Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] ClamAV

Featured Replies

  • Author
On 3/19/2020 at 3:58 PM, chip said:

Do I need to worry about the errors listed in the below?

 

2020-03-19T17:05:05+0000 ClamAV process starting

Updating ClamAV scan DB
LibClamAV Warning: Cannot dlopen libclamunrar_iface: file not found - unrar support unavailable
ClamAV update process started at Thu Mar 19 17:05:05 2020
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.102.1 Recommended version: 0.102.2
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
daily database available for update (local version: 25755, remote version: 25756)
Testing database: '/var/lib/clamav/tmp/clamav-f7f0b66ce827844c8f5352135dee0529.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 25756, sigs: 2229890, f-level: 63, builder: raynman)
main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

The unrar errors: I'll fix in just a moment.

The clamd.sock error; no, that's just clamav trying to notify the clamav daemon (not running) about its scan results.

  • Replies 336
  • Views 113.1k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You would make another instance of the container.  Each instance scans whatever is specified

  • chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav chown -R nobody:users  /mnt/cache/appdata/clamav

Posted Images

  • Author
3 hours ago, Flubster said:

package clamav-libunrar and unrar is missing from the dockerfile, also clamav is out of date as the dockerfile has a specific version installing rather than the latest in the alpine packages.

 

You can fix (until the maintainer sorts) by:

 

opening a console

 

apk update

apk del clamav

apk add clamav

apk add clamav-libunrar

apk add unrar

 

then restart the container.

 

Dave

Thanks Dave.

 

I've updated the clamav version as well as added the clamav-unrar libs.

2020-05-23T12:25:05+0000 ClamAV process starting

Updating ClamAV scan DB
ClamAV update process started at Sat May 23 12:25:06 2020
daily database available for download (remote version: 25820)
Time: 1.6s, ETA: 0.0s [=============================>] 63.14MiB/63.14MiB
Testing database: '/var/lib/clamav/tmp.319e6/clamav-d7cb4002549b22ae34aa0e790e0def2a.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 25820, sigs: 2462534, f-level: 63, builder: raynman)
main database available for download (remote version: 59)
Time: 2.5s, ETA: 0.0s [=============================>] 112.40MiB/112.40MiB
Testing database: '/var/lib/clamav/tmp.319e6/clamav-d10a40146f6be5d2f5a27ad8e3da72d6.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
bytecode database available for download (remote version: 331)
Time: 0.2s, ETA: 0.0s [=============================>] 289.44KiB/289.44KiB
Testing database: '/var/lib/clamav/tmp.319e6/clamav-40ed796077acdbd8f6d30c39d900f873.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory


Freshclam updated the DB

ClamAV 0.102.3/25820/Fri May 22 12:21:08 2020

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 7016614
Engine version: 0.102.3
Scanned directories: 30
Scanned files: 47
Infected files: 0
Data scanned: 0.54 MB
Data read: 0.32 MB (ratio 1.66:1)
Time: 35.471 sec (0 m 35 s)

Updated on Github and Dockerhub.

  • 3 weeks later...

i added the notify user script but im getting this.

 

Script location: /tmp/user.scripts/tmpScripts/clamav/script
Note that closing this window will abort the execution of this script
/tmp/user.scripts/tmpScripts/clamav/script: line 3: ?: No such file or directory
/tmp/user.scripts/tmpScripts/clamav/script: line 4: syntax error near unexpected token `'/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"''
/tmp/user.scripts/tmpScripts/clamav/script: line 4: `exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"');'

 

do i still need to install something else ?

1 hour ago, KoNeko said:

do i still need to install something else ?

You need to post exactly what shows up when you edit the script in user scripts

12 minutes ago, Squid said:

You need to post exactly what shows up when you edit the script in user scripts

#!/bin/bash
#!/usr/bin/php
<?
exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"');
exec('docker start ClamAV');
for ( ;; ) {
  $status = trim(exec("docker ps | grep ClamAV"));
  if ( ! $status ) break;
  sleep(60);
}
exec("docker logs ClamAV 2>/dev/null",$logs);
foreach ($logs as $line) {
  $virus = explode(" ",$line);
  if (trim(end($virus)) == "FOUND" ) {
    $infected .= "$line\n";
  }
}

if ( ! $infected ) $infected = "No infections found\n";

exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"');
?>

this is what is in the script i see what i did wrong now :)

 

i removed the top one  bin bash and it doesnt give any errors anymore when i run the script

 

  • 2 weeks later...

