[Support] ClamAV


Recommended Posts

4 hours ago, pokerchip said:

No, the default for clamscan is 25mb. So if you want clamscan to scan your files that are smaller than 4000M, then you want to set the config to what I said. 
 

Also, clamscan has a hard limit of 4000M. If you want a workaround, you will need to chunk your files before clamscan reads them. 

If I do that it’s likely that Plex won’t be able to play the files. I’ll need to investigate other alternatives that aren’t so limited.

Link to comment
10 hours ago, pokerchip said:

 

You would configure this in the post arguments section of advanced settings of ClamAV.

Check options here: https://www.clamav.net/documents/scanning#clamscan

If you want more details: https://linux.die.net/man/1/clamscan

Is it just a space to separate multiple configurations?

 

SafariScreenSnapz005.thumb.jpg.6a49e4e98af69ddf54e62cd3e378dcde.jpg

 

Realized that i had the arguments in the wrong field after taking the screenshot. Already fixed. Just want to be sure they are correctly formatted?

Edited by wgstarks
add screenshot
Link to comment
39 minutes ago, wgstarks said:

Is it just a space to separate multiple configurations?

 

SafariScreenSnapz005.thumb.jpg.6a49e4e98af69ddf54e62cd3e378dcde.jpg

 

Realized that i had the arguments in the wrong field after taking the screenshot. Already fixed. Just want to be sure they are correctly formatted?

Yep, space delimited. 

 

Your ss looks good to me. (Since you moved it to post arguments)

Link to comment
1 hour ago, pokerchip said:

Yep, space delimited. 

 

Your ss looks good to me. (Since you moved it to post arguments)

Thanks for the help with this. Still seeing a lot of these errors though-

 

LibClamAV Warning: fmap: failed to get MD5

LibClamAV Error: CRITICAL: fmap() failed

/scan/Torrents/Monty Python and the Holy Grail (1975)/Monty Python and the Holy Grail (1975).Remux-1080p Proper.-decibeL.mkv: Can't allocate memory ERROR

 

As far as I can see, all the errors are for files that are well above the 4000MB limit. It’s my understanding that these files should ignored.

Link to comment
27 minutes ago, wgstarks said:

Thanks for the help with this. Still seeing a lot of these errors though-

 


LibClamAV Warning: fmap: failed to get MD5

LibClamAV Error: CRITICAL: fmap() failed

/scan/Torrents/Monty Python and the Holy Grail (1975)/Monty Python and the Holy Grail (1975).Remux-1080p Proper.-decibeL.mkv: Can't allocate memory ERROR

 

As far as I can see, all the errors are for files that are well above the 4000MB limit. It’s my understanding that these files should ignored.

You are right. I get the same error too if I try to scan files larger than 4gb. Hence why I linked the source code of LibClamAV. I think there is a bug where it tries to read file descriptor, but in the process it also tries to allocate memory leading to fmap errors due to hitting 4000M limit. This is just based on a quick read through of their c header files, but I haven’t coded c for years, so I might be completely wrong. Also, Cisco doesn’t seem to respond to “issues” on github.

 

If anyone else has insights, please share. 
 

I am curious how @Squid utilizes this. 

Link to comment

Never noticed.

 

But, any/all files I've got that are over 4GB would be media files, and I'm not too worried about anything infecting them since it would simply cause display corruption.  I do worry about executable files, and if they're over 4GB in size then there's obviously something very wrong with how they're programmed.

  • Thanks 1
Link to comment
1 hour ago, Squid said:

I do worry about executable files, and if they're over 4GB in size then there's obviously something very wrong with how they're programmed.

If that’s the case there isn’t much point in me scanning my server. It’s pretty much nothing but video and audio files with associated artwork.

Thanks

Link to comment

Hey all,   I am running a clamav  daemon   the one from mk0x/docker-clamav:alpine. ..  setup for nextcloud antivirus... 

 

I keep getting error below in the logs. 

 

 

[bootstrap] Initial clam DB download.
Thu Mar 11 17:44:55 2021 -> ClamAV update process started at Thu Mar 11 17:44:55 2021
Thu Mar 11 17:44:55 2021 -> daily database available for download (remote version: 26105)

Thu Mar 11 17:44:55 2021 -> ^downloadFile: Unexpected response (429) from https://database.clamav.net/daily.cvd
Thu Mar 11 17:44:55 2021 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Thu Mar 11 17:44:55 2021 -> Trying again in 5 secs...
Thu Mar 11 17:45:00 2021 -> daily database available for download (remote version: 26105)

Thu Mar 11 17:45:00 2021 -> daily database available for download (remote version: 26105)

Thu Mar 11 17:45:00 2021 -> ^downloadFile: Unexpected response (429) from https://database.clamav.net/daily.cvd
Thu Mar 11 17:45:00 2021 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Thu Mar 11 17:45:00 2021 -> Trying again in 5 secs...
Thu Mar 11 17:45:05 2021 -> daily database available for download (remote version: 26105)

Thu Mar 11 17:45:05 2021 -> !downloadFile: Unexpected response (429) from https://database.clamav.net/daily.cvd
Thu Mar 11 17:45:05 2021 -> !getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Thu Mar 11 17:45:05 2021 -> Giving up on https://database.clamav.net...
Thu Mar 11 17:45:05 2021 -> !Update failed for database: daily

Thu Mar 11 17:45:05 2021 -> ^fc_update_databases: fc_update_database failed: HTTP GET failed (11)

Thu Mar 11 17:45:05 2021 -> !Database update process failed: HTTP GET failed (11)

Thu Mar 11 17:45:05 2021 -> !Update failed.

