TQ Posted May 23, 2020 Author Share Posted May 23, 2020 On 3/19/2020 at 3:58 PM, chip said: Do I need to worry about the errors listed in the below? 2020-03-19T17:05:05+0000 ClamAV process starting Updating ClamAV scan DB LibClamAV Warning: Cannot dlopen libclamunrar_iface: file not found - unrar support unavailable ClamAV update process started at Thu Mar 19 17:05:05 2020 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.102.1 Recommended version: 0.102.2 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav daily database available for update (local version: 25755, remote version: 25756) Testing database: '/var/lib/clamav/tmp/clamav-f7f0b66ce827844c8f5352135dee0529.tmp-daily.cld' ... Database test passed. daily.cld updated (version: 25756, sigs: 2229890, f-level: 63, builder: raynman) main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr) bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg) WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory The unrar errors: I'll fix in just a moment. The clamd.sock error; no, that's just clamav trying to notify the clamav daemon (not running) about its scan results. Quote Link to comment
TQ Posted May 23, 2020 Author Share Posted May 23, 2020 3 hours ago, Flubster said: package clamav-libunrar and unrar is missing from the dockerfile, also clamav is out of date as the dockerfile has a specific version installing rather than the latest in the alpine packages. You can fix (until the maintainer sorts) by: opening a console apk update apk del clamav apk add clamav apk add clamav-libunrar apk add unrar then restart the container. Dave Thanks Dave. I've updated the clamav version as well as added the clamav-unrar libs. 2020-05-23T12:25:05+0000 ClamAV process starting Updating ClamAV scan DB ClamAV update process started at Sat May 23 12:25:06 2020 daily database available for download (remote version: 25820) Time: 1.6s, ETA: 0.0s [=============================>] 63.14MiB/63.14MiB Testing database: '/var/lib/clamav/tmp.319e6/clamav-d7cb4002549b22ae34aa0e790e0def2a.tmp-daily.cvd' ... Database test passed. daily.cvd updated (version: 25820, sigs: 2462534, f-level: 63, builder: raynman) main database available for download (remote version: 59) Time: 2.5s, ETA: 0.0s [=============================>] 112.40MiB/112.40MiB Testing database: '/var/lib/clamav/tmp.319e6/clamav-d10a40146f6be5d2f5a27ad8e3da72d6.tmp-main.cvd' ... Database test passed. main.cvd updated (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr) bytecode database available for download (remote version: 331) Time: 0.2s, ETA: 0.0s [=============================>] 289.44KiB/289.44KiB Testing database: '/var/lib/clamav/tmp.319e6/clamav-40ed796077acdbd8f6d30c39d900f873.tmp-bytecode.cvd' ... Database test passed. bytecode.cvd updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg) WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory Freshclam updated the DB ClamAV 0.102.3/25820/Fri May 22 12:21:08 2020 Scanning /scan ----------- SCAN SUMMARY ----------- Known viruses: 7016614 Engine version: 0.102.3 Scanned directories: 30 Scanned files: 47 Infected files: 0 Data scanned: 0.54 MB Data read: 0.32 MB (ratio 1.66:1) Time: 35.471 sec (0 m 35 s) Updated on Github and Dockerhub. Quote Link to comment
KoNeko Posted June 14, 2020 Share Posted June 14, 2020 i added the notify user script but im getting this. Script location: /tmp/user.scripts/tmpScripts/clamav/script Note that closing this window will abort the execution of this script /tmp/user.scripts/tmpScripts/clamav/script: line 3: ?: No such file or directory /tmp/user.scripts/tmpScripts/clamav/script: line 4: syntax error near unexpected token `'/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"'' /tmp/user.scripts/tmpScripts/clamav/script: line 4: `exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"');' do i still need to install something else ? Quote Link to comment
Squid Posted June 14, 2020 Share Posted June 14, 2020 1 hour ago, KoNeko said: do i still need to install something else ? You need to post exactly what shows up when you edit the script in user scripts Quote Link to comment
KoNeko Posted June 14, 2020 Share Posted June 14, 2020 12 minutes ago, Squid said: You need to post exactly what shows up when you edit the script in user scripts #!/bin/bash #!/usr/bin/php <? exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Started" -d "Antivirus Scan Started" -i "normal"'); exec('docker start ClamAV'); for ( ;; ) { $status = trim(exec("docker ps | grep ClamAV")); if ( ! $status ) break; sleep(60); } exec("docker logs ClamAV 2>/dev/null",$logs); foreach ($logs as $line) { $virus = explode(" ",$line); if (trim(end($virus)) == "FOUND" ) { $infected .= "$line\n"; } } if ( ! $infected ) $infected = "No infections found\n"; exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan" -s "Antivirus Scan Finished" -d '.escapeshellarg($infected).' -i "normal"'); ?> this is what is in the script i see what i did wrong now i removed the top one bin bash and it doesnt give any errors anymore when i run the script Quote Link to comment
Squid Posted June 14, 2020 Share Posted June 14, 2020 Completely remove the first line. Quote Link to comment
