Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] ClamAV

Featured Replies

Overview: Support for Docker image tquinnelly/clamav-alpine which uses clamav, freshclam, and clamscan to scan your array.

Application: ClamAV https://www.clamav.net/

Docker Hub: https://hub.docker.com/r/tquinnelly/clamav-alpine

GitHub: https://www.github.com/tquizzle/clamav-alpine

 

Expectations:

This container will run when started, scan, then stop. If you want to scan again, just start it again.

 

Notification script from Squid:

On 6/16/2019 at 9:57 AM, Squid said:

Updated to include the infected file in the notification

#!/usr/bin/php
<?
exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"');
exec('docker start ClamAV');
for ( ;; ) {
  $status = trim(exec("docker ps | grep ClamAV"));
  if ( ! $status ) break;
  sleep(60);
}
exec("docker logs ClamAV 2>/dev/null",$logs);
foreach ($logs as $line) {
  $virus = explode(" ",$line);
  if (trim(end($virus)) == "FOUND" ) {
    $infected .= "$line\n";
  }
}

if ( ! $infected ) $infected = "No infections found\n";

exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"');
?>

 

script 689 B · 24 downloads

 

 

Logs

This container logs to stdout. To see the logs you will have to execute the docker logs command.

docker logs ClamAV

Buy me a coffee?

 

cm09riqw0006dkl2usklkiqaz.gif

Edited by TQ
Update for Clam version

  • Replies 336
  • Views 113.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You would make another instance of the container.  Each instance scans whatever is specified

  • chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav chown -R nobody:users  /mnt/cache/appdata/clamav

Posted Images

7 minutes ago, Squid said:

To schedule scans,

 

Disable autostart on the app from the docker tab (otherwise it will do a scan everytime you start the server) - up to you.

 

Run this as a user script on a schedule which you choose.  Will send a start / stop notification with the # of infected files.  You'll have to look at the logs to determine which file(s) are infected


#!/usr/bin/php
<?
exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"');
exec('docker start ClamAV');
for ( ;; ) {
  $status = trim(exec("docker ps | grep ClamAV"));
  if ( ! $status ) break;
  sleep(600);
}
$infected = system("docker logs ClamAV | grep -i 'Infected'");
exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"');
?>

 

script 517 B · 0 downloads

 

If I add a second variable for path to scan will it scan both directories?

You would make another instance of the container.  Each instance scans whatever is specified

24 minutes ago, Squid said:

You would make another instance of the container.  Each instance scans whatever is specified

Thanks

27 minutes ago, Squid said:

You would make another instance of the container.  Each instance scans whatever is specified

In the script you wrote I just need to edit the 2 references to “ClamAV” (docker run ClamAV and docker log ClamAV) to the name I used for whichever instance of the docker right?

3 minutes ago, Squid said:

Yup - 3 References

I can’t count that high. ☹️😁

Updated to include the infected file in the notification

#!/usr/bin/php
<?
exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"');
exec('docker start ClamAV');
for ( ;; ) {
  $status = trim(exec("docker ps | grep ClamAV"));
  if ( ! $status ) break;
  sleep(60);
}
exec("docker logs ClamAV 2>/dev/null",$logs);
foreach ($logs as $line) {
  $virus = explode(" ",$line);
  if (trim(end($virus)) == "FOUND" ) {
    $infected .= "$line\n";
  }
}

if ( ! $infected ) $infected = "No infections found\n";

exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"');
?>

 

 

script

Edited by Squid

2 hours ago, Squid said:

Updated to include the infected file in the notification

@Squid Thanks for the updated script.

Is this the expected output if no infections are found?

Event: Antivirus Scan
Subject: Antivirus Scan Finished
Description: 
Importance: normal

Would it be possible to have something like "Files infected = 0" or maybe "No infections found" for Description?

Oops.  I had a positive on a txt file, so never thought to re-run after fixing it up.  I've updated the script above

Stupid question: does it work cross platform? e.g. Linux docker detecting Windows / MacOS viruses?

8 minutes ago, testdasi said:

Stupid question: does it work cross platform? e.g. Linux docker detecting Windows / MacOS viruses?

It checks for matches to the database, so it will detect anything in the database. At the file level, it's all just ones and zeros being checked. It's not like a full featured A/V inside your OS, that looks at critical run entries and such, all it does is scan the files.

  • Author
8 hours ago, jonathanm said:

It checks for matches to the database, so it will detect anything in the database. At the file level, it's all just ones and zeros being checked. It's not like a full featured A/V inside your OS, that looks at critical run entries and such, all it does is scan the files.

Yes. It will work on any docker install.

If this container only scans when you start the container or from the user script that Squid provided here.  Will the Clam Databases check for updates every time the docker runs as well?  Or how do the updates for the definitions database work in this container?

 

Edited by mwells

14 minutes ago, mwells said:

If this container only scans when you start the container or from the user script that Squid provided here.  Will the Clam Databases check for updates every time the docker runs as well?  Or how do the updates for the definitions database work in this container?

 

Quote from the github linked in OP-

It will always update the ClamAV Database, by using the standard freshclam before running clamscan.

Edited by wgstarks

On 6/15/2019 at 7:58 PM, wgstarks said:

I can’t count that high. ☹️😁

Spotted the Valve employee. :P

On 6/17/2019 at 8:24 AM, wgstarks said:

Quote from the github linked in OP-

 

 

Sorry, I missed that on the docker hub.  Thanks

  • Author

Just noting that now this image uses Alpine resulting in a much smaller image size.

Enjoy and no viruses!

  • 2 months later...
  • Author

Unraid version now has UID/GID environment variables in there.


Sent from my iPhone using Tapatalk

Unraid version now has UID/GID environment variables in there.


Sent from my iPhone using Tapatalk
Not until you fix the invalid XML file

Sent from my NSA monitored device

  • Author
9 hours ago, Squid said:

Not until you fix the invalid XML file

Done.

  • 4 weeks later...

hello 

  I run clamav it shows 

 


2019-10-03T08:39:17+0000 ClamAV scanning started

Updating ClamAV scan DB
Hint: The database directory must be writable for UID 100 or GID 101
ERROR: Can't create temporary directory /var/lib/clamav/clamav-435ac426ce5c25f4c347d7759f496c54.tmp



An error occurred (freshclam returned with exit code '57')

It works fine a few months ago and I dont know what happend , I check the unraid and have't found the user id is 100 , what should I do with it ?

 

thank u 

  • Author
9 hours ago, Cyberalien said:

hello 

  I run clamav it shows 

 



2019-10-03T08:39:17+0000 ClamAV scanning started

Updating ClamAV scan DB
Hint: The database directory must be writable for UID 100 or GID 101
ERROR: Can't create temporary directory /var/lib/clamav/clamav-435ac426ce5c25f4c347d7759f496c54.tmp



An error occurred (freshclam returned with exit code '57')

It works fine a few months ago and I dont know what happend , I check the unraid and have't found the user id is 100 , what should I do with it ?

 

thank u 

Latest version has the option to run UID/GID to address this behavior.

 

I'm not sure if it ever got updated in CA.

@Squid can you verify? I should have fixed the invalid xml.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.