[Support] ClamAV


Recommended Posts

4 hours ago, Masterwishx said:

Do you have 99:100 permissions for Folder clamav As in container? 

 

Thanks Masterwishx for highlighting this.

 
Indeed, 99:100 is the "Docker Safe Permission" user:group that is set when you run that script (nobody:users). Also, the built-in "newperms" runs this same change.

 

If you have permission issues in your environment, I'd recommend either of these options on your ClamAV folder and running again.

  • Like 1
Link to comment
~# ls -la /mnt/cache/appdata/clamav
total 20
drwxr-xr-x  2 nobody users   4 Jan 24 18:00 ./
drwxrwxrwx 14 nobody users  14 Aug 14 19:29 ../
-rw-rw-rw-  1 root   root  206 Jan 24 18:00 clamavloglast.txt
-rw-r--r--  1 root   root  146 Jan 24 18:00 clamavmaplog.txt

~# newperms /mnt/cache/appdata/clamav
Processing: /mnt/cache/appdata/clamav
... chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav
... chown -R nobody:users /mnt/cache/appdata/clamav
... sync

Completed, elapsed time: 00:00:00

~# ls -la /mnt/cache/appdata/clamav
total 20
drwxrwxrwx  2 nobody users   4 Jan 24 18:00 ./
drwxrwxrwx 14 nobody users  14 Aug 14 19:29 ../
-rw-rw-rw-  1 nobody users 206 Jan 24 18:00 clamavloglast.txt
-rw-rw-rw-  1 nobody users 146 Jan 24 18:00 clamavmaplog.txt

Hmmm, why is this not default when the Docker Container created the Folder?

Link to comment
  • 2 weeks later...
A Scan Time from under 1 Minute is very strange.
 
That's to fast!
For multiple Folders or generally.
 
Who can I see the reason and fix that?

I would start with the docker logs of the container. See what the errors tell you.
Link to comment
35 minutes ago, TQ said:


I would start with the docker logs of the container. See what the errors tell you.

 

The Log is not realy full.

From the Logs from the appdata Folder.

2024-02-05T18:00:01+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Mon Feb  5 18:00:01 2024
daily database available for update (local version: 27175, remote version: 27176)
Testing database: '/var/lib/clamav/tmp.f4fcca8fc9/clamav-c9679ca3d16a35cbd8ef83a889b2effa.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 27176, sigs: 2052336, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27176/Mon Feb  5 10:35:30 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684206
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 13.233 sec (0 m 13 s)
Start Date: 2024:02:05 18:00:07
End Date:   2024:02:05 18:00:20

 

The Docker Container Log:

WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory
LibClamAV Warning: Max file-size was set to 4294967296 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported.
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
LibClamAV Warning: Max file-size was set to 4294967296 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported.
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory
LibClamAV Warning: Max file-size was set to 4294967296 bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported.
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27175/Sun Feb  4 10:36:45 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684116
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 13.054 sec (0 m 13 s)
Start Date: 2024:02:04 12:04:34
End Date:   2024:02:04 12:04:47

2024-02-04T18:00:01+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Sun Feb  4 18:00:01 2024
daily.cld database is up-to-date (version: 27175, sigs: 2052246, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27175/Sun Feb  4 10:36:45 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684116
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 12.743 sec (0 m 12 s)
Start Date: 2024:02:04 18:00:01
End Date:   2024:02:04 18:00:14

2024-02-05T18:00:01+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Mon Feb  5 18:00:01 2024
daily database available for update (local version: 27175, remote version: 27176)
Testing database: '/var/lib/clamav/tmp.f4fcca8fc9/clamav-c9679ca3d16a35cbd8ef83a889b2effa.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 27176, sigs: 2052336, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27176/Mon Feb  5 10:35:30 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684206
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 13.233 sec (0 m 13 s)
Start Date: 2024:02:05 18:00:07
End Date:   2024:02:05 18:00:20

** Drücke eine BELIEBIGE TASTE, um dieses Fenster zu schließen ** 

 

Apparently something has been changed in the max file size. I change this Parameter to 2 GB.

 

Here the Files from the appdata Folder.

# ls -la /mnt/user/appdata/clamav/
total 361649
drwxrwxrwx  2 nobody users           9 Feb  5 22:06 ./
drwxrwxrwx 33 nobody users          33 Nov  3 21:38 ../
-rw-r--r--  1    100 console    291965 Apr  7  2023 bytecode.cvd
-rw-r--r--  1 root   root          990 Feb  5 18:00 clamavloglast.txt
-rw-r--r--  1 root   root          895 Feb  5 18:00 clamavmaplog.txt
-rw-r--r--  1 root   root          215 Feb  5 18:00 clamavtargets.txt
-rw-r--r--  1    100 console 198986752 Feb  5 18:00 daily.cld
-rw-r--r--  1    100 console        69 Apr 24  2022 freshclam.dat
-rw-r--r--  1    100 console 170479789 Apr 24  2022 main.cvd

 

Edited by Revan335
Link to comment
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt
WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt

 

This error is at the top.

