below in the screen shot. I have also figured out how to get multithreading working although be warned when using multi you may want to schedual it for when your not using your server as it can be quite CPU and RAM hungry. Some thoughts for you before you proceed with multithreaded scans are to put a memory limit on your docker through extra parameters. Multi Thread: exec('docker exec ClamAV sh -c "find /scan -type f -print0 | xargs -0 -P $(nproc) clamscan"'); Single Thread: exec('docker exec ClamAV sh -c "clamscan"'); 1 Quote Link to comment
Lonewolf147 Posted August 29, 2023 Share Posted August 29, 2023 On 6/16/2019 at 9:57 AM, Squid said: Updated to include the infected file in the notification #!/usr/bin/php <? exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"'); exec('docker start ClamAV'); for ( ;; ) { $status = trim(exec("docker ps | grep ClamAV")); if ( ! $status ) break; sleep(60); } exec("docker logs ClamAV 2>/dev/null",$logs); foreach ($logs as $line) { $virus = explode(" ",$line); if (trim(end($virus)) == "FOUND" ) { $infected .= "$line\n"; } } if ( ! $infected ) $infected = "No infections found\n"; exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"'); ?> script 689 B · 138 downloads Thanks for this script @Squid I was wondering if there is a way to add in an email notification of the scan results? Quote Link to comment
Maginos Posted August 29, 2023 Share Posted August 29, 2023 6 minutes ago, Lonewolf147 said: Thanks for this script @Squid I was wondering if there is a way to add in an email notification of the scan results? Have you set up notifications in unraid? There's one option to recieve email notifications from your server and the results from the clamav scan are included. Or do you want to recieve mail notifications only from your clamav scan and not from everything else? Quote Link to comment
Lonewolf147 Posted August 29, 2023 Share Posted August 29, 2023 13 minutes ago, Maginos said: Have you set up notifications in unraid? There's one option to recieve email notifications from your server and the results from the clamav scan are included. Or do you want to recieve mail notifications only from your clamav scan and not from everything else? I do have email notifications set up for Array Status. But I'd like to get an email for ClamAV only if possible. Quote Link to comment
Lonewolf147 Posted August 30, 2023 Share Posted August 30, 2023 On a different note, nothing seems to happen when I run ClamAV. I set the scan folder to one that only has two files in it to be able to test this. I've both started it manually, and using the aforementioned script (along with IronBeardKnight's extra line). The app starts, and just sits there. I tried waiting it out, starting it before I went to bed, but 8 hours later and it was still 'running'. I pulled the logs for it and it shows: Starting Freshclamd Starting ClamAV Socket for clamd not found yet, retrying (0/1800) ...ClamAV update process started at Tue Aug 29 11:47:19 2023 daily.cld database is up-to-date (version: 27015, sigs: 2040076, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Socket for clamd not found yet, retrying (17/1800) ...Tue Aug 29 11:47:36 2023 -> Limits: Global time limit set to 120000 milliseconds. Tue Aug 29 11:47:36 2023 -> Limits: Global size limit set to 419430400 bytes. Tue Aug 29 11:47:36 2023 -> Limits: File size limit set to 104857600 bytes. Tue Aug 29 11:47:36 2023 -> Limits: Recursion level limit set to 17. Tue Aug 29 11:47:36 2023 -> Limits: Files limit set to 10000. Tue Aug 29 11:47:36 2023 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxScriptNormalize limit set to 20971520 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxPartitions limit set to 50. Tue Aug 29 11:47:36 2023 -> Limits: MaxIconsPE limit set to 100. Tue Aug 29 11:47:36 2023 -> Limits: MaxRecHWP3 limit set to 16. Tue Aug 29 11:47:36 2023 -> Limits: PCREMatchLimit limit set to 100000. Tue Aug 29 11:47:36 2023 -> Limits: PCRERecMatchLimit limit set to 2000. Tue Aug 29 11:47:36 2023 -> Limits: PCREMaxFileSize limit set to 104857600. Tue Aug 29 11:47:36 2023 -> Archive support enabled. Tue Aug 29 11:47:36 2023 -> AlertExceedsMax heuristic detection disabled. Tue Aug 29 11:47:36 2023 -> Heuristic alerts enabled. Tue Aug 29 11:47:36 2023 -> Portable Executable support enabled. Tue Aug 29 11:47:36 2023 -> ELF support enabled. Tue Aug 29 11:47:36 2023 -> Mail files support enabled. Tue Aug 29 11:47:36 2023 -> OLE2 support enabled. Tue Aug 29 11:47:36 2023 -> PDF support enabled. Tue Aug 29 11:47:36 2023 -> SWF support enabled. Tue Aug 29 11:47:36 2023 -> HTML support enabled. Tue Aug 29 11:47:36 2023 -> XMLDOCS support enabled. Tue Aug 29 11:47:36 2023 -> HWP3 support enabled. Tue Aug 29 11:47:36 2023 -> Self checking every 600 seconds. Tue Aug 29 11:47:36 2023 -> Set stacksize to 1048576 socket found, clamd started. Tue Aug 29 11:58:20 2023 -> SelfCheck: Database status OK. Tue Aug 29 12:08:20 2023 -> SelfCheck: Database status OK. Tue Aug 29 12:18:21 2023 -> SelfCheck: Database status OK. Tue Aug 29 12:28:21 2023 -> SelfCheck: Database status OK. . . . Tue Aug 29 20:08:46 2023 -> SelfCheck: Database status OK. Tue Aug 29 20:18:46 2023 -> SelfCheck: Database status OK. If I run it via the script, the script never finishes. I have to manually abort. Any ideas? Quote Link to comment