Pap84 Posted June 26, 2020 Share Posted June 26, 2020 Hi there, I ran a complete (user0) scan, and get it finalized : Engine version: 0.102.3 Scanned directories: 6499 Scanned files: 68931 Infected files: 0 Data scanned: 535740.32 MB Data read: 835299.34 MB (ratio 0.64:1) Time: 173506.039 sec (2891 m 46 s) 2020-06-25T18:07:24+0000 ClamAV scanning finished Is the time ok ?? It ran 40+ hours... Thanks Quote Link to comment
TQ Posted July 6, 2020 Author Share Posted July 6, 2020 On 6/26/2020 at 2:44 AM, Gregori said: Hi there, I ran a complete (user0) scan, and get it finalized : Engine version: 0.102.3 Scanned directories: 6499 Scanned files: 68931 Infected files: 0 Data scanned: 535740.32 MB Data read: 835299.34 MB (ratio 0.64:1) Time: 173506.039 sec (2891 m 46 s) 2020-06-25T18:07:24+0000 ClamAV scanning finished Is the time ok ?? It ran 40+ hours... Thanks Probably. ClamAV utilizes only 1 core as to not crush your machine when it's scanning. So for 6500 directories and 69,000 files, it might take a while. Quote Link to comment
marlouiegene18 Posted September 13, 2020 Share Posted September 13, 2020 Has anyone figured this out for Nextcloud use? I'll be using Nextcloud to work with my students. I just want to get infected and others get infected. Quote Link to comment
TQ Posted October 7, 2020 Author Share Posted October 7, 2020 FYI: Bumped Clam versions last night. Should now be clamav 0.102.4-r1 Quote Link to comment
Voss Posted December 20, 2020 Share Posted December 20, 2020 (edited) On 9/13/2020 at 6:18 AM, marlouiegene18 said: Has anyone figured this out for Nextcloud use? I'll be using Nextcloud to work with my students. I just want to get infected and others get infected. If it's still relevant for you, I got a solution that works fine for me. You should enable the additional search results from dockerhub in the CA settings Then proceed with the following steps: 1. In Apps-tab search for "docker-clamav" 2. Click on "Click Here To Get More Results From DockerHub" 3. Select the following container (it's from mkodockx, you can verify by click on the link to dockerhub page): 4. Install with these attributes(beside the standard template, you just have to set up the port 3310). I don't know if it's relevant: My nextcloud container is in the user defined network "proxynet" like spaceinvaderone explained in his video for a setting up a reverse proxy. I think at least it's important, that both containers using the same network. 5. After installing the docker-clamav container, edit the nextcloud container, enable "advanced view" in the up right corner and add the extra parameter --link docker-clamav. 6. Restarting both containers and everything should work fine. You can test it with some false virus signatures downloaded here: https://www.eicar.org/?page_id=3950 To set it up, I followed the instructions from the following website: https://www.virtualconfusion.net/clamav-for-nextcloud-on-docker/ Edited December 20, 2020 by Voss Quote Link to comment
greyday Posted January 22, 2021 Share Posted January 22, 2021 Hi--I have been using your docker image for a while now in Unraid 6.8.3, it works great, thank you for all your work on it! However lately I am getting these errors in the logs: LibClamAV Warning: Bytecode 79 failed to run: CL_ETIMEOUT: Time limit reached LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes It is still catching viruses and trojans (just ran it on a backup for my gf's main machine before she upgraded the hdd and caught several), but if I am reading the end results correctly: ----------- SCAN SUMMARY ----------- Known viruses: 8748948 Engine version: 0.102.4 Scanned directories: 159783 Scanned files: 712394 Infected files: 5 Data scanned: 640178.14 MB Data read: 5307618.48 MB (ratio 0.12:1) Time: 46830.559 sec (780 m 30 s) It is only scanning about 10% of the total server. Is that right or is this all just it skipping things it has scanned on previous passes? And if these errors are a concern, where/how can I adjust the Bytecode Timeout setting? Quote Link to comment
TQ Posted January 23, 2021 Author Share Posted January 23, 2021 (edited) You're welcome, and I'm glad it's been useful. I think I've found something that might be what's occurring in your case. Quote Bytecode signatures are a specialized type of ClamAV signature which is able to perform additional processing of the scanned file and allow for more robust detection. Unlike the standard ClamAV signature types, bytecode signatures have a number of unique distinctions which need to be respected for their effective usage. Quote Bytecode signatures, by default, are considered untrusted. In fact, only bytecode signatures published by Cisco, in the bytecode.cvd are considered “trusted”. This means that the ClamAV engine will, by default, never load, trigger or execute untrusted bytecodes. One can bypass this safety mechanism by specifying the bytecode unsigned option to the engine but it should be noted that it is up to the user’s discretion on using untrusted bytecode signatures. One issue is you might not have enough ram to process this particular file. It's a stretch, but a possible cause. To address the timeout, you should be able to pass a command line variable --bytecode-timeout=[time in ms] I've never had this issue, so let us know if this works and/or is helpful. Source: StackExchange Edited January 23, 2021 by TQ Quote Link to comment
