January 23, 20242 yr When I start the ClamAV container, the scan never seems to start. If I manually invoke ClamAV on the /scan directory, it starts and runs interactively in my terminal. When I check the logs, I do not see where the scan starts. What am I doing wrong? Thanks! clamav.txt freshclam.txt Edited January 23, 20242 yr by nate.smith317 Added log copy and paste
January 23, 20242 yr 2 hours ago, nate.smith317 said: When I start the ClamAV container, the scan never seems to start. What setting in parameter of container? It's better to use script for container to use it.
January 23, 20242 yr Author 4 hours ago, Masterwishx said: Do you have 99:100 permissions for Folder clamav As in container? Thanks Masterwishx for highlighting this. Indeed, 99:100 is the "Docker Safe Permission" user:group that is set when you run that script (nobody:users). Also, the built-in "newperms" runs this same change. If you have permission issues in your environment, I'd recommend either of these options on your ClamAV folder and running again.
January 24, 20242 yr ~# ls -la /mnt/cache/appdata/clamav total 20 drwxr-xr-x 2 nobody users 4 Jan 24 18:00 ./ drwxrwxrwx 14 nobody users 14 Aug 14 19:29 ../ -rw-rw-rw- 1 root root 206 Jan 24 18:00 clamavloglast.txt -rw-r--r-- 1 root root 146 Jan 24 18:00 clamavmaplog.txt ~# newperms /mnt/cache/appdata/clamav Processing: /mnt/cache/appdata/clamav ... chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav ... chown -R nobody:users /mnt/cache/appdata/clamav ... sync Completed, elapsed time: 00:00:00 ~# ls -la /mnt/cache/appdata/clamav total 20 drwxrwxrwx 2 nobody users 4 Jan 24 18:00 ./ drwxrwxrwx 14 nobody users 14 Aug 14 19:29 ../ -rw-rw-rw- 1 nobody users 206 Jan 24 18:00 clamavloglast.txt -rw-rw-rw- 1 nobody users 146 Jan 24 18:00 clamavmaplog.txt Hmmm, why is this not default when the Docker Container created the Folder?
February 5, 20242 yr A Scan Time from under 1 Minute is very strange. That's to fast! For multiple Folders or generally. Who can I see the reason and fix that?
February 5, 20242 yr Author A Scan Time from under 1 Minute is very strange. That's to fast! For multiple Folders or generally. Who can I see the reason and fix that?I would start with the docker logs of the container. See what the errors tell you.
February 5, 20242 yr 35 minutes ago, TQ said: I would start with the docker logs of the container. See what the errors tell you. The Log is not realy full. From the Logs from the appdata Folder. 2024-02-05T18:00:01+01:00 ClamAV process starting Unpdating ClamAV scan DB ClamAV update process started at Mon Feb 5 18:00:01 2024 daily database available for update (local version: 27175, remote version: 27176) Testing database: '/var/lib/clamav/tmp.f4fcca8fc9/clamav-c9679ca3d16a35cbd8ef83a889b2effa.tmp-daily.cld' ... Database test passed. daily.cld updated (version: 27176, sigs: 2052336, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Freshclam updated the DB ClamAV 1.2.1/27176/Mon Feb 5 10:35:30 2024 Scanning /scan ----------- SCAN SUMMARY ----------- Known viruses: 8684206 Engine version: 1.2.1 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 13.233 sec (0 m 13 s) Start Date: 2024:02:05 18:00:07 End Date: 2024:02:05 18:00:20 The Docker Container Log: WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory LibClamAV Warning: Max file-size was set to 4294967296 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported. WARNING: Only scanning files from --file-list (files passed at cmdline are ignored) ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt LibClamAV Warning: Max file-size was set to 4294967296 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported. WARNING: Only scanning files from --file-list (files passed at cmdline are ignored) ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory LibClamAV Warning: Max file-size was set to 4294967296 