Aegisnir Posted June 21, 2022 Share Posted June 21, 2022 On 6/18/2022 at 11:29 AM, Squid said: It's listed in the logs for the app. The script post much earlier should alert you as to which file(s) It does nothing. That's for you to decide what to do with it Sorry. I wasnt sure if the script notifies which files are detected as infected. I grabbed by script from somewhere on this forum a while back and it only stated I had an infected file with no other information regarding it. I did manually check the logs but didnt know what I was looking for as the logs also just reported it found a file but not where it was. Updated my script with the most recent iteration I saw posted. Thanks. Quote Link to comment
jmztaylor Posted June 27, 2022 Share Posted June 27, 2022 So about 10 mins into the scan I get this error. All disk spin down after this so I am pretty sure its not scanning anymore. Any ideas? LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached Quote Link to comment
gtishtar Posted July 12, 2022 Share Posted July 12, 2022 On 4/17/2022 at 1:54 AM, Masterwishx said: updated Helediron scan script for use with the shares that have space between ... i tried to put 'pc backups' ,pc\ backups or pc backups in FOLDERSWEEKLY, None of them work. any ideas how to put folder name with space correctly to get script to work? Quote Link to comment
Masterwishx Posted July 12, 2022 Share Posted July 12, 2022 (edited) On 7/12/2022 at 10:23 AM, gtishtar said: i tried to put 'pc backups' ,pc\ backups or pc backups in FOLDERSWEEKLY, None of them work. any ideas how to put folder name with space correctly to get script to work? Yes, use my updated script to use spaces in Shares Folders. script 17.1.24 Updated script for Exclude SubFolders. Also on https://github.com/masterwishx/Unraid-User-Scripts/tree/main/ClamAV Scan script # Set to Exclude Subfolders "yes/no". exclude_subfolders="yes" EXCLUDEDSUBFOLDERS=("Test" "Adobe Documents") Edited January 17 by Masterwishx Quote Link to comment
TQ Posted July 14, 2022 Author Share Posted July 14, 2022 On 6/27/2022 at 2:34 PM, jmztaylor said: So about 10 mins into the scan I get this error. All disk spin down after this so I am pretty sure its not scanning anymore. Any ideas? LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached From what I've experienced, it's usually due to permissions on the appdata folder for Clam. Try to run that aforementioned fix for perms and see if that helps. Quote Link to comment
TQ Posted July 14, 2022 Author Share Posted July 14, 2022 On 6/18/2022 at 10:29 AM, Squid said: It's listed in the logs for the app. The script post much earlier should alert you as to which file(s) It does nothing. That's for you to decide what to do with it Squid is, of course, correct. You can check the documentation that I have provided on Docker Hub and pass those parameters via Post Arguments in the container config. 1 Quote Link to comment
jmztaylor Posted July 15, 2022 Share Posted July 15, 2022 16 hours ago, TQ said: From what I've experienced, it's usually due to permissions on the appdata folder for Clam. Try to run that aforementioned fix for perms and see if that helps. Nope that did nothing Quote Link to comment
TQ Posted July 15, 2022 Author Share Posted July 15, 2022 Nope that did nothingHave you tried changing this?--bytecode-timeout=N - set bytecode timeout (in milliseconds) Quote Link to comment
jmztaylor Posted July 15, 2022 Share Posted July 15, 2022 2 hours ago, TQ said: Have you tried changing this? --bytecode-timeout=N - set bytecode timeout (in milliseconds) Yeah I even put it at a ridiculous amount and disks will spin down after 15 mins so it means it just quit working altogether anyways. Quote Link to comment
TQ Posted July 16, 2022 Author Share Posted July 16, 2022 21 hours ago, jmztaylor said: Yeah I even put it at a ridiculous amount and disks will spin down after 15 mins so it means it just quit working altogether anyways. I just updated my container on my backup Unraid and ran it. Ran over 2 hours. Output. Freshclam updated the DB ClamAV 0.104.3/26603/Sat Jul 16 07:57:28 2022 Scanning /scan ----------- SCAN SUMMARY ----------- Known viruses: 8622360 Engine version: 0.104.3 Scanned directories: 674 Scanned files: 19907 Infected files: 0 Data scanned: 118466.76 MB Data read: 266611.65 MB (ratio 0.44:1) Time: 7262.284 sec (121 m 2 s) Start Date: 2022:07:16 15:03:23 End Date: 2022:07:16 17:04:25 2022-07-16T17:04:25+00:00 ClamAV scanning finished I think something is up with your permissions on those files. Quote Link to comment
