Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] ClamAV

Featured Replies

When I start the ClamAV container, the scan never seems to  start.  If I manually invoke ClamAV on the /scan directory, it starts and runs interactively in my terminal.  When I check the logs, I do not see where the scan starts.  What am I doing wrong?  Thanks!  

clamav.txt freshclam.txt

Edited by nate.smith317
Added log copy and paste

  • Replies 336
  • Views 113.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You would make another instance of the container.  Each instance scans whatever is specified

  • chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav chown -R nobody:users  /mnt/cache/appdata/clamav

Posted Images

2 hours ago, nate.smith317 said:

When I start the ClamAV container, the scan never seems to  start. 

What setting in parameter of container? 

It's better to use script for container to use it. 

  • Author
4 hours ago, Masterwishx said:

Do you have 99:100 permissions for Folder clamav As in container? 

 

Thanks Masterwishx for highlighting this.

 
Indeed, 99:100 is the "Docker Safe Permission" user:group that is set when you run that script (nobody:users). Also, the built-in "newperms" runs this same change.

 

If you have permission issues in your environment, I'd recommend either of these options on your ClamAV folder and running again.

~# ls -la /mnt/cache/appdata/clamav
total 20
drwxr-xr-x  2 nobody users   4 Jan 24 18:00 ./
drwxrwxrwx 14 nobody users  14 Aug 14 19:29 ../
-rw-rw-rw-  1 root   root  206 Jan 24 18:00 clamavloglast.txt
-rw-r--r--  1 root   root  146 Jan 24 18:00 clamavmaplog.txt

~# newperms /mnt/cache/appdata/clamav
Processing: /mnt/cache/appdata/clamav
... chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav
... chown -R nobody:users /mnt/cache/appdata/clamav
... sync

Completed, elapsed time: 00:00:00

~# ls -la /mnt/cache/appdata/clamav
total 20
drwxrwxrwx  2 nobody users   4 Jan 24 18:00 ./
drwxrwxrwx 14 nobody users  14 Aug 14 19:29 ../
-rw-rw-rw-  1 nobody users 206 Jan 24 18:00 clamavloglast.txt
-rw-rw-rw-  1 nobody users 146 Jan 24 18:00 clamavmaplog.txt

Hmmm, why is this not default when the Docker Container created the Folder?

Screenshot_20240124_222042.png.a522a81614e3e55f757fd1448f6fbf33.pngI don't have the clamavtargets.txt

  • 2 weeks later...

A Scan Time from under 1 Minute is very strange.

 

That's to fast!

For multiple Folders or generally.

 

Who can I see the reason and fix that?

  • Author
A Scan Time from under 1 Minute is very strange.
 
That's to fast!
For multiple Folders or generally.
 
Who can I see the reason and fix that?

I would start with the docker logs of the container. See what the errors tell you.
35 minutes ago, TQ said:


I would start with the docker logs of the container. See what the errors tell you.

 

The Log is not realy full.

From the Logs from the appdata Folder.

2024-02-05T18:00:01+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Mon Feb  5 18:00:01 2024
daily database available for update (local version: 27175, remote version: 27176)
Testing database: '/var/lib/clamav/tmp.f4fcca8fc9/clamav-c9679ca3d16a35cbd8ef83a889b2effa.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 27176, sigs: 2052336, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27176/Mon Feb  5 10:35:30 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684206
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 13.233 sec (0 m 13 s)
Start Date: 2024:02:05 18:00:07
End Date:   2024:02:05 18:00:20

 

The Docker Container Log:

WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory
LibClamAV Warning: Max file-size was set to 4294967296 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported.
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
LibClamAV Warning: Max file-size was set to 4294967296 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported.
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory
LibClamAV Warning: Max file-size was set to 4294967296 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported.
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27175/Sun Feb  4 10:36:45 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684116
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 13.054 sec (0 m 13 s)
Start Date: 2024:02:04 12:04:34
End Date:   2024:02:04 12:04:47