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported. WARNING: Only scanning files from --file-list (files passed at cmdline are ignored) ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Freshclam updated the DB ClamAV 1.2.1/27175/Sun Feb 4 10:36:45 2024 Scanning /scan ----------- SCAN SUMMARY ----------- Known viruses: 8684116 Engine version: 1.2.1 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 13.054 sec (0 m 13 s) Start Date: 2024:02:04 12:04:34 End Date: 2024:02:04 12:04:47 2024-02-04T18:00:01+01:00 ClamAV process starting Unpdating ClamAV scan DB ClamAV update process started at Sun Feb 4 18:00:01 2024 daily.cld database is up-to-date (version: 27175, sigs: 2052246, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Freshclam updated the DB ClamAV 1.2.1/27175/Sun Feb 4 10:36:45 2024 Scanning /scan ----------- SCAN SUMMARY ----------- Known viruses: 8684116 Engine version: 1.2.1 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 12.743 sec (0 m 12 s) Start Date: 2024:02:04 18:00:01 End Date: 2024:02:04 18:00:14 2024-02-05T18:00:01+01:00 ClamAV process starting Unpdating ClamAV scan DB ClamAV update process started at Mon Feb 5 18:00:01 2024 daily database available for update (local version: 27175, remote version: 27176) Testing database: '/var/lib/clamav/tmp.f4fcca8fc9/clamav-c9679ca3d16a35cbd8ef83a889b2effa.tmp-daily.cld' ... Database test passed. daily.cld updated (version: 27176, sigs: 2052336, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Freshclam updated the DB ClamAV 1.2.1/27176/Mon Feb 5 10:35:30 2024 Scanning /scan ----------- SCAN SUMMARY ----------- Known viruses: 8684206 Engine version: 1.2.1 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 13.233 sec (0 m 13 s) Start Date: 2024:02:05 18:00:07 End Date: 2024:02:05 18:00:20 ** Drücke eine BELIEBIGE TASTE, um dieses Fenster zu schließen ** Apparently something has been changed in the max file size. I change this Parameter to 2 GB. Here the Files from the appdata Folder. # ls -la /mnt/user/appdata/clamav/ total 361649 drwxrwxrwx 2 nobody users 9 Feb 5 22:06 ./ drwxrwxrwx 33 nobody users 33 Nov 3 21:38 ../ -rw-r--r-- 1 100 console 291965 Apr 7 2023 bytecode.cvd -rw-r--r-- 1 root root 990 Feb 5 18:00 clamavloglast.txt -rw-r--r-- 1 root root 895 Feb 5 18:00 clamavmaplog.txt -rw-r--r-- 1 root root 215 Feb 5 18:00 clamavtargets.txt -rw-r--r-- 1 100 console 198986752 Feb 5 18:00 daily.cld -rw-r--r-- 1 100 console 69 Apr 24 2022 freshclam.dat -rw-r--r-- 1 100 console 170479789 Apr 24 2022 main.cvd Edited February 5, 20242 yr by Revan335
February 5, 20242 yr Author ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt WARNING: Only scanning files from --file-list (files passed at cmdline are ignored) ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt WARNING: Only scanning files from --file-list (files passed at cmdline are ignored) ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt This error is at the top. This is your issue. You've explicitly set "--file-list" but the container cannot see that file, or has no permission to it.
February 5, 20242 yr 26 minutes ago, TQ said: You've explicitly set "--file-list" but the container cannot see that file, or has no permission to it. Whats Permissisons are needed?
February 6, 20242 yr 9 hours ago, Revan335 said: Here the Files from the appdata Folder. # ls -la /mnt/user/appdata/clamav/ total 361649 drwxrwxrwx 2 nobody users 9 Feb 5 22:06 ./ drwxrwxrwx 33 nobody users 33 Nov 3 21:38 ../ -rw-r--r-- 1 100 console 291965 Apr 7 2023 bytecode.cvd -rw-r--r-- 1 root root 990 Feb 5 18:00 clamavloglast.txt -rw-r--r-- 1 root root 895 Feb 5 18:00 clamavmaplog.txt -rw-r--r-- 1 root root 215 Feb 5 18:00 clamavtargets.txt -rw-r--r-- 1 100 console 198986752 Feb 5 18:00 daily.cld -rw-r--r-- 1 100 console 69 Apr 24 2022 freshclam.dat -rw-r--r-- 1 100 console 170479789 Apr 24 2022 main.cvd 3 hours ago, TQ said: Read at minimum Read is exist for everyone.