TQ Posted August 30, 2023 Author Share Posted August 30, 2023 1 hour ago, Lonewolf147 said: On a different note, nothing seems to happen when I run ClamAV. I set the scan folder to one that only has two files in it to be able to test this. I've both started it manually, and using the aforementioned script (along with IronBeardKnight's extra line). The app starts, and just sits there. I tried waiting it out, starting it before I went to bed, but 8 hours later and it was still 'running'. I pulled the logs for it and it shows: Starting Freshclamd Starting ClamAV Socket for clamd not found yet, retrying (0/1800) ...ClamAV update process started at Tue Aug 29 11:47:19 2023 daily.cld database is up-to-date (version: 27015, sigs: 2040076, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Socket for clamd not found yet, retrying (17/1800) ...Tue Aug 29 11:47:36 2023 -> Limits: Global time limit set to 120000 milliseconds. Tue Aug 29 11:47:36 2023 -> Limits: Global size limit set to 419430400 bytes. Tue Aug 29 11:47:36 2023 -> Limits: File size limit set to 104857600 bytes. Tue Aug 29 11:47:36 2023 -> Limits: Recursion level limit set to 17. Tue Aug 29 11:47:36 2023 -> Limits: Files limit set to 10000. Tue Aug 29 11:47:36 2023 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxScriptNormalize limit set to 20971520 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Aug 29 11:47:36 2023 -> Limits: MaxPartitions limit set to 50. Tue Aug 29 11:47:36 2023 -> Limits: MaxIconsPE limit set to 100. Tue Aug 29 11:47:36 2023 -> Limits: MaxRecHWP3 limit set to 16. Tue Aug 29 11:47:36 2023 -> Limits: PCREMatchLimit limit set to 100000. Tue Aug 29 11:47:36 2023 -> Limits: PCRERecMatchLimit limit set to 2000. Tue Aug 29 11:47:36 2023 -> Limits: PCREMaxFileSize limit set to 104857600. Tue Aug 29 11:47:36 2023 -> Archive support enabled. Tue Aug 29 11:47:36 2023 -> AlertExceedsMax heuristic detection disabled. Tue Aug 29 11:47:36 2023 -> Heuristic alerts enabled. Tue Aug 29 11:47:36 2023 -> Portable Executable support enabled. Tue Aug 29 11:47:36 2023 -> ELF support enabled. Tue Aug 29 11:47:36 2023 -> Mail files support enabled. Tue Aug 29 11:47:36 2023 -> OLE2 support enabled. Tue Aug 29 11:47:36 2023 -> PDF support enabled. Tue Aug 29 11:47:36 2023 -> SWF support enabled. Tue Aug 29 11:47:36 2023 -> HTML support enabled. Tue Aug 29 11:47:36 2023 -> XMLDOCS support enabled. Tue Aug 29 11:47:36 2023 -> HWP3 support enabled. Tue Aug 29 11:47:36 2023 -> Self checking every 600 seconds. Tue Aug 29 11:47:36 2023 -> Set stacksize to 1048576 socket found, clamd started. Tue Aug 29 11:58:20 2023 -> SelfCheck: Database status OK. Tue Aug 29 12:08:20 2023 -> SelfCheck: Database status OK. Tue Aug 29 12:18:21 2023 -> SelfCheck: Database status OK. Tue Aug 29 12:28:21 2023 -> SelfCheck: Database status OK. . . . Tue Aug 29 20:08:46 2023 -> SelfCheck: Database status OK. Tue Aug 29 20:18:46 2023 -> SelfCheck: Database status OK. If I run it via the script, the script never finishes. I have to manually abort. Any ideas? Something tells me you are having the same issue as Can you do a `docker inspect ClamAV` and paste the contents? Sanitize to your level of paranoia. Quote Link to comment
Lonewolf147 Posted August 30, 2023 Share Posted August 30, 2023 (edited) 8 hours ago, TQ said: Can you do a `docker inspect ClamAV` and paste the contents? Sanitize to your level of paranoia. Here you go. Does it matter if the app is running or not? This report is with it not started. And yes, looks like I have the same issue as the other guy. Sorry, I didn't see that. I don't see a solution for them either though. ClamAV-Inspect.txt Edited August 30, 2023 by Lonewolf147 Quote Link to comment
TQ Posted August 30, 2023 Author Share Posted August 30, 2023 10 hours ago, Lonewolf147 said: Here you go. Does it matter if the app is running or not? This report is with it not started. And yes, looks like I have the same issue as the other guy. Sorry, I didn't see that. I don't see a solution for them either though. ClamAV-Inspect.txt 10.94 kB · 0 downloads Same issue I believe. You are using the "Official" clamav image which includes clamd (the underlying daemon, which I do not have in my image). So, I'm not sure what the issue is with that container, but if you pull mine, and install via CA, you should have a working clamscan. 1 Quote Link to comment
