TQ Posted February 11 Author Share Posted February 11 11 hours ago, doogle said: Anyone know how to get clamav to not scan .iso files. I would like to use it from the command line and not write a mile long script. I have tried --exclude=*.iso and ?.iso but neither one worked. If I have posted this in the wrong spot. please excuse me. I tried doing a search for this but when it returns 10 plus pages... what is the point of a search. This forum software kinda sucks. You can add your --exclude to the post-args section. Per the man page, you must use REGEX for the exclude option. I tested this in my environment. --exclude="^(.*\.iso)$" Quote Link to comment
doogle Posted February 12 Share Posted February 12 (edited) On 2/11/2024 at 4:53 AM, TQ said: You can add your --exclude to the post-args section. Per the man page, you must use REGEX for the exclude option. I tested this in my environment. --exclude="^(.*\.iso)$" Thanx for the response! I did investigate the REGEX thing. oh boy it started giving me a headache. You could earn a masters degree trying to figure that stuff out! I tried to find a way to change the defaults when clamav starts up but apparently the configure script is just not there with the unraid version. It looks like from the standard clamav documentation your supposed to be able to run this script, but it did not exist in my docker. Here is what I ended up coming up with ..... clamscan -r -i -z --exclude=\.iso --detect-pua=yes --alert-broken=yes --alert-broken-media=yes --alert-encrypted=yes --alert-macros=yes --alert-exceeds-max=no --max-dir-recursion=300 --max-recursion=300 -l /var/clamav.log /scan I noticed that your version of the regex uses the ^ symbol, which I took from the documentation to mean DOES NOT MATCH. Like I said the regex stuff is not very friendly at all. I just used the \.iso figuring the chances of running into a file that has .iso in the filename and not the extension are pretty slim. I found it annoying that I can only get clamav to scan up to a 4 Gb file. It does seem to find stuff that other av's do not so I'm happy with that. Edited February 12 by doogle forgot to ask Quote Link to comment
doogle Posted February 12 Share Posted February 12 What do you mean by post args section? Quote Link to comment
doogle Posted February 13 Share Posted February 13 nevermind I visited your github page... now I understand... I hope .... these are environment variables right? Quote Link to comment
TQ Posted February 13 Author Share Posted February 13 3 hours ago, doogle said: What do you mean by post args section? I made a spot in the template for these: Quote Link to comment
doogle Posted February 13 Share Posted February 13 Thanx. I'll have to remember to click the advanced view slider. Wish it would just stay on but I guess not. That worked great.. you da man! Quote Link to comment
Veah Posted February 21 Share Posted February 21 Hello, I am playing around with this, big TY to TQ (and Squid for the accompanying script). When testing the docker ClamAV I view <docker logs ClamAV> and get the scan summary with the tested directory as explained early in the thread. I see the correct number of files scanned. I set the container to scan a different dir and I get the same correct results as well. Everything seems to be working great. My question: Why is it that during the scan, the disk(s) on my array do not spin up for this activity? I am 100% sure the files are on certain HDDs and not cached. This is causing my brain to blue screen. Quote Link to comment
ijuarez Posted March 4 Share Posted March 4 (edited) I recently deployed @Masterwishx script and have it setup correctly. however when it starts at the designated time it scan the shares but it takes less than a minute and its down and I know it should take longer than that. Below are the scanning results, i am not sure where to get the actual log of clamav starting and giving me the info on what it scanned Any help to figure out why i am doing wrong would be appreciated. clamavmaplog.txt clamavtargets.txt Edited March 4 by ijuarez Quote Link to comment
