Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] ClamAV

Featured Replies

On 7/19/2021 at 4:27 PM, luca2 said:

Hi, thx for the docker!

I tri3ed -after install- to add:


--max-scansize=4000N --max-filesize=4000N

but as soon as I press save, the docker disappears. Anyone expiriencieng the same?

Rgds

Also to note, based on what I read earlier in the thread, it should be 4000"M", not 4000"N".

  • Replies 336
  • Views 113.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • You would make another instance of the container.  Each instance scans whatever is specified

  • chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav chown -R nobody:users  /mnt/cache/appdata/clamav

Posted Images

On 4/18/2021 at 8:32 AM, SmokeyColes said:

Great thank you, "Antivirus Scan Started" and the schedule is set in User Scripts.

I am a little confused - what is it actually scanning?  Every disk in the array or just dockers?

Once it finds a file, does it inform you and does it treat it?

 

Thanks

Chris

I've never created a custom script before and am pretty confused on the formatting. Can you or someone else share your script for getting a virus scan to execute automatically on a schedule via User Scripts? 

9 hours ago, ThatTallGuy21 said:

I've never created a custom script before and am pretty confused on the formatting. Can you or someone else share your script for getting a virus scan to execute automatically on a schedule via User Scripts? 

The script to use in user scripts is in the OP

  • 1 month later...

Hi everyone !

i'm getting this errors / warnings :

 

Updating ClamAV scan DB
ClamAV update process started at Sat Sep 4 08:52:39 2021
WARNING: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN).

WARNING: You are still on cool-down until after: 2021-09-04 12:48:27

This means that you have been rate limited by the CDN.
1. Run FreshClam no more than once an hour to check for updates.
FreshClam should check DNS first to see if an update is needed.
2. If you have more than 10 hosts on your network attempting to download,
it is recommended that you set up a private mirror on your network using
cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
CDN and your own network.
3. Please do not open a ticket asking for an exemption from the rate limit,
it will not be granted.


Freshclam updated the DB


ClamAV 0.103.3/26217/Wed Jun 30 11:10:04 2021

Scanning /scan

LibClamAV Warning: **************************************************

LibClamAV Warning: *** The virus database is older than 7 days! ***

LibClamAV Warning: *** Please update it as soon as possible. ***

LibClamAV Warning: **************************************************

 

Any idea what the problem could be ?

I'm running ClamAV on a monthly basis, nothing more

  • Author
16 hours ago, AmokK said:

Hi everyone !

i'm getting this errors / warnings :

 

Updating ClamAV scan DB
ClamAV update process started at Sat Sep 4 08:52:39 2021
WARNING: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN).

WARNING: You are still on cool-down until after: 2021-09-04 12:48:27

This means that you have been rate limited by the CDN.
1. Run FreshClam no more than once an hour to check for updates.
FreshClam should check DNS first to see if an update is needed.
2. If you have more than 10 hosts on your network attempting to download,
it is recommended that you set up a private mirror on your network using
cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
CDN and your own network.
3. Please do not open a ticket asking for an exemption from the rate limit,
it will not be granted.

 

Any idea what the problem could be ?

I'm running ClamAV on a monthly basis, nothing more

 

You've been rate limited. 

 

Are you behind a large NAT? That error indicates rate limited.

 

If you continue to have issues, rebuild the container and try again. If that doesn't work, try manually installing the main db files into a bind mounted dir and see if that works.

I completely deleted the container including appdata folder, rebuilt it, no problems now.

Not being behind a large NAT by the way, just my personal home connection.

Thanks for your help @TQ :)

Edited by AmokK
typo error

  • 1 month later...

Thank you @TQ for this.

 

EDIT 2024-01-14: please see updated version here:

 

I wrote another user script to start and control the scanning. With it you can select which shares to scan. The script can be scheduled. You can select one day in a week when the script runs another set of shares. The intention is to scan a small set daily and then a full scan once per week, and and completely avoid scanning some shares.

 

Some snippets as a sample:

# Edit these parameters:
# List of Unraid shares to scan under /mnt/user. Check YOUR Unraid "Shares" tab.
# Put a space between each share name.
FOLDERSDAILY="incoming shared"
FOLDERSWEEKLY="isos incoming shared backups myverybigshare"
# Select which day is weekly scan day (1=mon, 7=sun).
WEEKLYDAY=2

 

The script writes the target directories into a parameter file.

# Switch to advanced mode (click basic mode at top right) and change
# "Post parameters" to "-i -f /var/lib/clamav/clamavtargets.txt".
# This tells the scanner to use a target list in a file instead of
# scanning every Unraid share.

This is the only required change to the container definition.

 

The user script writes the parameter file and runs the container.

 

Full script is here: https://github.com/Helediron/unraid-dailyclamavscan

Credits to @Squid for the original script, on which this is based.

