TQ Posted June 15, 2019 Share Posted June 15, 2019 (edited) Overview: Support for Docker image tquinnelly/clamav-alpine which uses clamav, freshclam, and clamscan to scan your array. Application: ClamAV https://www.clamav.net/ Docker Hub: https://hub.docker.com/r/tquinnelly/clamav-alpine GitHub: https://www.github.com/tquizzle/clamav-alpine Expectations: This container will run when started, scan, then stop. If you want to scan again, just start it again. Before you post; are you using my image? There is another CA that is using my forum post for the "Official" image, which is often the cause of issues. Notification script from Squid: On 6/16/2019 at 9:57 AM, Squid said: Updated to include the infected file in the notification #!/usr/bin/php <? exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"'); exec('docker start ClamAV'); for ( ;; ) { $status = trim(exec("docker ps | grep ClamAV")); if ( ! $status ) break; sleep(60); } exec("docker logs ClamAV 2>/dev/null",$logs); foreach ($logs as $line) { $virus = explode(" ",$line); if (trim(end($virus)) == "FOUND" ) { $infected .= "$line\n"; } } if ( ! $infected ) $infected = "No infections found\n"; exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"'); ?> script 689 B · 24 downloads Logs This container logs to stdout. To see the logs you will have to execute the docker logs command. docker logs ClamAV Buy me a coffee? Edited March 9 by TQ Update for Clam version 3 Quote Link to comment
Squid Posted June 15, 2019 Share Posted June 15, 2019 7 minutes ago, Squid said: To schedule scans, Disable autostart on the app from the docker tab (otherwise it will do a scan everytime you start the server) - up to you. Run this as a user script on a schedule which you choose. Will send a start / stop notification with the # of infected files. You'll have to look at the logs to determine which file(s) are infected #!/usr/bin/php <? exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"'); exec('docker start ClamAV'); for ( ;; ) { $status = trim(exec("docker ps | grep ClamAV")); if ( ! $status ) break; sleep(600); } $infected = system("docker logs ClamAV | grep -i 'Infected'"); exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"'); ?> script 517 B · 0 downloads 3 Quote Link to comment
wgstarks Posted June 15, 2019 Share Posted June 15, 2019 If I add a second variable for path to scan will it scan both directories? Quote Link to comment
Squid Posted June 15, 2019 Share Posted June 15, 2019 You would make another instance of the container. Each instance scans whatever is specified 1 2 Quote Link to comment
wgstarks Posted June 15, 2019 Share Posted June 15, 2019 24 minutes ago, Squid said: You would make another instance of the container. Each instance scans whatever is specified Thanks Quote Link to comment
wgstarks Posted June 15, 2019 Share Posted June 15, 2019 27 minutes ago, Squid said: You would make another instance of the container. Each instance scans whatever is specified In the script you wrote I just need to edit the 2 references to “ClamAV” (docker run ClamAV and docker log ClamAV) to the name I used for whichever instance of the docker right? Quote Link to comment
Squid Posted June 15, 2019 Share Posted June 15, 2019 (edited) Yup - 3 References Edited June 15, 2019 by Squid Quote Link to comment
wgstarks Posted June 15, 2019 Share Posted June 15, 2019 3 minutes ago, Squid said: Yup - 3 References I can’t count that high. ☹️😁 Quote Link to comment
Squid Posted June 16, 2019 Share Posted June 16, 2019 (edited) Updated to include the infected file in the notification #!/usr/bin/php <? exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"'); exec('docker start ClamAV'); for ( ;; ) { $status = trim(exec("docker ps | grep ClamAV")); if ( ! $status ) break; sleep(60); } exec("docker logs ClamAV 2>/dev/null",$logs); foreach ($logs as $line) { $virus = explode(" ",$line); if (trim(end($virus)) == "FOUND" ) { $infected .= "$line\n"; } } if ( ! $infected ) $infected = "No infections found\n"; exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"'); ?> script Edited June 16, 2019 by Squid 1 Quote Link to comment
wgstarks Posted June 16, 2019 Share Posted June 16, 2019 2 hours ago, Squid said: Updated to include the infected file in the notification @Squid Thanks for the updated script. Is this the expected output if no infections are found? Event: Antivirus Scan Subject: Antivirus Scan Finished Description: Importance: normal Would it be possible to have something like "Files infected = 0" or maybe "No infections found" for Description? Quote Link to comment