This is your issue.

 

You've explicitly set "--file-list" but the container cannot see that file, or has no permission to it.

Link to comment
9 hours ago, Revan335 said:

Here the Files from the appdata Folder.

# ls -la /mnt/user/appdata/clamav/
total 361649
drwxrwxrwx  2 nobody users           9 Feb  5 22:06 ./
drwxrwxrwx 33 nobody users          33 Nov  3 21:38 ../
-rw-r--r--  1    100 console    291965 Apr  7  2023 bytecode.cvd
-rw-r--r--  1 root   root          990 Feb  5 18:00 clamavloglast.txt
-rw-r--r--  1 root   root          895 Feb  5 18:00 clamavmaplog.txt
-rw-r--r--  1 root   root          215 Feb  5 18:00 clamavtargets.txt
-rw-r--r--  1    100 console 198986752 Feb  5 18:00 daily.cld
-rw-r--r--  1    100 console        69 Apr 24  2022 freshclam.dat
-rw-r--r--  1    100 console 170479789 Apr 24  2022 main.cvd

 

3 hours ago, TQ said:

Read at minimum

Read is exist for everyone.

Link to comment
4 hours ago, Revan335 said:

 

Read is exist for everyone.

 

Permissions are correct. But the error persists. 

Perhaps your volume mounts are not correct.

 

Do you have a volume mounted for the directory you are trying to scan as well as the file that has the scan folders in it?

 

From my Github documentation:

docker run -d --name=ClamAV \
  --cpuset-cpus='0,1' \
  -v /path/to/scan:/scan:ro \
  -v /path/to/sig:/var/lib/clamav:rw \
  tquinnelly/clamav-alpine -i --log=/var/lib/clamav/log.log --max-filesize=2048M

 

That path to "signatures" is the path you are working with.

Is that path mounted? If not, you have to mount it before calling a file in it.

It also is relevant to the container path, not the host.

--file-list: Can't open file /scan/appdata/clamav/clamavtargets.txt

 

If you've mounted it as in my example, it would be:

--file-list=/var/lib/clamav/clamavtargets.txt

 

Link to comment
docker run
  -d
  --name='ClamAV'
  --net='bridge'
  -e TZ="Europe/Berlin"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="***"
  -e HOST_CONTAINERNAME="ClamAV"
  -e 'USER_ID'='99'
  -e 'GROUP_ID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://github.com/tquizzle/clamav-alpine/blob/master/img/clamav.png?raw=1'
  -v '/mnt/user':'/scan':'ro'
  -v '/mnt/user/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine'
  -i
  --log=/var/lib/clamav/log.log
  --max-filesize=2048M
  --max-scansize=2048M
  -f 
  --file-list=/scan/appdata/clamav/clamavtargets.txt

Yes, its mounted from the Default Template.

 

With this, we became the same error:

docker run
  -d
  --name='ClamAV'
  --net='bridge'
  -e TZ="Europe/Berlin"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="***"
  -e HOST_CONTAINERNAME="ClamAV"
  -e 'USER_ID'='99'
  -e 'GROUP_ID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://github.com/tquizzle/clamav-alpine/blob/master/img/clamav.png?raw=1'
  -v '/mnt/user':'/scan':'ro'
  -v '/mnt/user/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine'
  -i
  --log=/var/lib/clamav/log.log
  --max-filesize=2048M
  --max-scansize=2048M
  -f
  --file-list=/var/lib/clamav/clamavtargets.txt

 

WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)
ERROR: --file-list: Can't open file --file-list=/var/lib/clamav/clamavtargets.txt

2024-02-06T13:44:10+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Tue Feb  6 13:44:10 2024
daily.cld database is up-to-date (version: 27177, sigs: 2052428, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27177/Tue Feb  6 10:34:50 2024

Scanning /scan


----------- SCAN SUMMARY -----------
Known viruses: 8684298
Engine version: 1.2.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 12.888 sec (0 m 12 s)
Start Date: 2024:02:06 13:44:10
End Date:   2024:02:06 13:44:23

 

Edited by Revan335
Link to comment
On 2/6/2024 at 2:07 PM, TQ said:

Maybe try without scan targets txt file.