ijuarez Posted March 5 Share Posted March 5 On 3/4/2024 at 9:10 AM, ijuarez said: I recently deployed @Masterwishx script and have it setup correctly. however when it starts at the designated time it scan the shares but it takes less than a minute and its down and I know it should take longer than that. Below are the scanning results, i am not sure where to get the actual log of clamav starting and giving me the info on what it scanned Any help to figure out why i am doing wrong would be appreciated. clamavmaplog.txt 370 B · 1 download clamavtargets.txt 92 B · 0 downloads this is what I get in the clamav docker logs no sure how to fix that Quote Link to comment
TQ Posted March 7 Author Share Posted March 7 On 3/5/2024 at 10:57 AM, ijuarez said: this is what I get in the clamav docker logs no sure how to fix that You're not using my container. Quote Link to comment
ijuarez Posted March 7 Share Posted March 7 17 hours ago, TQ said: You're not using my container. Yep works much better with the correct container thanks Quote Link to comment
Revan335 Posted March 24 Share Posted March 24 How can I exclude files or folders? Have the Script a excluded file/Option? For false positive founds. Quote Link to comment
bmartino1 Posted March 26 Share Posted March 26 (edited) Having a werid issues. where is the default docker log location? my post argument for your docker is ash /var/lib/clamav/autoscan.sh root@BMM-Unraid:/mnt/user/appdata/clamav# cat autoscan.sh #!/bin/ash echo update clamAV freshclam echo ClamAV Scan infected files "/scan" look at log... clamscan --recursive /scan -i --log=/var/lib/clamav/log.log root@BMM-Unraid:/mnt/user/appdata/clamav# however, since October it appears it didn't use my log location. cat of log.log ----------- SCAN SUMMARY ----------- Known viruses: 8677120 Engine version: 1.2.1 Scanned directories: 130198 Scanned files: 1121102 Infected files: 0 Data scanned: 911385.45 MB Data read: 7023130.85 MB (ratio 0.13:1) Time: 90580.602 sec (1509 m 40 s) Start Date: 2023:10:30 14:04:32 End Date: 2023:10:31 15:14:13 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- However if I go to unraid docker log I see my log file. Once this scan finishes, it appears that the docker stops. Not sure if that has something to do with it?may need to add a Pearl/bash sleep timer??? ... I"m using user script to start this docker to scan every 3 month as it takes a good 25 + hours to scan my system. Just trying to review the log to know what the infected file was... Edited March 26 by bmartino1 Quote Link to comment
bmartino1 Posted March 26 Share Posted March 26 4 minutes ago, bmartino1 said: Having a werid issues. where is the default docker log location? Unriad docker - advance view Container ID: 5a795e79860f By: tquinnelly/clamav-alpine Found by going to root@BMM-Unraid:/var/lib/docker/containers/5a795e79860fcbcfe5e96b59795685f3943de45b35160de67320b377044087dd# ls 5a795e79860fcbcfe5e96b59795685f3943de45b35160de67320b377044087dd-json.log config.v2.json hostname mounts/ checkpoints/ hostconfig.json hosts resolv.conf root@BMM-Unraid:/var/lib/docker/containers/5a795e79860fcbcfe5e96b59795685f3943de45b35160de67320b377044087dd# cat 5a795e79860fcbcfe5e96b59795685f3943de45b35160de67320b377044087dd-json.log | grep FOUND {"log":"/scan/Program-Installers-PCRepair/Office/ofice 2007 ent/Proofing.en-us/Proof.en/Proof.cab: Win.Trojan.Doina-10020352-0 FOUND\n","stream":"stdout","time":"2024-03-25T23:14:44.944844211Z"} root@BMM-Unraid:/var/lib/docker/containers/5a795e79860fcbcfe5e96b59795685f3943de45b35160de67320b377044087dd# weird that it didn't take the log options. Quote Link to comment
bmartino1 Posted March 26 Share Posted March 26 (edited) On 3/24/2024 at 9:25 AM, Revan335 said: How can I exclude files or folders? Have the Script a excluded file/Option? For false positive founds. https://linux.die.net/man/1/clamscan edit docker template advance view under options for add option and path form docker point of view path should be (by default unraid /mnt/user is dockers /scan) --exclude=REGEX, --exclude-dir=REGEX Don't scan file/directory names matching regular expression. These options can be used multiple times. add option --exclude-dir=/scan/(directory you want to not scan.) or single file... Edited March 26 by bmartino1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.