 

Edited by Helediron
Endorsing another user's updates

On 10/11/2021 at 12:11 PM, Helediron said:

I wrote another user script to start and control the scanning. With it you can select which shares to scan. The script can be scheduled. You can select one day in a week when the script runs another set of shares. The intention is to scan a small set daily and then a full scan once per week, and and completely avoid scanning some shares.

Thanks Helediron. Can I do a daily scan of cache without making huge changes to the script?

5 hours ago, rbronco21 said:

Thanks Helediron. Can I do a daily scan of cache without making huge changes to the script?

Hi, script parameter and container parameter customisation sshould be enough.

 

ClamAV scans whatever it finds in the Docker container's internal /scan folder, which usually is mapped to external folder /mnt/user. If you change that container parameter to e.g. /mnt/cache (assuming "standard" naming), then you can direct the container to scan the cache.

 

Now, if you want to scan the cache completely, you don't need my script. Just point the container to the cache as above and run the container. This one-liner starts the scan:

  docker start ClamAV

Put that into a user script, schedule it daily and you're done.

 

 

If you want the folder selection or those fancy notifications, then continue. ->

 

To modify the script, there are more parameters in the script to customise. Find this block:

#Technical parameters
# name of the container.
CONTAINER=ClamAV
# Location of ClamAV application data folder in Unraid host. 
# Must match with container parameter "ClamAV Signatures:"
HOSTAPPDATA=/mnt/user/appdata/clamav
# Location of scanned directory. 
# Must match with container parameter "Folder to Scan:"
HOSTSCANDIR=/mnt/user
...

and customize the script too. The script parameter HOSTSCANDIR must match with the container parameter.  Change "HOSTSCANDIR=/mnt/user" to "HOSTSCANDIR=/mnt/cache".

 

Put into FOLDERSDAILY and FOLDERSWEEKLY directories right under /mnt/cache, e.g. FOLDERSDAILY="domains isos" .

 

If you want to run both user shares and directories under cache, it's getting more complex. There are two options:

  1. If you want to scan both /mnt/cache and /mnt/user completely, then set the scan point to /mnt and set FOLDERSDAILY and FOLDERSWEEKLY to "cache user" . We just moved here one step higher in folder hierarchy.
  2. If you want to scan subsets in both, then you have to duplicate the ClamAV container and script and customise them independently. In the second script you have to change CONTAINER and HOSTAPPDATA to match the second container. (Actually i don't yet know how that's done in Unraid, i'm Unraid noob).

The script prints some debugging info. You'll see that if you run the script interactively with User Script plugin. It verifies that the folders actually exist and prints what it finds and finds not. If the scan takes long time, you can safely stop the script, but remember to stop the ClamAV container too.

Edited by Helediron

  • 3 weeks later...

I just started a 2nd scan after two months, and the notify script still picks up the previous infection (a file that I since removed) from the ClamAV docker logs, so I still get an FOUND message. Anyone else seeing this?

Hoping someone might be able to help me out with a part of my setup.  

 

I have the ClamAv from https://hub.docker.com/r/mkodockx/docker-clamav  setup so that I can run this as an active daemon scanner for Nextcloud which I got working

 

But I note the below error I am not sure how I would go about changing things to not hit the time limit.. for the database test. 

 

Below is the error log that I have. 

 

 

Thu Nov 11 05:53:25 2021 -> ClamAV update process started at Thu Nov 11 05:53:25 2021
Thu Nov 11 05:53:26 2021 -> ^Your ClamAV installation is OUTDATED!
Thu Nov 11 05:53:26 2021 -> ^Local version: 0.102.4 Recommended version: 0.103.4
Thu Nov 11 05:53:26 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Thu Nov 11 05:53:26 2021 -> daily database available for update (local version: 26349, remote version: 26350)
Thu Nov 11 05:53:28 2021 -> Testing database: '/var/lib/clamav/tmp.da8a6/clamav-657c926e1e7e31ed3ddaa24ef0748942.tmp-daily.cld' ...
Thu Nov 11 05:53:33 2021 -> Database test passed.
Thu Nov 11 05:53:33 2021 -> daily.cld updated (version: 26350, sigs: 1943487, f-level: 90, builder: raynman)
Thu Nov 11 05:53:34 2021 -> main.cld database is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Thu Nov 11 05:53:34 2021 -> bytecode.cld database is up to date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

  • 2 weeks later...
Quote

 

2021-11-23T21:30:18+00:00 ClamAV process starting

Updating ClamAV scan DB
ERROR: Can't create freshclam.dat in /var/lib/clamav
ERROR: Failed to save freshclam.dat!
WARNING: Failed to create a new freshclam.dat!
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
Hint: The database directory must be writable for UID 100 or GID 101


An error occurred (freshclam returned with exit code '2')

Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. 

  • Author
4 hours ago, neverendingtech said:

Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. 

Wherever you're mounting those directories, you do not have access.

If you've not mounted those directories, then your docker.img file is full. 

On 11/23/2021 at 10:41 PM, neverendingtech said:

Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. 