Lonewolf147 Posted August 31, 2023 Share Posted August 31, 2023 3 hours ago, TQ said: Same issue I believe. You are using the "Official" clamav image which includes clamd (the underlying daemon, which I do not have in my image). So, I'm not sure what the issue is with that container, but if you pull mine, and install via CA, you should have a working clamscan. That seemed to do it. Thanks! Quote Link to comment
mournful-hive3872 Posted September 14, 2023 Share Posted September 14, 2023 On 8/30/2023 at 6:47 PM, TQ said: Same issue I believe. You are using the "Official" clamav image which includes clamd (the underlying daemon, which I do not have in my image). So, I'm not sure what the issue is with that container, but if you pull mine, and install via CA, you should have a working clamscan. The "offical" ClamAV from CA, owned by Exes, has the "support forum" link pointing to this forum post. I think he must have copied yours and forgot to update that aspect? Anyway, I downloaded the offical one as well because it appeared to be more popular and was updated more recently. It does not appear to work how it states it should work and even though I was able to force it to scan with the command I could not figure out how to review the logs. I'll give TQ's version a try as it is being properly supported. I feel like the other package needs to be reviewed and possibly removed if it's not setup correctly. Quote Link to comment
letum00 Posted September 14, 2023 Share Posted September 14, 2023 35 minutes ago, mournful-hive3872 said: The "offical" ClamAV from CA, owned by Exes, has the "support forum" link pointing to this forum post. I think he must have copied yours and forgot to update that aspect? Anyway, I downloaded the offical one as well because it appeared to be more popular and was updated more recently. It does not appear to work how it states it should work and even though I was able to force it to scan with the command I could not figure out how to review the logs. I'll give TQ's version a try as it is being properly supported. I feel like the other package needs to be reviewed and possibly removed if it's not setup correctly. This was me, I logged in with the wrong email address. TQ's template deployed and began scanning immediately as expected. For anyone who comes here from the ClamAV marked "offical" in CA I would recommend removing it and switching to the template owned by TQ. 1 Quote Link to comment
TQ Posted September 30, 2023 Author Share Posted September 30, 2023 (edited) Updates today to squash CVEs and update ClamAV. | Tag | ClamAV Version | Alpine Version | | --- | --- | --- | | latest | 1.1.2-r0 | 3 | | edge | 1.2.0-r1 | Edge | Edited September 30, 2023 by TQ Quote Link to comment
robti Posted October 5, 2023 Share Posted October 5, 2023 Any help for a newbie who ran this morning and get this, just installed and started with defaults ? Quote Link to comment
TQ Posted October 5, 2023 Author Share Posted October 5, 2023 5 hours ago, robti said: Any help for a newbie who ran this morning and get this, just installed and started with defaults ? Quote Link to comment
Valkyrie Posted October 13, 2023 Share Posted October 13, 2023 (edited) I cleaned up the user script, just in case anyone is interested: #!/usr/bin/php <? enum Severity: string { case NORMAL = 'normal'; case WARNING = 'warning'; case ALERT = 'alert'; } function SendNotification(string $event, string $subject, string $description, Severity $importance) { exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e ' . escapeshellarg($event) . ' -s ' . escapeshellarg($subject) . ' -d ' . escapeshellarg($description) . ' -i ' . escapeshellarg($importance->value) . ''); } SendNotification("Antivirus Scan Started", "Antivirus Scan", "Antivirus Scan Started", Severity::NORMAL); exec('docker start ClamAV'); exec('docker exec ClamAV sh -c "find /scan -type f -print0 | xargs -0 -P $(nproc) clamscan"'); for (;;) { if (!trim(exec("docker ps | grep ClamAV"))) break; sleep(10); } $logs = []; exec("docker logs ClamAV 2>/dev/null", $logs); $currentLogs = array_slice($logs, array_search('Scanning /scan', array_reverse($logs, true)), null, false); $infected = []; $reportSeverity = Severity::NORMAL; foreach ($currentLogs as $line) { if (str_ends_with(trim($line), "FOUND")){ $infected[] = str_replace(["/scan", " FOUND"], "",trim($line)); $reportSeverity = Severity::ALERT; } } $infected = (count($infected) > 0) ? array_merge(["Infected files found:"], $infected) : ["No infected files found"]; SendNotification("Antivirus Scan Finished", "Antivirus Scan", implode("<br \>", $infected), $reportSeverity); ?> Edited October 14, 2023 by Valkyrie 1 Quote Link to comment
Lonewolf147 Posted October 14, 2023 Share Posted October 14, 2023 23 hours ago, Valkyrie said: I cleaned up the user script, just in case anyone is interested: Just copy/pasting this code into User Scripts I have an error right at the beginning Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.