Squid Posted June 16, 2019 Share Posted June 16, 2019 Oops. I had a positive on a txt file, so never thought to re-run after fixing it up. I've updated the script above Quote Link to comment
testdasi Posted June 16, 2019 Share Posted June 16, 2019 Stupid question: does it work cross platform? e.g. Linux docker detecting Windows / MacOS viruses? Quote Link to comment
JonathanM Posted June 16, 2019 Share Posted June 16, 2019 8 minutes ago, testdasi said: Stupid question: does it work cross platform? e.g. Linux docker detecting Windows / MacOS viruses? It checks for matches to the database, so it will detect anything in the database. At the file level, it's all just ones and zeros being checked. It's not like a full featured A/V inside your OS, that looks at critical run entries and such, all it does is scan the files. Quote Link to comment
TQ Posted June 17, 2019 Author Share Posted June 17, 2019 8 hours ago, jonathanm said: It checks for matches to the database, so it will detect anything in the database. At the file level, it's all just ones and zeros being checked. It's not like a full featured A/V inside your OS, that looks at critical run entries and such, all it does is scan the files. Yes. It will work on any docker install. Quote Link to comment
mwells Posted June 17, 2019 Share Posted June 17, 2019 (edited) If this container only scans when you start the container or from the user script that Squid provided here. Will the Clam Databases check for updates every time the docker runs as well? Or how do the updates for the definitions database work in this container? Edited June 17, 2019 by mwells Quote Link to comment
wgstarks Posted June 17, 2019 Share Posted June 17, 2019 (edited) 14 minutes ago, mwells said: If this container only scans when you start the container or from the user script that Squid provided here. Will the Clam Databases check for updates every time the docker runs as well? Or how do the updates for the definitions database work in this container? Quote from the github linked in OP- It will always update the ClamAV Database, by using the standard freshclam before running clamscan. Edited June 17, 2019 by wgstarks 1 Quote Link to comment
Glassed Silver Posted June 19, 2019 Share Posted June 19, 2019 On 6/15/2019 at 7:58 PM, wgstarks said: I can’t count that high. ☹️😁 Spotted the Valve employee. Quote Link to comment
mwells Posted June 20, 2019 Share Posted June 20, 2019 On 6/17/2019 at 8:24 AM, wgstarks said: Quote from the github linked in OP- Sorry, I missed that on the docker hub. Thanks Quote Link to comment
TQ Posted July 5, 2019 Author Share Posted July 5, 2019 Just noting that now this image uses Alpine resulting in a much smaller image size. Enjoy and no viruses! Quote Link to comment
TQ Posted September 6, 2019 Author Share Posted September 6, 2019 Unraid version now has UID/GID environment variables in there. Sent from my iPhone using Tapatalk Quote Link to comment
Squid Posted September 6, 2019 Share Posted September 6, 2019 Unraid version now has UID/GID environment variables in there. Sent from my iPhone using TapatalkNot until you fix the invalid XML fileSent from my NSA monitored device Quote Link to comment
TQ Posted September 6, 2019 Author Share Posted September 6, 2019 9 hours ago, Squid said: Not until you fix the invalid XML file Done. 1 Quote Link to comment
Cyberalien Posted October 3, 2019 Share Posted October 3, 2019 hello I run clamav it shows 2019-10-03T08:39:17+0000 ClamAV scanning started Updating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 ERROR: Can't create temporary directory /var/lib/clamav/clamav-435ac426ce5c25f4c347d7759f496c54.tmp An error occurred (freshclam returned with exit code '57') It works fine a few months ago and I dont know what happend , I check the unraid and have't found the user id is 100 , what should I do with it ? thank u Quote Link to comment
TQ Posted October 3, 2019 Author Share Posted October 3, 2019 9 hours ago, Cyberalien said: hello I run clamav it shows 2019-10-03T08:39:17+0000 ClamAV scanning started Updating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 ERROR: Can't create temporary directory /var/lib/clamav/clamav-435ac426ce5c25f4c347d7759f496c54.tmp An error occurred (freshclam returned with exit code '57') It works fine a few months ago and I dont know what happend , I check the unraid and have't found the user id is 100 , what should I do with it ? thank u Latest version has the option to run UID/GID to address this behavior. I'm not sure if it ever got updated in CA. @Squid can you verify? I should have fixed the invalid xml. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.