Aractor Posted August 1, 2022 Share Posted August 1, 2022 Not quite sure what I could be doing wrong here...I just installed the ClamAV app, but when running it I get: 2022-08-01T03:21:54+00:00 ClamAV process starting Updating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') The Docker is pointed to /mnt/user/appdata/clamav/ for the ClamAV Signatures, and successfully created the folder during deployment. After deployment the /appdata/clamav folder is owned by nobody with permissions drwxr-xr-x I've also confirmed PGID and PUID are the same as all my other Docker containers which are working fine. What can I do to fix this so ClamAV can run? Quote Link to comment
Aractor Posted August 1, 2022 Share Posted August 1, 2022 3 minutes ago, Aractor said: Not quite sure what I could be doing wrong here...I just installed the ClamAV app, but when running it I get: 2022-08-01T03:21:54+00:00 ClamAV process starting Updating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') The Docker is pointed to /mnt/user/appdata/clamav/ for the ClamAV Signatures, and successfully created the folder during deployment. After deployment the /appdata/clamav folder is owned by nobody with permissions drwxr-xr-x I've also confirmed PGID and PUID are the same as all my other Docker containers which are working fine. What can I do to fix this so ClamAV can run? Read a bit further back in the thread and found the solution mentioned, worked like a charm. Quote Link to comment
isvein Posted August 28, 2022 Share Posted August 28, 2022 is the script at page 1 the one people still use for scheduled scans? Quote Link to comment
Masterwishx Posted September 3, 2022 Share Posted September 3, 2022 @TQ can we change UTC time used to local ? Quote Link to comment
FredrikJL Posted September 10, 2022 Share Posted September 10, 2022 (edited) On 6/16/2019 at 4:57 PM, Squid said: Updated to include the infected file in the notification #!/usr/bin/php <? exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"'); exec('docker start ClamAV'); for ( ;; ) { $status = trim(exec("docker ps | grep ClamAV")); if ( ! $status ) break; sleep(60); } exec("docker logs ClamAV 2>/dev/null",$logs); foreach ($logs as $line) { $virus = explode(" ",$line); if (trim(end($virus)) == "FOUND" ) { $infected .= "$line\n"; } } if ( ! $infected ) $infected = "No infections found\n"; exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"'); ?> script 689 B · 93 downloads I tinkered a bit with this script. The "original" quoted here, does a docker logs ClamAV which makes the script look at all logs, for all runs, ever (sort of). So if you actually had a virus, you'll end up alerting for that virus for all eternity, even tough you might have removed it. I updated the script to use: docker logs --since 23h ClamAV to just consider the latest 23 hours (or whatever you feel is reasonable). Personally I run the scan on a daily basis. My changes also modifies the severity level of the notification to 'alert' if a virus has been found. #!/usr/bin/php <? exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"'); exec('docker start ClamAV'); for ( ;; ) { $status = trim(exec("docker ps | grep ClamAV")); if ( ! $status ) break; sleep(60); } exec("docker logs --since 23h ClamAV 2>/dev/null",$logs); foreach ($logs as $line) { $virus = explode(" ",$line); if (trim(end($virus)) == "FOUND" ) { $infected .= "$line\n"; } } $level = "alert"; if ( ! $infected ) { $infected = "No infections found\n"; $level = "normal"; } exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i '.escapeshellarg($level)); ?> Edited September 10, 2022 by FredrikJL 2 Quote Link to comment
