Valkyrie Posted October 14, 2023 Share Posted October 14, 2023 21 minutes ago, Lonewolf147 said: Just copy/pasting this code into User Scripts I have an error right at the beginning Strange, the syntax should be correct according to https://www.php.net/manual/en/language.enumerations.backed.php. Its almost like the script parser is on a lower php version. Ill ask around on the user script forum for a solution. 1 Quote Link to comment
bmartino1 Posted November 5, 2023 Share Posted November 5, 2023 Thank you for an excellent docker. Notes to self. I have found that I have had to use and edit the docker template quite a bit to do some standalone things. The official clam av docker pulls from tquinnelly repository [ registry url: https://hub.docker.com/r/tquinnelly/clamav-alpine]. I had issue in the past with updates from both side of the dockers, so here are my notes to get it up and running Docker run settings: docker run -d --name='ClamAV' --net='host' --privileged=true -e TZ="America/Chicago" -e HOST_OS="Unraid" -e HOST_HOSTNAME="BMM-Unraid" -e HOST_CONTAINERNAME="ClamAV" -e 'USER_ID'='100' -e 'GROUP_ID'='101' -e 'TCP_PORT_3310'='3310' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='https://logowik.com/content/uploads/images/clamav2614.jpg' -v '/mnt/users/':'/scan':'ro' -v '/mnt/cache/appdata/clamav':'/var/lib/clamav':'rw' --health-start-period=120s --health-interval=60s --health-retries=3 'clamav/clamav' ash /var/lib/clamav/autoscan.sh 10c30e87efb2a1da77ea2afa27ba81cf0b9a2970393f0648d5eebd5fa392d71e and set post arguments: In my case, I made a script and saved it under app data and called it after docker starts to update to the latest database definition for clam av and run a scan showing infected and log in app data folder. Logging will also show under docker log. Docker will stop when scan finishes...: so i made a script #!/bin/ash #sleep 30 echo update clamAV freshclam echo ClamAV Scan infected files "/scan" look at log... clamscan --recursive /scan -i --log=/var/lib/clamav/log.log this way clam av updates and tells me if there is anything infected from time to time. Now it's just user scripts to have docker run this every once in a while for periodic maintenance. Quote Link to comment
bmartino1 Posted November 5, 2023 Share Posted November 5, 2023 By default docker these setting are in place unless you specific otherwise: log: Starting Freshclamd Starting ClamAV Socket for clamd not found yet, retrying (0/1800) ...ClamAV update process started at Sun Nov 5 01:29:10 2023 daily.cld database is up-to-date (version: 27082, sigs: 2045614, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Socket for clamd not found yet, retrying (11/1800) ...Sun Nov 5 01:29:22 2023 -> Limits: Global time limit set to 120000 milliseconds. Sun Nov 5 01:29:22 2023 -> Limits: Global size limit set to 419430400 bytes. Sun Nov 5 01:29:22 2023 -> Limits: File size limit set to 104857600 bytes. Sun Nov 5 01:29:22 2023 -> Limits: Recursion level limit set to 17. Sun Nov 5 01:29:22 2023 -> Limits: Files limit set to 10000. Sun Nov 5 01:29:22 2023 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes. Sun Nov 5 01:29:22 2023 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes. Sun Nov 5 01:29:22 2023 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes. Sun Nov 5 01:29:22 2023 -> Limits: MaxScriptNormalize limit set to 20971520 bytes. Sun Nov 5 01:29:22 2023 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Sun Nov 5 01:29:22 2023 -> Limits: MaxPartitions limit set to 50. Sun Nov 5 01:29:22 2023 -> Limits: MaxIconsPE limit set to 100. Sun Nov 5 01:29:22 2023 -> Limits: MaxRecHWP3 limit set to 16. Sun Nov 5 01:29:22 2023 -> Limits: PCREMatchLimit limit set to 100000. Sun Nov 5 01:29:22 2023 -> Limits: PCRERecMatchLimit limit set to 2000. Sun Nov 5 01:29:22 2023 -> Limits: PCREMaxFileSize limit set to 104857600. Sun Nov 5 01:29:22 2023 -> Archive support enabled. Sun Nov 5 01:29:22 2023 -> AlertExceedsMax heuristic detection disabled. Sun Nov 5 01:29:22 2023 -> Heuristic alerts enabled. Sun Nov 5 01:29:22 2023 -> Portable Executable support enabled. Sun Nov 5 01:29:22 2023 -> ELF support enabled. Sun Nov 5 01:29:22 2023 -> Mail files support enabled. Sun Nov 5 01:29:22 2023 -> OLE2 support enabled. Sun Nov 5 01:29:22 2023 -> PDF support enabled. Sun Nov 5 01:29:22 2023 -> SWF support enabled. Sun Nov 5 01:29:22 2023 -> HTML support enabled. Sun Nov 5 01:29:22 2023 -> XMLDOCS support enabled. Sun Nov 5 01:29:22 2023 -> HWP3 support enabled. Sun Nov 5 01:29:22 2023 -> Self checking every 600 seconds. Sun Nov 5 01:29:22 2023 -> Set stacksize to 1048576 socket found, clamd started. I see alot of bytcode issues, mainly from timeouts. You may need to specify an option to the scan: From Creators Docker Hub / Github notes: This template is for scanning your unRAID server with clamav and clamscan. To scan your server, check the environment variable to set the scanned folder and just start the container. When it is finished, the container will stop and you can view the logs to see the results. To scan, run clamscan --recursive /scan as an example Add to Post Arguments: clamscan --recursive /scan --log=/var/lib/clamav/log.log Post-Args I took the liberty to include -i by default. You can, however, add any you desire. -i - Only print infected files --log=FILE - save scan report to FILE --database=FILE/DIR - load virus database from FILE or load all supported db files from DIR --official-db-only - only load official signatures --max-filesize=#n - files larger than this will be skipped and assumed clean --max-scansize=#n - the maximum amount of data to scan for each container file --leave-temps- do not remove temporary files --file-list=FILE - scan files from FILE --quiet - only output error messages --bell - sound bell on virus detection --cross-fs - scan files and directories on other filesystems --move=DIRECTORY - move infected files into DIRECTORY --copy=DIRECTORY - copy infected files into DIRECTORY --bytecode-timeout=N - set bytecode timeout (in milliseconds) --heuristic-alerts - toggles heuristic alerts --alert-encrypted - alert on encrypted archives and documents --nocerts - disable authenticode certificate chain verification in PE files --disable-cache - disable caching and cache checks for hash sums of scanned files #alt icon image: https://logowik.com/content/uploads/images/clamav2614.jpg https://its.ucsc.edu/software/images/clam.png *MUST USE SHELL! ash not bash for alpine! Quote Link to comment
Refrigerator Posted December 6, 2023 Share Posted December 6, 2023 Is there a way to exclude directories from the scan? Example: I scan /mnt/user/, but I'd like to exclude my Thunderbird directory so that I don't get warnings about spoofed domains (I'm aware that my junk folder contains phishing attempts). Can I pass an argument to tell it to ignore or exclude specific (sub) directories? 1 Quote Link to comment
Masterwishx Posted January 2 Share Posted January 2 i Found a container has error , but worked befor , using user script and when just running container: had other perrmision but changed to chmod 666 , and added --file_list instead -f , but nothing changed Quote Link to comment
Masterwishx Posted January 2 Share Posted January 2 it seems that appdata not avalible from container when its hard linked and not bind mounted : Fixed by changing to : --file-list=/var/lib/clamav/clamavtargets.txt Quote Link to comment
Revan335 Posted January 14 Share Posted January 14 (edited) Why we have two Entry's in the CA for ClamAV? But he reference the same Links. One Official but this is not the Spotlight Entry. What's the Difference/recommended? The official have a Multiple Template Error Hint in the Details. On 12/6/2023 at 6:39 PM, Refrigerator said: Is there a way to exclude directories from the scan? Same Question Can anybody ad multiple Path to Scan? Than we have no many Docker Containers from the same but with a another Path. This makes it very confusing by many directories. Maybe can @Helediron expanded your Script to Exclude Directorys and support spaces. And we can set the Permissions on the Script? For example the Folder is Read Only. On 4/13/2022 at 7:49 PM, Masterwishx said: @Helediron how i can add "My Folder" to FOLDERSWEEKLY i mean share with space inside ? Edited January 14 by Revan335 Quote Link to comment
Masterwishx Posted January 14 Share Posted January 14 9 hours ago, Revan335 said: Maybe can @Helediron expanded your Script to Exclude Directorys and support spaces. And we can set the Permissions on the Script? For example the Folder is Read Only. I updated the script to use spaces : 1 Quote Link to comment
TQ Posted January 14 Author Share Posted January 14 10 hours ago, Revan335 said: Why we have two Entry's in the CA for ClamAV? But he reference the same Links. One Official but this is not the Spotlight Entry. What's the Difference/recommended? Someone created the "Official", then pointed to my repo. SMH. 1 Quote Link to comment
Revan335 Posted January 14 Share Posted January 14 (edited) 59 minutes ago, TQ said: Someone created the "Official", then pointed to my repo. SMH. Maybe anybody changed the official to yours, remove the other or his creater fix the links, Template Error Hints, ...? Or can only @Squid this? I can see that in the template the Entry by Docker clamav/clamav. Very confusing. Edited January 14 by Revan335 Quote Link to comment
Helediron Posted January 14 Share Posted January 14 8 hours ago, Masterwishx said: I updated the script to use spaces : Thank you @Masterwishx. I edited my original script post to point here. 1 Quote Link to comment
bmartino1 Posted January 15 Share Posted January 15 (edited) On 12/6/2023 at 11:39 AM, Refrigerator said: Is there a way to exclude directories from the scan? Example: I scan /mnt/user/, but I'd like to exclude my Thunderbird directory so that I don't get warnings about spoofed domains (I'm aware that my junk folder contains phishing attempts). Can I pass an argument to tell it to ignore or exclude specific (sub) directories? You will need to use post arguments. by default /scan is the target for av to scan. By default, /mnt/users is set to /scan in the docker. so add this clamav scan option --exclude-dir="/scan/path to thunderbird" Edited January 15 by bmartino1 1 Quote Link to comment