In the errors, you can see the container cannot open that file

OK, without that. Its Running longer.

 

This is the actually log:

2024-02-07T17:21:25+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Wed Feb  7 17:21:26 2024
daily database available for update (local version: 27177, remote version: 27178)
Testing database: '/var/lib/clamav/tmp.ca29159519/clamav-29d3efd36d02b5b2da1c73d66e4f2cac.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

Freshclam updated the DB

ClamAV 1.2.1/27178/Wed Feb  7 10:35:39 2024

Scanning /scan


 

But why have my two Servers this Permission Error?

With or without the Improved Script from @Masterwishx

Link to comment
5 hours ago, Revan335 said:

OK, without that. Its Running longer.

 

This is the actually log:

2024-02-07T17:21:25+01:00 ClamAV process starting

Unpdating ClamAV scan DB

ClamAV update process started at Wed Feb  7 17:21:26 2024
daily database available for update (local version: 27177, remote version: 27178)
Testing database: '/var/lib/clamav/tmp.ca29159519/clamav-29d3efd36d02b5b2da1c73d66e4f2cac.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

Freshclam updated the DB

ClamAV 1.2.1/27178/Wed Feb  7 10:35:39 2024

Scanning /scan


 

But why have my two Servers this Permission Error?

With or without the Improved Script from @Masterwishx

 

Permissions have nothing to do with @Masterwishx script. 

The should inherit from the UID/GID passed via the container.

Link to comment

I was able to utilize the --file-list option and scanned a specific directory (a subdirectory of /scan)

 

...
daily.cld database is up-to-date (version: 27178, sigs: 2052470, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)

Freshclam updated the DB

ClamAV 1.2.1/27178/Wed Feb  7 03:35:39 2024

Scanning /scan

WARNING: Only scanning files from --file-list (files passed at cmdline are ignored)

----------- SCAN SUMMARY -----------
Known viruses: 8684340
Engine version: 1.2.1
Scanned directories: 29
Scanned files: 1427
Infected files: 0
Data scanned: 65.70 MB
Data read: 25121.64 MB (ratio 0.00:1)
Time: 271.660 sec (4 m 31 s)
Start Date: 2024:02:07 16:40:51
End Date:   2024:02:07 16:45:23

2024-02-07T16:45:23-06:00 ClamAV scanning finished

 

Latest reconfigured container options:

docker run
  -d
  --name='ClamAV'
  --net='bridge'
  --cpuset-cpus='0,1'
  -e TZ="America/Chicago"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME=""
  -e HOST_CONTAINERNAME="ClamAV"
  -e 'USER_ID'='99'
  -e 'GROUP_ID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://github.com/tquizzle/clamav-alpine/blob/master/img/clamav.png?raw=1'
  -v '/mnt/cache/appdata/downloads/':'/scan':'ro'
  -v '/mnt/cache/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine'
  -i
  --file-list=/var/lib/clamav/scanfiles
  --log=/var/lib/clamav/log.log
  --max-filesize=2040M

 

File list: scanfiles

/scan/subdirectory/another-directory

 

 

The key point here is that the reference to these supporting files passed in as vars are from the containers path, not the host.

Hope this helps anyone facing this challenge.

Link to comment
31 minutes ago, TQ said:
  --file-list=/var/lib/clamav/scanfiles

This is a directory?

 

31 minutes ago, TQ said:

File list: scanfiles

/scan/subdirectory/another-directory

 

This is the Entry of scanfiles but than he is a txt file and not a directory?

And without the -f Parameter?

 

For example /scan/download/testfolder

Edited by Revan335
Link to comment

Maybe I got it:

-i --log=/var/lib/clamav/log.log --max-filesize=2048M --max-scansize=2048M --file-list=/var/lib/clamav/clamavtargets.txt

Without the -f

 

I monitoring this. At the next run.

 

Can you update the Template with the new Information's/Parameters?

Link to comment
2 hours ago, Revan335 said:

This is a directory?

No, it is a file that has the contents that is listed below.

 

2 hours ago, Revan335 said:

This is the Entry of scanfiles but than he is a txt file and not a directory?

 

For example /scan/download/testfolder

Yes.


-f is the shorthand version of --file-list

Link to comment

Anyone know how to get clamav to not scan .iso files. I would like to use it from the command line and not write a mile long script.

I have tried --exclude=*.iso and ?.iso  but neither one worked.

 

If I have posted this in the wrong spot. please excuse me. I tried doing a search for this but when it returns 10 plus pages... what is the point of a search. This forum software kinda sucks.

Edited by doogle
additional info
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.