greyday Posted January 27, 2021 Share Posted January 27, 2021 (edited) I at the time had 64gb of RAM, so I am going to assume that wasn't the issue (I just installed 128--er. 125.9 usable for some reason, but still); both runs have the warnings. To be totally clear, they are colored as warnings, not errors, in the Unraid log. I'm not overly worried or anything, just wanted to know if this is something I should be fixing. Also this probably isn't important as the databases are updating fine and well, but I AM getting this error at the end of the of the opening "testing database" part of the log: WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory Edited January 27, 2021 by greyday Quote Link to comment
TQ Posted January 28, 2021 Author Share Posted January 28, 2021 On 1/27/2021 at 9:16 AM, greyday said: Also this probably isn't important as the databases are updating fine and well, but I AM getting this error at the end of the of the opening "testing database" part of the log: WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory First post on this page :) ...that's just clamav trying to notify the clamav daemon (not running) about its scan results. Quote Link to comment
TQ Posted January 31, 2021 Author Share Posted January 31, 2021 FYI: Bumped Clam versions this morning. Now is clamav 0.103.0-r1 Quote Link to comment
greyday Posted February 3, 2021 Share Posted February 3, 2021 On 1/31/2021 at 3:31 AM, TQ said: FYI: Bumped Clam versions this morning. Now is clamav 0.103.0-r1 I saw that! In day 3 of parity check, will be updating as soon as it's done. Quote Link to comment
parsec Posted February 10, 2021 Share Posted February 10, 2021 Is it possible to have some progress indicator on the log, maybe a file counter that updated every hour or similar? I'm about to scan 2.1 mill files, which I assume will take quite a long time, so some sort of indicator would be helpful. Quote Link to comment
SavellM Posted February 10, 2021 Share Posted February 10, 2021 Is there any way for ClamAV to actively scan new files are they are downloaded or imported? Thinking if I use SABnzbd to download stuff, for Clam to always be monitoring that folder for anything bad. Also like Nextcloud or Picture imports as and when they get imported for Clam to actively monitor files as they are being installed. Is this possible? Quote Link to comment
TQ Posted February 10, 2021 Author Share Posted February 10, 2021 1 hour ago, parsec said: Is it possible to have some progress indicator on the log, maybe a file counter that updated every hour or similar? I'm about to scan 2.1 mill files, which I assume will take quite a long time, so some sort of indicator would be helpful. Possibly doable. I'd probably have to dig into the scan script and add a progress bar into it. Quote Link to comment
TQ Posted February 10, 2021 Author Share Posted February 10, 2021 1 hour ago, SavellM said: Is there any way for ClamAV to actively scan new files are they are downloaded or imported? Thinking if I use SABnzbd to download stuff, for Clam to always be monitoring that folder for anything bad. Also like Nextcloud or Picture imports as and when they get imported for Clam to actively monitor files as they are being installed. Is this possible? Great idea. I think for this to be something that actually works, this container would not be the one. I'd (or someone else) would have to write one for clamd (the daemon used for ClamAV), as this one only updates the dbs and runs a scan. Quote Link to comment
parsec Posted February 10, 2021 Share Posted February 10, 2021 1 hour ago, TQ said: Possibly doable. I'd probably have to dig into the scan script and add a progress bar into it. That would be so awesome :D... I'm a very willing betatester Quote Link to comment
wgstarks Posted February 22, 2021 Share Posted February 22, 2021 (edited) I have started having problems with this docker recently. Not sure exactly when they started but I noticed this error repeating in the log- LibClamAV Error: CRITICAL: fmap() failed I get this every time I attempt a scan. brunnhilde-diagnostics-20210221-2247.zip Edited February 22, 2021 by wgstarks Quote Link to comment
Capt.Insano Posted February 22, 2021 Share Posted February 22, 2021 11 hours ago, wgstarks said: I have started having problems with this docker recently. Not sure exactly when they started but I noticed this error repeating in the log- LibClamAV Error: CRITICAL: fmap() failed I get this every time I attempt a scan. I just download this container for the 1st time and I am getting the same errors in my log unRAID 6.8.3 Quote Link to comment
wgstarks Posted February 22, 2021 Share Posted February 22, 2021 This seems to be related to scanning large files but from what google is showing me it was fixed in an earlier release. I’m wondering if there is a problem with the current release? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.