Revan335 Posted January 15 Share Posted January 15 (edited) 7 hours ago, bmartino1 said: You will need to use post arguments. by default /scan is the target for av to scan. By default, /mnt/users is set to /scan in the docker. so add this clamav scan option --exclude-dir="/scan/path to thunderbird" Do you mean this? Edited January 15 by Revan335 Quote Link to comment
TQ Posted January 15 Author Share Posted January 15 20 minutes ago, Revan335 said: Do you mean this? It's further up on the screen. 1 Quote Link to comment
Helediron Posted January 15 Share Posted January 15 I noticed a small issue with the Clamav container parameters. It uses path "/mnt/cache/appdata/clamav". I recently converted my cache to ZFS pool and named it "zfspool". So, i no longer have "cache" pool. A better value for the signatures folder would be "/mnt/user/appdata/clamav". The "Fix Common Problems" plugin starts to yell about spurious "cache" folder under /mnt because of the parameter. 1 Quote Link to comment
TQ Posted January 15 Author Share Posted January 15 1 hour ago, Helediron said: I noticed a small issue with the Clamav container parameters. It uses path "/mnt/cache/appdata/clamav". I recently converted my cache to ZFS pool and named it "zfspool". So, i no longer have "cache" pool. A better value for the signatures folder would be "/mnt/user/appdata/clamav". The "Fix Common Problems" plugin starts to yell about spurious "cache" folder under /mnt because of the parameter. Good catch! XML is updated. Quote Link to comment
Masterwishx Posted January 15 Share Posted January 15 23 hours ago, Helediron said: Thank you @Masterwishx. I edited my original script post to point here. I'm working on script to add subfolders exclude, will post here and in github. Thank you for original script Quote Link to comment
Masterwishx Posted January 17 Share Posted January 17 @Refrigerator @Revan335 Updated script to exclude subfolders, no need for post arguments : Please check and confirm that working Fine who is needed. # Set to Exclude Subfolders "yes/no". exclude_subfolders="yes" EXCLUDEDSUBFOLDERS=("Test" "Adobe Documents") 1 Quote Link to comment
Revan335 Posted January 21 Share Posted January 21 @Masterwishx How can i scan all Folders with your Scripts? With "*" or * on the Folders Parameters? For example can all under /mnt/user without the excluded Folders (from the excluded Folders Parameters). Is this the correct Arguments for that? -i --max-filesize=4096M --max-scansize=4096M -f /scan/appdata/clamav/clamavtargets.txt This is not required? Why the Script have a log Parameter/Function. --log=/var/lib/clamav/log.log I have this outpout: 2024-01-21T17:33:02+01:00 ClamAV process starting Unpdating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') Why have the Docker Template the UID 99 and GID 100 when we must have 100 and 101? Quote Link to comment
Masterwishx Posted January 23 Share Posted January 23 On 1/21/2024 at 7:04 PM, Revan335 said: How can i scan all Folders with your Scripts? With "*" or * on the Folders Parameters? For example can all under /mnt/user without the excluded Folders (from the excluded Folders Parameters). You should only set file-list parametr for scan like this: -i --file-list=/var/lib/clamav/clamavtargets.txt --max-filesize=1024M the script put the folders you want to scan in this file ,also made log files ,so no need for log parametr : So in script you need to add Folders you want to Scan and if you need to exclude add subfolders and set "yes" for exclude_subfolders: Quote Link to comment
Masterwishx Posted January 23 Share Posted January 23 On 1/21/2024 at 7:04 PM, Revan335 said: With "*" or * on the Folders Parameters? i think this will not work with current version of script, but not checked , you can try it Quote Link to comment
Masterwishx Posted January 23 Share Posted January 23 (edited) On 1/21/2024 at 7:04 PM, Revan335 said: How can i scan all Folders with your Scripts? With "*" or * on the Folders Please try with this : # Get a list of all folders in your specified directory FOLDERSDAILY=($(ls -d $HOSTSCANDIR/*)) Edited January 23 by Masterwishx Quote Link to comment
Masterwishx Posted January 23 Share Posted January 23 (edited) 53 minutes ago, Masterwishx said: How can i scan all Folders with your Scripts? With "*" or * on the Folders i checked , This need to modify the script, why you need to scan all shares? its better to select only the shares you really need Edited January 23 by Masterwishx Quote Link to comment
Revan335 Posted January 23 Share Posted January 23 3 hours ago, Masterwishx said: why you need to scan all shares? He was configured ones and not thinking changed when a new Share was created. Only excluded Shares are changed when as needed. Quote Link to comment
Revan335 Posted January 23 Share Posted January 23 (edited) On 1/21/2024 at 6:04 PM, Revan335 said: have this outpout: 2024-01-21T17:33:02+01:00 ClamAV process starting Unpdating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') Why have the Docker Template the UID 99 and GID 100 when we must have 100 and 101? Can you fix this in the template? @TQ Edited January 23 by Revan335 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.