2024-02-04T18:00:01+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Sun Feb  4 18:00:01 2024
daily.cld database is up-to-date (version: 27175, sigs: 2052246, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27175/Sun Feb  4 10:36:45 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684116
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 12.743 sec (0 m 12 s)
Start Date: 2024:02:04 18:00:01
End Date:   2024:02:04 18:00:14

2024-02-05T18:00:01+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Mon Feb  5 18:00:01 2024
daily database available for update (local version: 27175, remote version: 27176)
Testing database: '/var/lib/clamav/tmp.f4fcca8fc9/clamav-c9679ca3d16a35cbd8ef83a889b2effa.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 27176, sigs: 2052336, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27176/Mon Feb  5 10:35:30 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684206
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 13.233 sec (0 m 13 s)
Start Date: 2024:02:05 18:00:07
End Date:   2024:02:05 18:00:20

** Drücke eine BELIEBIGE TASTE, um dieses Fenster zu schließen ** 

 

Apparently something has been changed in the max file size. I change this Parameter to 2 GB.

 

Here the Files from the appdata Folder.

# ls -la /mnt/user/appdata/clamav/
total 361649
drwxrwxrwx  2 nobody users           9 Feb  5 22:06 ./
drwxrwxrwx 33 nobody users          33 Nov  3 21:38 ../
-rw-r--r--  1    100 console    291965 Apr  7  2023 bytecode.cvd
-rw-r--r--  1 root   root          990 Feb  5 18:00 clamavloglast.txt
-rw-r--r--  1 root   root          895 Feb  5 18:00 clamavmaplog.txt
-rw-r--r--  1 root   root          215 Feb  5 18:00 clamavtargets.txt
-rw-r--r--  1    100 console 198986752 Feb  5 18:00 daily.cld
-rw-r--r--  1    100 console        69 Apr 24  2022 freshclam.dat
-rw-r--r--  1    100 console 170479789 Apr 24  2022 main.cvd

 

Edited by Revan335

  • Author
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt

 

This error is at the top.

This is your issue.

 

You've explicitly set "--file-list" but the container cannot see that file, or has no permission to it.

26 minutes ago, TQ said:

You've explicitly set "--file-list" but the container cannot see that file, or has no permission to it.

Whats Permissisons are needed?

  • Author
Whats Permissisons are needed?

Read at minimum
9 hours ago, Revan335 said:

Here the Files from the appdata Folder.

# ls -la /mnt/user/appdata/clamav/
total 361649
drwxrwxrwx  2 nobody users           9 Feb  5 22:06 ./
drwxrwxrwx 33 nobody users          33 Nov  3 21:38 ../
-rw-r--r--  1    100 console    291965 Apr  7  2023 bytecode.cvd
-rw-r--r--  1 root   root          990 Feb  5 18:00 clamavloglast.txt
-rw-r--r--  1 root   root          895 Feb  5 18:00 clamavmaplog.txt
-rw-r--r--  1 root   root          215 Feb  5 18:00 clamavtargets.txt
-rw-r--r--  1    100 console 198986752 Feb  5 18:00 daily.cld
-rw-r--r--  1    100 console        69 Apr 24  2022 freshclam.dat
-rw-r--r--  1    100 console 170479789 Apr 24  2022 main.cvd

 

3 hours ago, TQ said:

Read at minimum

Read is exist for everyone.

  • Author
4 hours ago, Revan335 said:

 

Read is exist for everyone.

 

Permissions are correct. But the error persists. 

Perhaps your volume mounts are not correct.

 

Do you have a volume mounted for the directory you are trying to scan as well as the file that has the scan folders in it?

 

From my Github documentation:

docker run -d --name=ClamAV \
  --cpuset-cpus='0,1' \
  -v /path/to/scan:/scan:ro \
  -v /path/to/sig:/var/lib/clamav:rw \
  tquinnelly/clamav-alpine -i --log=/var/lib/clamav/log.log --max-filesize=2048M

 

That path to "signatures" is the path you are working with.

Is that path mounted? If not, you have to mount it before calling a file in it.

It also is relevant to the container path, not the host.