Hi there,

 

I ran a complete (user0) scan, and get it finalized :


Engine version: 0.102.3
Scanned directories: 6499
Scanned files: 68931
Infected files: 0
Data scanned: 535740.32 MB
Data read: 835299.34 MB (ratio 0.64:1)
Time: 173506.039 sec (2891 m 46 s)

2020-06-25T18:07:24+0000 ClamAV scanning finished

 

Is the time ok ?? It ran 40+ hours...

Thanks

  • 2 weeks later...
  • Author
On 6/26/2020 at 2:44 AM, Gregori said:

Hi there,

 

I ran a complete (user0) scan, and get it finalized :


Engine version: 0.102.3
Scanned directories: 6499
Scanned files: 68931
Infected files: 0
Data scanned: 535740.32 MB
Data read: 835299.34 MB (ratio 0.64:1)
Time: 173506.039 sec (2891 m 46 s)

2020-06-25T18:07:24+0000 ClamAV scanning finished

 

Is the time ok ?? It ran 40+ hours...

Thanks

Probably. ClamAV utilizes only 1 core as to not crush your machine when it's scanning. So for 6500 directories and 69,000 files, it might take a while.

  • 2 months later...

Has anyone figured this out for Nextcloud use? I'll be using Nextcloud to work with my students. I just want to get infected and others get infected. 

  • 4 weeks later...
  • Author

FYI: Bumped Clam versions last night.

Should now be clamav 0.102.4-r1

  • 2 months later...
On 9/13/2020 at 6:18 AM, marlouiegene18 said:

Has anyone figured this out for Nextcloud use? I'll be using Nextcloud to work with my students. I just want to get infected and others get infected. 

If it's still relevant for you, I got a solution that works fine for me.

 

You should enable the additional search results from dockerhub in the CA settings

grafik.png.71def74bd31a37a95247103fe5a6bf4f.png

 

Then proceed with the following steps:

1. In Apps-tab search for "docker-clamav"

2. Click on "Click Here To Get More Results From DockerHub"

3. Select the following container (it's from mkodockx, you can verify by click on the link to dockerhub page):

grafik.png.ae2694db3df160bbc9798ad43603e36f.png

 

4. Install with these attributes(beside the standard template, you just have to set up the port 3310). I don't know if it's relevant: My nextcloud container is in the user defined network "proxynet" like spaceinvaderone explained in

his video for a setting up a reverse proxy. I think at least it's important, that both containers using the same network.

grafik.thumb.png.b63d6fe6b1c82b8de21f35a412b53029.png

 

5. After installing the docker-clamav container, edit the nextcloud container, enable "advanced view" in the up right corner and add the extra parameter --link docker-clamav.

grafik.thumb.png.25a83129c6ebc38107aa29aff3678277.png

 

6. Restarting both containers and everything should work fine. You can test it with some false virus signatures downloaded here:

https://www.eicar.org/?page_id=3950

 

To set it up, I followed the instructions from the following website:  https://www.virtualconfusion.net/clamav-for-nextcloud-on-docker/

 

Edited by Voss

  • 1 month later...

Hi--I have been using your docker image for a while now in Unraid 6.8.3, it works great, thank you for all your work on it! However lately I am getting these errors in the logs:

 

LibClamAV Warning: Bytecode 79 failed to run: CL_ETIMEOUT: Time limit reached

LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes

 

It is still catching viruses and trojans (just ran it on a backup for my gf's main machine before she upgraded the hdd and caught several), but if I am reading the end results correctly:

 

----------- SCAN SUMMARY -----------
Known viruses: 8748948
Engine version: 0.102.4

Scanned directories: 159783
Scanned files: 712394
Infected files: 5
Data scanned: 640178.14 MB
Data read: 5307618.48 MB (ratio 0.12:1)
Time: 46830.559 sec (780 m 30 s)

 

It is only scanning about 10% of the total server. Is that right or is this all just it skipping things it has scanned on previous passes? And if these errors are a concern, where/how can I adjust the Bytecode Timeout setting?

  • Author

You're welcome, and I'm glad it's been useful.

 

I think I've found something that might be what's occurring in your case.