Link to comment
3 hours ago, Aceriz said:

Hey all,   I am running a clamav  daemon   the one from mk0x/docker-clamav:alpine. ..  setup for nextcloud antivirus... 

 

I keep getting error below in the logs. 

 

 

[bootstrap] Initial clam DB download.
Thu Mar 11 17:44:55 2021 -> ClamAV update process started at Thu Mar 11 17:44:55 2021
Thu Mar 11 17:44:55 2021 -> daily database available for download (remote version: 26105)

Thu Mar 11 17:44:55 2021 -> ^downloadFile: Unexpected response (429) from https://database.clamav.net/daily.cvd
Thu Mar 11 17:44:55 2021 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Thu Mar 11 17:44:55 2021 -> Trying again in 5 secs...
Thu Mar 11 17:45:00 2021 -> daily database available for download (remote version: 26105)

Thu Mar 11 17:45:00 2021 -> daily database available for download (remote version: 26105)

Thu Mar 11 17:45:00 2021 -> ^downloadFile: Unexpected response (429) from https://database.clamav.net/daily.cvd
Thu Mar 11 17:45:00 2021 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Thu Mar 11 17:45:00 2021 -> Trying again in 5 secs...
Thu Mar 11 17:45:05 2021 -> daily database available for download (remote version: 26105)

Thu Mar 11 17:45:05 2021 -> !downloadFile: Unexpected response (429) from https://database.clamav.net/daily.cvd
Thu Mar 11 17:45:05 2021 -> !getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Thu Mar 11 17:45:05 2021 -> Giving up on https://database.clamav.net...
Thu Mar 11 17:45:05 2021 -> !Update failed for database: daily

Thu Mar 11 17:45:05 2021 -> ^fc_update_databases: fc_update_database failed: HTTP GET failed (11)

Thu Mar 11 17:45:05 2021 -> !Database update process failed: HTTP GET failed (11)

Thu Mar 11 17:45:05 2021 -> !Update failed.

HTTP status code 429 represents too many requests. Database server may be rate limiting your public IP. 

Link to comment
  • 3 weeks later...

Hi,

Got the error : 

LibClamAV Warning: fmap: map header allocation failed
LibClamAV Error: CRITICAL: fmap() failed

 

Tried the parameters : --max-filesize=4000M --max-scansize=4000M 

 

The errors are always present and the scan take a long long long time !!!!

is there a way to completly exclude files which are too big (not by name or something else) or to resolve the problem ?

 

Link to comment
  • 3 weeks later...
37 minutes ago, SmokeyColes said:

Hi 

 

I have installed ClamAV on my system for virus protection. 

Is there a webUI or VNC screen for it?

How do you use and configure it?

 

Thanks

Chris

No.  There's a script in the OP you can run on a schedule to have the app scan you system and notify you about any issues.

Link to comment
1 hour ago, Squid said:

Add that script to the user scripts plugin.  Set it to run on a schedule of your choice.  And also set ClamAV to not autostart (doesn't hurt, but not necessary)

Great thank you, "Antivirus Scan Started" and the schedule is set in User Scripts.

I am a little confused - what is it actually scanning?  Every disk in the array or just dockers?

Once it finds a file, does it inform you and does it treat it?

 

Thanks

Chris

Link to comment
  • 1 month later...

Thanks for the superb script and tool.  Makes me feel much better about my data and set up. 

I made a minor adjustment to the script to change the $notify type in case there are infected files found the allowable values are normal|warning|alert  for a green amber or red notification respectively...

 

it might help somebody...

 

#!/usr/bin/php
<?
$notify="normal";  
exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan Started" -s "Antivirus Scan" -d "Antivirus Scan Started" -i '.escapeshellarg($notify).'');
exec('docker start ClamAV');
for ( ;; ) {
  $status = trim(exec("docker ps | grep ClamAV"));
  if ( ! $status ) break;
  sleep(60);
}
exec("docker logs ClamAV 2>/dev/null",$logs);
foreach ($logs as $line) {
  $virus = explode(" ",$line);
  if (trim(end($virus)) == "FOUND" ) {
    $infected .= "$line\n";
    $notify="warning";  
  }
}

if ( ! $infected ) {
   $infected = "No infections found\n";
}

exec('/usr/local/emhttp/plugins/dynamix/scripts/notify -e "Antivirus Scan Finished" -s "Antivirus Scan" -d '.escapeshellarg($infected).' -i '.escapeshellarg($notify).'');

?>

 

  • Like 1
Link to comment
On 5/18/2021 at 12:05 PM, vroommm said:

Thanks for the superb script and tool.  Makes me feel much better about my data and set up. 

I made a minor adjustment to the script to change the $notify type in case there are infected files found the allowable values are normal|warning|alert  for a green amber or red notification respectively...

 

it might help somebody..

 

 

Thanks @vroommm

Link to comment
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.