SwampyShadow Posted October 3, 2022 Share Posted October 3, 2022 When I start up the container Freshclamd starts and then appears to hang. The log shows the following with the SelfCheck statement repeating every 10 minutes and not stopping. Starting Freshclamd ClamAV update process started at Sun Oct 2 14:57:04 2022 daily.cld database is up-to-date (version: 26677, sigs: 2006327, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Sun Oct 2 15:07:38 2022 -> SelfCheck: Database status OK. Sun Oct 2 15:17:39 2022 -> SelfCheck: Database status OK. Sun Oct 2 15:27:40 2022 -> SelfCheck: Database status OK. Sun Oct 2 15:37:41 2022 -> SelfCheck: Database status OK. Running a ps shows the following two clam processes: 12 clamav 0:24 clamd --foreground 41 clamav 0:00 freshclam --checks=1 --daemon --foreground --stdout --user=clamav Any ideas on what is wrong? 2 Quote Link to comment
mauriceatkinson@btconnect. Posted November 5, 2022 Share Posted November 5, 2022 I have the same issue any ideas as to the problem? Starting Freshclamd ClamAV update process started at Sun Oct 2 14:57:04 2022 daily.cld database is up-to-date (version: 26677, sigs: 2006327, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Sun Oct 2 15:07:38 2022 -> SelfCheck: Database status OK. Sun Oct 2 15:17:39 2022 -> SelfCheck: Database status OK. Sun Oct 2 15:27:40 2022 -> SelfCheck: Database status OK. Sun Oct 2 15:37:41 2022 -> SelfCheck: Database status OK. Quote Link to comment
TQ Posted November 5, 2022 Author Share Posted November 5, 2022 32 minutes ago, mauriceatkinson@btconnect. said: I have the same issue any ideas as to the problem? Starting Freshclamd ClamAV update process started at Sun Oct 2 14:57:04 2022 daily.cld database is up-to-date (version: 26677, sigs: 2006327, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Sun Oct 2 15:07:38 2022 -> SelfCheck: Database status OK. Sun Oct 2 15:17:39 2022 -> SelfCheck: Database status OK. Sun Oct 2 15:27:40 2022 -> SelfCheck: Database status OK. Sun Oct 2 15:37:41 2022 -> SelfCheck: Database status OK. I cannot reproduce. Here is my start up just moments ago... 2022-11-05T17:43:48+00:00 ClamAV process starting Updating ClamAV scan DB ClamAV update process started at Sat Nov 5 17:43:49 2022 daily database available for update (local version: 26706, remote version: 26711) Testing database: '/var/lib/clamav/tmp.e364402c7f/clamav-ee0a95b108d7db8f9cd5ab0ba1ab6c53.tmp-daily.cld' ... Database test passed. daily.cld updated (version: 26711, sigs: 2010014, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory Freshclam updated the DB ClamAV 0.104.3/26711/Sat Nov 5 07:49:31 2022 This almost seems as if there is a permission issue updating the c?d files. Try this: If that does not solve it, delete all contents of your ClamAV appdata folder and restart the container. /cc @SwampyShadow Quote Link to comment
unrateable Posted December 28, 2022 Share Posted December 28, 2022 (edited) Hi there, I installed the clamav docker with the default set up. When started it appears to update and then sit idle. Log shows Quote Starting Freshclamd Starting ClamAV Socket for clamd not found yet, retrying (0/1800) ...ClamAV update process started at Wed Dec 28 14:01:29 2022 daily.cvd database is up-to-date (version: 26764, sigs: 2014489, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Socket for clamd not found yet, retrying (23/1800) ...Wed Dec 28 14:01:52 2022 -> Limits: Global time limit set to 120000 milliseconds. Wed Dec 28 14:01:52 2022 -> Limits: Global size limit set to 419430400 bytes. Wed Dec 28 14:01:52 2022 -> Limits: File size limit set to 104857600 bytes. Wed Dec 28 14:01:52 2022 -> Limits: Recursion level limit set to 17. Wed Dec 28 14:01:52 2022 -> Limits: Files limit set to 10000. Wed Dec 28 14:01:52 2022 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes. Wed Dec 28 14:01:52 2022 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes. Wed Dec 28 14:01:52 2022 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes. Wed Dec 28 14:01:52 2022 -> Limits: MaxScriptNormalize limit set to 20971520 bytes. Wed Dec 28 14:01:52 2022 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Wed Dec 28 14:01:52 2022 -> Limits: MaxPartitions limit set to 50. Wed Dec 28 14:01:52 2022 -> Limits: MaxIconsPE limit set to 100. Wed Dec 28 14:01:52 2022 -> Limits: MaxRecHWP3 limit set to 16. Wed Dec 28 14:01:52 2022 -> Limits: PCREMatchLimit limit set to 100000. Wed Dec 