Quote

Bytecode signatures are a specialized type of ClamAV signature which is able to perform additional processing of the scanned file and allow for more robust detection. Unlike the standard ClamAV signature types, bytecode signatures have a number of unique distinctions which need to be respected for their effective usage.

Quote

Bytecode signatures, by default, are considered untrusted. In fact, only bytecode signatures published by Cisco, in the bytecode.cvd are considered “trusted”. This means that the ClamAV engine will, by default, never load, trigger or execute untrusted bytecodes. One can bypass this safety mechanism by specifying the bytecode unsigned option to the engine but it should be noted that it is up to the user’s discretion on using untrusted bytecode signatures.

 

One issue is you might not have enough ram to process this particular file. It's a stretch, but a possible cause.

 

To address the timeout, you should be able to pass a command line variable

--bytecode-timeout=[time in ms]

 

I've never had this issue, so let us know if this works and/or is helpful.

Source: StackExchange

Edited by TQ

I at the time had 64gb of RAM, so I am going to assume that wasn't the issue (I just installed 128--er. 125.9 usable for some reason, but still); both runs have the warnings. To be totally clear, they are colored as warnings, not errors, in the Unraid log. I'm not overly worried or anything, just wanted to know if this is something I should be fixing. :)

 

Also this probably isn't important as the databases are updating fine and well, but I AM getting this error at the end of the of the opening "testing database" part of the log:

 

WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

 

Edited by greyday

  • Author
On 1/27/2021 at 9:16 AM, greyday said:

Also this probably isn't important as the databases are updating fine and well, but I AM getting this error at the end of the of the opening "testing database" part of the log:

 


WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

 

 

First post on this page :)

...that's just clamav trying to notify the clamav daemon (not running) about its scan results.

  • Author

FYI: Bumped Clam versions this morning.

Now is clamav 0.103.0-r1

On 1/31/2021 at 3:31 AM, TQ said:

FYI: Bumped Clam versions this morning.

Now is clamav 0.103.0-r1

I saw that! In day 3 of parity check, will be updating as soon as it's done. :)

Is it possible to have some progress indicator on the log, maybe a file counter that updated every hour or similar?

I'm about to scan 2.1 mill files, which I assume will take quite a long time, so some sort of indicator would be helpful.

Is there any way for ClamAV to actively scan new files are they are downloaded or imported?

Thinking if I use SABnzbd to download stuff, for Clam to always be monitoring that folder for anything bad.

Also like Nextcloud or Picture imports as and when they get imported for Clam to actively monitor files as they are being installed.

Is this possible?

  • Author
1 hour ago, parsec said:

Is it possible to have some progress indicator on the log, maybe a file counter that updated every hour or similar?

I'm about to scan 2.1 mill files, which I assume will take quite a long time, so some sort of indicator would be helpful.

 

Possibly doable. I'd probably have to dig into the scan script and add a progress bar into it.

  • Author
1 hour ago, SavellM said:

Is there any way for ClamAV to actively scan new files are they are downloaded or imported?

Thinking if I use SABnzbd to download stuff, for Clam to always be monitoring that folder for anything bad.

Also like Nextcloud or Picture imports as and when they get imported for Clam to actively monitor files as they are being installed.

Is this possible?

 

Great idea. I think for this to be something that actually works, this container would not be the one.

I'd (or someone else) would have to write one for clamd (the daemon used for ClamAV), as this one only updates the dbs and runs a scan.

1 hour ago, TQ said:

 

Possibly doable. I'd probably have to dig into the scan script and add a progress bar into it.

That would be so awesome :D... I'm a very willing betatester :D

  • 2 weeks later...

I have started having problems with this docker recently. Not sure exactly when they started but I noticed this error repeating in the log-

LibClamAV Error: CRITICAL: fmap() failed

I get this every time I attempt a scan.

 

 

brunnhilde-diagnostics-20210221-2247.zip

Edited by wgstarks

11 hours ago, wgstarks said:

I have started having problems with this docker recently. Not sure exactly when they started but I noticed this error repeating in the log-


LibClamAV Error: CRITICAL: fmap() failed

I get this every time I attempt a scan.

 

 

I just download this container for the 1st time and I am getting the same errors in my log

 

unRAID 6.8.3

 

This seems to be related to scanning large files but from what google is showing me it was fixed in an earlier release. I’m wondering if there is a problem with the current release?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.