February 6, 20242 yr Author 4 hours ago, Revan335 said: Read is exist for everyone. Permissions are correct. But the error persists. Perhaps your volume mounts are not correct. Do you have a volume mounted for the directory you are trying to scan as well as the file that has the scan folders in it? From my Github documentation: docker run -d --name=ClamAV \ --cpuset-cpus='0,1' \ -v /path/to/scan:/scan:ro \ -v /path/to/sig:/var/lib/clamav:rw \ tquinnelly/clamav-alpine -i --log=/var/lib/clamav/log.log --max-filesize=2048M That path to "signatures" is the path you are working with. Is that path mounted? If not, you have to mount it before calling a file in it. It also is relevant to the container path, not the host. --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt If you've mounted it as in my example, it would be: --file-list=/var/lib/clamav/clamavtargets.txt
February 6, 20242 yr docker run -d --name='ClamAV' --net='bridge' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e HOST_HOSTNAME="***" -e HOST_CONTAINERNAME="ClamAV" -e 'USER_ID'='99' -e 'GROUP_ID'='100' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='https://github.com/tquizzle/clamav-alpine/blob/master/img/clamav.png?raw=1' -v '/mnt/user':'/scan':'ro' -v '/mnt/user/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine' -i --log=/var/lib/clamav/log.log --max-filesize=2048M --max-scansize=2048M -f --file-list=/scan/appdata/clamav/clamavtargets.txt Yes, its mounted from the Default Template. With this, we became the same error: docker run -d --name='ClamAV' --net='bridge' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e HOST_HOSTNAME="***" -e HOST_CONTAINERNAME="ClamAV" -e 'USER_ID'='99' -e 'GROUP_ID'='100' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='https://github.com/tquizzle/clamav-alpine/blob/master/img/clamav.png?raw=1' -v '/mnt/user':'/scan':'ro' -v '/mnt/user/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine' -i --log=/var/lib/clamav/log.log --max-filesize=2048M --max-scansize=2048M -f --file-list=/var/lib/clamav/clamavtargets.txt WARNING: Only scanning files from --file-list (files passed at cmdline are ignored) ERROR: --file-list: Can't open file --file-list=/var/lib/clamav/clamavtargets.txt 2024-02-06T13:44:10+01:00 ClamAV process starting Unpdating ClamAV scan DB ClamAV update process started at Tue Feb 6 13:44:10 2024 daily.cld database is up-to-date (version: 27177, sigs: 2052428, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Freshclam updated the DB ClamAV 1.2.1/27177/Tue Feb 6 10:34:50 2024 Scanning /scan ----------- SCAN SUMMARY ----------- Known viruses: 8684298 Engine version: 1.2.1 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 12.888 sec (0 m 12 s) Start Date: 2024:02:06 13:44:10 End Date: 2024:02:06 13:44:23 Edited February 6, 20242 yr by Revan335
February 6, 20242 yr Author Maybe try without scan targets txt file. In the errors, you can see the container cannot open that file
February 7, 20242 yr On 2/6/2024 at 2:07 PM, TQ said: Maybe try without scan targets txt file. In the errors, you can see the container cannot open that file OK, without that. Its Running longer. This is the actually log: 2024-02-07T17:21:25+01:00 ClamAV process starting Unpdating ClamAV scan DB ClamAV update process started at Wed Feb 7 17:21:26 2024 daily database available for update (local version: 27177, remote version: 27178) Testing database: '/var/lib/clamav/tmp.ca29159519/clamav-29d3efd36d02b5b2da1c73d66e4f2cac.tmp-daily.cld' ... Database test passed. daily.cld updated (version: 27178, sigs: 2052470, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory Freshclam updated the DB ClamAV 1.2.1/27178/Wed Feb 7 10:35:39 2024 Scanning /scan But why have my two Servers this Permission Error? With or without the Improved Script from @Masterwishx
February 7, 20242 yr Author 5 hours ago, Revan335 said: OK, without that. Its Running longer. This is the actually log: 2024-02-07T17:21:25+01:00 ClamAV process starting Unpdating ClamAV scan DB ClamAV update process started at Wed Feb 7 17:21:26 2024 daily database available for update (local version: 27177, remote version: 27178) Testing database: '/var/lib/clamav/tmp.ca29159519/clamav-29d3efd36d02b5b2da1c73d66e4f2cac.tmp-daily.cld' ... Database test passed. daily.cld updated (version: 27178, sigs: 2052470, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory Freshclam updated the DB ClamAV 1.2.1/27178/Wed Feb 7 10:35:39 2024 Scanning /scan But why have my two Servers this Permission Error? With or without the Improved Script from @Masterwishx Permissions have nothing to do with @Masterwishx script. The should inherit from the UID/GID passed via the container.