--file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt

 

If you've mounted it as in my example, it would be:

--file-list=/var/lib/clamav/clamavtargets.txt

 

docker run
  -d
  --name='ClamAV'
  --net='bridge'
  -e TZ="Europe/Berlin"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="***"
  -e HOST_CONTAINERNAME="ClamAV"
  -e 'USER_ID'='99'
  -e 'GROUP_ID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://github.com/tquizzle/clamav-alpine/blob/master/img/clamav.png?raw=1'
  -v '/mnt/user':'/scan':'ro'
  -v '/mnt/user/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine'
  -i
  --log=/var/lib/clamav/log.log
  --max-filesize=2048M
  --max-scansize=2048M
  -f 
  --file-list=/scan/appdata/clamav/clamavtargets.txt

Yes, its mounted from the Default Template.

 

With this, we became the same error:

docker run
  -d
  --name='ClamAV'
  --net='bridge'
  -e TZ="Europe/Berlin"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="***"
  -e HOST_CONTAINERNAME="ClamAV"
  -e 'USER_ID'='99'
  -e 'GROUP_ID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://github.com/tquizzle/clamav-alpine/blob/master/img/clamav.png?raw=1'
  -v '/mnt/user':'/scan':'ro'
  -v '/mnt/user/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine'
  -i
  --log=/var/lib/clamav/log.log
  --max-filesize=2048M
  --max-scansize=2048M
  -f
  --file-list=/var/lib/clamav/clamavtargets.txt

 

WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file --file-list=/var/lib/clamav/clamavtargets.txt

2024-02-06T13:44:10+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Tue Feb  6 13:44:10 2024
daily.cld database is up-to-date (version: 27177, sigs: 2052428, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27177/Tue Feb  6 10:34:50 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684298
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 12.888 sec (0 m 12 s)
Start Date: 2024:02:06 13:44:10
End Date:   2024:02:06 13:44:23

 

Edited by Revan335

  • Author

Maybe try without scan targets txt file.

In the errors, you can see the container cannot open that file

On 2/6/2024 at 2:07 PM, TQ said:

Maybe try without scan targets txt file.

In the errors, you can see the container cannot open that file

OK, without that. Its Running longer.

 

This is the actually log:

2024-02-07T17:21:25+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Wed Feb  7 17:21:26 2024
daily database available for update (local version: 27177, remote version: 27178)
Testing database: '/var/lib/clamav/tmp.ca29159519/clamav-29d3efd36d02b5b2da1c73d66e4f2cac.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

Freshclam updated the DB

ClamAV 1.2.1/27178/Wed Feb  7 10:35:39 2024

Scanning /scan


 

But why have my two Servers this Permission Error?

With or without the Improved Script from @Masterwishx

  • Author
5 hours ago, Revan335 said:

OK, without that. Its Running longer.

 

This is the actually log:

2024-02-07T17:21:25+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Wed Feb  7 17:21:26 2024
daily database available for update (local version: 27177, remote version: 27178)
Testing database: '/var/lib/clamav/tmp.ca29159519/clamav-29d3efd36d02b5b2da1c73d66e4f2cac.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

Freshclam updated the DB

ClamAV 1.2.1/27178/Wed Feb  7 10:35:39 2024

Scanning /scan


 

But why have my two Servers this Permission Error?

With or without the Improved Script from @Masterwishx

 

Permissions have nothing to do with @Masterwishx script. 

The should inherit from the UID/GID passed via the container.

  • Author

I was able to utilize the --file-list option and scanned a specific directory (a subdirectory of /scan)

 

...
daily.cld database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27178/Wed Feb  7 03:35:39 2024

Scanning /scan

WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)

----------- SCAN SUMMARY -----------
Known viruses: 8684340
Engine version: 1.2.1
Scanned directories: 29
Scanned files: 1427
Infected files: 0
Data scanned: 65.70 MB
Data read: 25121.64 MB (ratio 0.00:1)
Time: 271.660 sec (4 m 31 s)
Start Date: 2024:02:07 16:40:51
End Date:   2024:02:07 16:45:23

2024-02-07T16:45:23-06:00 ClamAV scanning finished

 