28 14:01:52 2022 -> Limits: PCRERecMatchLimit limit set to 2000. Wed Dec 28 14:01:52 2022 -> Limits: PCREMaxFileSize limit set to 104857600. Wed Dec 28 14:01:52 2022 -> Archive support enabled. Wed Dec 28 14:01:52 2022 -> AlertExceedsMax heuristic detection disabled. Wed Dec 28 14:01:52 2022 -> Heuristic alerts enabled. Wed Dec 28 14:01:52 2022 -> Portable Executable support enabled. Wed Dec 28 14:01:52 2022 -> ELF support enabled. Wed Dec 28 14:01:52 2022 -> Mail files support enabled. Wed Dec 28 14:01:52 2022 -> OLE2 support enabled. Wed Dec 28 14:01:52 2022 -> PDF support enabled. Wed Dec 28 14:01:52 2022 -> SWF support enabled. Wed Dec 28 14:01:52 2022 -> HTML support enabled. Wed Dec 28 14:01:52 2022 -> XMLDOCS support enabled. Wed Dec 28 14:01:52 2022 -> HWP3 support enabled. Wed Dec 28 14:01:52 2022 -> Self checking every 600 seconds. Wed Dec 28 14:01:52 2022 -> Set stacksize to 1048576 socket found, clamd started. Wed Dec 28 14:12:31 2022 -> SelfCheck: Database status OK. scan folder : "/mnt/cache/downloads" appdata: "/mnt/cache/appdata/clamav/" UID 100 GUID 101 BRIDGE mode When I log in the docker I can manually start the scan with the "clamscan --recursive /scan" command. Any hint what is wrong here ? And why it is not automatically starting once I start the docker, is most appreciated. TIA Edited December 28, 2022 by unrateable 1 Quote Link to comment
SLNetworks Posted January 12, 2023 Share Posted January 12, 2023 Is the "official" tagged version of ClamAV disfunctional compared to TQ's repo version? I installed the "Offical" one.. but it seems useless compared to what I've seen in this thread. Quote Link to comment
TQ Posted January 12, 2023 Author Share Posted January 12, 2023 On 12/28/2022 at 7:11 AM, unrateable said: Hi there, I installed the clamav docker with the default set up. When started it appears to update and then sit idle. Log shows scan folder : "/mnt/cache/downloads" appdata: "/mnt/cache/appdata/clamav/" UID 100 GUID 101 BRIDGE mode When I log in the docker I can manually start the scan with the "clamscan --recursive /scan" command. Any hint what is wrong here ? And why it is not automatically starting once I start the docker, is most appreciated. TIA It would appear that this is not my container. I'm not notifying `clamd` due to it not being present in my build. Quote Link to comment
TQ Posted January 12, 2023 Author Share Posted January 12, 2023 10 hours ago, SLNetworks said: Is the "official" tagged version of ClamAV disfunctional compared to TQ's repo version? I installed the "Offical" one.. but it seems useless compared to what I've seen in this thread. Unfortunately, I'm not sure. I know this one works using the template in CA. Quote Link to comment
SLNetworks Posted January 12, 2023 Share Posted January 12, 2023 21 minutes ago, TQ said: Unfortunately, I'm not sure. I know this one works using the template in CA. So neither of 'em have a webUI. What is to happen if it comes across an infected file? Quote Link to comment
TQ Posted January 12, 2023 Author Share Posted January 12, 2023 1 hour ago, SLNetworks said: So neither of 'em have a webUI. What is to happen if it comes across an infected file? That's really for you to decide. ClamAV has never had a webUI afaik. Take a look at all my documentation (from the first post) and you'll find the answers to your questions. Quote Link to comment
rbronco21 Posted January 23, 2023 Share Posted January 23, 2023 If I add "--max-filesize=200M --max-scansize=500M" to Post Arguments, my log is empty and I am unsure if it has done anything. If I add a -i, it fails with this in the log: clamd: illegal option -- i ERROR: Unknown option passed ERROR: Can't parse command line options These options also fail: -f /scan/appdata/clamav/clamavtargets.txt clamd: illegal option -- f ERROR: Unknown option passed ERROR: Can't parse command line options --file-list=/scan/appdata/clamav/clamavtargets.txt clamd: unrecognized option `--file-list=/scan/appdata/clamav/clamavtargets.txt' ERROR: Unknown option passed ERROR: Can't parse command line options I have to be missing something because there aren't other posts about this. What's going on? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.