February 7, 20242 yr Author I was able to utilize the --file-list option and scanned a specific directory (a subdirectory of /scan) ... daily.cld database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Freshclam updated the DB ClamAV 1.2.1/27178/Wed Feb 7 03:35:39 2024 Scanning /scan WARNING: Only scanning files from --file-list (files passed at cmdline are ignored) ----------- SCAN SUMMARY ----------- Known viruses: 8684340 Engine version: 1.2.1 Scanned directories: 29 Scanned files: 1427 Infected files: 0 Data scanned: 65.70 MB Data read: 25121.64 MB (ratio 0.00:1) Time: 271.660 sec (4 m 31 s) Start Date: 2024:02:07 16:40:51 End Date: 2024:02:07 16:45:23 2024-02-07T16:45:23-06:00 ClamAV scanning finished Latest reconfigured container options: docker run -d --name='ClamAV' --net='bridge' --cpuset-cpus='0,1' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e HOST_HOSTNAME="" -e HOST_CONTAINERNAME="ClamAV" -e 'USER_ID'='99' -e 'GROUP_ID'='100' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='https://github.com/tquizzle/clamav-alpine/blob/master/img/clamav.png?raw=1' -v '/mnt/cache/appdata/downloads/':'/scan':'ro' -v '/mnt/cache/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine' -i --file-list=/var/lib/clamav/scanfiles --log=/var/lib/clamav/log.log --max-filesize=2040M File list: scanfiles /scan/subdirectory/another-directory The key point here is that the reference to these supporting files passed in as vars are from the containers path, not the host. Hope this helps anyone facing this challenge.
February 7, 20242 yr 31 minutes ago, TQ said: --file-list=/var/lib/clamav/scanfiles This is a directory? 31 minutes ago, TQ said: File list: scanfiles /scan/subdirectory/another-directory This is the Entry of scanfiles but than he is a txt file and not a directory? And without the -f Parameter? For example /scan/download/testfolder Edited February 7, 20242 yr by Revan335
February 7, 20242 yr Maybe I got it: -i --log=/var/lib/clamav/log.log --max-filesize=2048M --max-scansize=2048M --file-list=/var/lib/clamav/clamavtargets.txt Without the -f I monitoring this. At the next run. Can you update the Template with the new Information's/Parameters?
February 8, 20242 yr Author 2 hours ago, Revan335 said: This is a directory? No, it is a file that has the contents that is listed below. 2 hours ago, Revan335 said: This is the Entry of scanfiles but than he is a txt file and not a directory? For example /scan/download/testfolder Yes. -f is the shorthand version of --file-list
February 8, 20242 yr On 2/5/2024 at 10:01 PM, Revan335 said: WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory Can I fix this?
February 10, 20242 yr Anyone know how to get clamav to not scan .iso files. I would like to use it from the command line and not write a mile long script. I have tried --exclude=*.iso and ?.iso but neither one worked. If I have posted this in the wrong spot. please excuse me. I tried doing a search for this but when it returns 10 plus pages... what is the point of a search. This forum software kinda sucks. Edited February 10, 20242 yr by doogle additional info
February 11, 20242 yr Author 11 hours ago, doogle said: Anyone know how to get clamav to not scan .iso files. I would like to use it from the command line and not write a mile long script. I have tried --exclude=*.iso and ?.iso but neither one worked. If I have posted this in the wrong spot. please excuse me. I tried doing a search for this but when it returns 10 plus pages... what is the point of a search. This forum software kinda sucks. You can add your --exclude to the post-args section. Per the man page, you must use REGEX for the exclude option. I tested this in my environment. --exclude="^(.*\.iso)$"
February 12, 20242 yr On 2/11/2024 at 4:53 AM, TQ said: You can add your --exclude to the post-args section. Per the man page, you must use REGEX for the exclude option. I tested this in my environment. --exclude="^(.*\.iso)$" Thanx for the response! I did investigate the REGEX thing. oh boy it started giving me a headache. You could earn a masters degree trying to figure that stuff out! I tried to find a way to change the defaults when clamav starts up but apparently the configure script is just not there with the unraid version. It looks like from the standard clamav documentation your supposed to be able to run this script, but it did not exist in my docker. Here is what I ended up coming up with ..... clamscan -r -i -z --exclude=\.iso --detect-pua=yes --alert-broken=yes --alert-broken-media=yes --alert-encrypted=yes --alert-macros=yes --alert-exceeds-max=no --max-dir-recursion=300 --max-recursion=300 -l /var/clamav.log /scan I noticed that your version of the regex uses the ^ symbol, which I took from the documentation to mean DOES NOT MATCH. Like I said the regex stuff is not very friendly at all. I just used the \.iso figuring the chances of running into a file that has .iso in the filename and not the extension are pretty slim. I found it annoying that I can only get clamav to scan up to a 4 Gb file. It does seem to find stuff that other av's do not so I'm happy with that. Edited February 12, 20242 yr by doogle forgot to ask
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.