Latest reconfigured container options:

docker run
  -d
  --name='ClamAV'
  --net='bridge'
  --cpuset-cpus='0,1'
  -e TZ="America/Chicago"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME=""
  -e HOST_CONTAINERNAME="ClamAV"
  -e 'USER_ID'='99'
  -e 'GROUP_ID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://github.com/tquizzle/clamav-alpine/blob/master/img/clamav.png?raw=1'
  -v '/mnt/cache/appdata/downloads/':'/scan':'ro'
  -v '/mnt/cache/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine'
  -i
  --file-list=/var/lib/clamav/scanfiles
  --log=/var/lib/clamav/log.log
  --max-filesize=2040M

 

File list: scanfiles

/scan/subdirectory/another-directory

 

 

The key point here is that the reference to these supporting files passed in as vars are from the containers path, not the host.

Hope this helps anyone facing this challenge.

31 minutes ago, TQ said:
  --file-list=/var/lib/clamav/scanfiles

This is a directory?

 

31 minutes ago, TQ said:

File list: scanfiles

/scan/subdirectory/another-directory

 

This is the Entry of scanfiles but than he is a txt file and not a directory?

And without the -f Parameter?

 

For example /scan/download/testfolder

Edited by Revan335

Maybe I got it:

-i --log=/var/lib/clamav/log.log --max-filesize=2048M --max-scansize=2048M --file-list=/var/lib/clamav/clamavtargets.txt

Without the -f

 

I monitoring this. At the next run.

 

Can you update the Template with the new Information's/Parameters?

  • Author
2 hours ago, Revan335 said:

This is a directory?

No, it is a file that has the contents that is listed below.

 

2 hours ago, Revan335 said:

This is the Entry of scanfiles but than he is a txt file and not a directory?

 

For example /scan/download/testfolder

Yes.


-f is the shorthand version of --file-list

On 2/5/2024 at 10:01 PM, Revan335 said:
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

Can I fix this?

Anyone know how to get clamav to not scan .iso files. I would like to use it from the command line and not write a mile long script.

I have tried --exclude=*.iso and ?.iso  but neither one worked.

 

If I have posted this in the wrong spot. please excuse me. I tried doing a search for this but when it returns 10 plus pages... what is the point of a search. This forum software kinda sucks.

Edited by doogle
additional info

  • Author
11 hours ago, doogle said:

Anyone know how to get clamav to not scan .iso files. I would like to use it from the command line and not write a mile long script.

I have tried --exclude=*.iso and ?.iso  but neither one worked.

 

If I have posted this in the wrong spot. please excuse me. I tried doing a search for this but when it returns 10 plus pages... what is the point of a search. This forum software kinda sucks.

 

You can add your --exclude to the post-args section.

 

Per the man page, you must use REGEX for the exclude option. I tested this in my environment.

--exclude="^(.*\.iso)$"

 

On 2/11/2024 at 4:53 AM, TQ said:

 

You can add your --exclude to the post-args section.

 

Per the man page, you must use REGEX for the exclude option. I tested this in my environment.

--exclude="^(.*\.iso)$"

 

Thanx for the response! I did investigate the REGEX thing. oh boy it started giving me a headache. You could earn a masters degree trying to figure that stuff out! I tried to find a way to change the defaults when clamav starts up but apparently the configure script is just not there with the unraid version. It looks like from the standard clamav documentation your supposed to be able to run this script, but it did not exist in my docker. Here is what I ended up coming up with .....

clamscan -r -i -z --exclude=\.iso --detect-pua=yes --alert-broken=yes --alert-broken-media=yes --alert-encrypted=yes --alert-macros=yes --alert-exceeds-max=no --max-dir-recursion=300 --max-recursion=300 -l /var/clamav.log /scan

 

I noticed that your version of the regex uses the ^ symbol, which I took from the documentation to mean DOES NOT MATCH.  Like I said the regex stuff is not very friendly at all. I just used the \.iso figuring the chances of running into a file that has .iso in the filename and not the extension are pretty slim. I found it annoying that I can only get clamav to scan up to a 4 Gb file. It does seem to find stuff that other av's do not so I'm happy with that.

Edited by doogle
forgot to ask

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.