I'm getting the same error and am confused about what I need to do...

On 11/24/2021 at 3:11 AM, neverendingtech said:

Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. 

Can you check the config for appdata mount?

i also had the issue, but my app data was configured like this (default value)
/mnt/cache/appdata/claimav

However this is supposed to be from the user shares.

Update the path to 

/mnt/user/appdata/clamav

 

or choose appdata folder manually, rather than using the default value.
 

1 hour ago, NotYourAverageDev said:

Can you check the config for appdata mount?

i also had the issue, but my app data was configured like this (default value)
/mnt/cache/appdata/claimav

However this is supposed to be from the user shares.

Update the path to 

/mnt/user/appdata/clamav

 

or choose appdata folder manually, rather than using the default value.
 

I had changed that, but for some reason it still created the  appdata/clamav folder with the wrong permissions. (rwx r-x r-x, which incidentally is the same as for my resilio and avidemux dockers, without any issues).

 

I manually created the appdata/clamav folder via Windows Explorer and now it works just fine. Thanks for the hint though!

I'm having the same permissions issue deploying this container with unraid version 6.10.0-rc2

 

The only solution I've found so far is changing /mnt/user/appdata/clamav to 777

 

2021-12-02T22:10:35+00:00 ClamAV process starting

Updating ClamAV scan DB
ERROR: Can't create freshclam.dat in /var/lib/clamav
ERROR: Failed to save freshclam.dat!
WARNING: Failed to create a new freshclam.dat!
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
Hint: The database directory must be writable for UID 100 or GID 101
An error occurred (freshclam returned with exit code '2')

 

Mappings:

/var/lib/clamav   <->   /mnt/user/appdata/clamav
/scan   <->   /mnt/user

 

USER_ID & GROUP_ID are set to 99/100

 

root@darktower:~# stat /mnt/user/appdata/clamav
  File: /mnt/user/appdata/clamav
  Size: 0         	Blocks: 0          IO Block: 4096   directory
Device: 0,51	Inode: 13792273858936362  Links: 1
Access: (0755/drwxr-xr-x)  Uid: (   99/  nobody)   Gid: (  100/   users)
Access: 2021-12-02 16:10:03.832225925 -0600
Modify: 2021-12-02 16:10:03.832225925 -0600
Change: 2021-12-02 16:10:03.832225925 -0600


 

Edited by ceddybu

Hi,

has someone an idea how to get notice of errors or a found virus without checking the log manually each time?

3 minutes ago, jeuser said:

Hi,

has someone an idea how to get notice of errors or a found virus without checking the log manually each time?

I'm using one of the scripts in this thread, gives me notifications, which are handled by the default unraid notifications, however you have them set up.

  • Author
1 hour ago, Sayuuk said:

I'm using one of the scripts in this thread, gives me notifications, which are handled by the default unraid notifications, however you have them set up.

Precisely. Squid posted a script that I linked in the original post.

OK, I used an infected testfile but I get no notification.

 

ClamAV 0.103.3/26373/Sat Dec 4 09:32:50 2021

Scanning /scan

LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached
LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached
LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached
LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached
/scan/data/2_read/.sync/Archive/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND
/scan/data/2_read/eicar.com: Win.Test.EICAR_HDB-1 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 8581021
Engine version: 0.103.3
Scanned directories: 32429
Scanned files: 133491
Infected files: 2
Data scanned: 95934.23 MB
Data read: 2209284.16 MB (ratio 0.04:1)
Time: 15151.955 sec (252 m 31 s)
Start Date: 2021:12:04 17:50:13
End Date: 2021:12:04 22:02:45

 

Bildschirmfoto 2021-12-05 um 00.26.37.png

Hi,

is it only me with and my setup is wrong?

Do you get a notice when ClamAV detects a virus?

On 10/18/2021 at 5:50 PM, Helediron said:

Hi, script parameter and container parameter customisation sshould be enough.

 

ClamAV scans whatever it finds in the Docker container's internal /scan folder, which usually is mapped to external folder /mnt/user. If you change that container parameter to e.g. /mnt/cache (assuming "standard" naming), then you can direct the container to scan the cache.

 

Now, if you want to scan the cache completely, you don't need my script. Just point the container to the cache as above and run the container. This one-liner starts the scan:

  docker start ClamAV

Put that into a user script, schedule it daily and you're done.

 

 

If you want the folder selection or those fancy notifications, then continue. ->

 

To modify the script, there are more parameters in the script to customise. Find this block:

#Technical parameters
# name of the container.
CONTAINER=ClamAV
# Location of ClamAV application data folder in Unraid host. 
# Must match with container parameter "ClamAV Signatures:"
HOSTAPPDATA=/mnt/user/appdata/clamav
# Location of scanned directory. 
# Must match with container parameter "Folder to Scan:"
HOSTSCANDIR=/mnt/user
...

and customize the script too. The script parameter HOSTSCANDIR must match with the container parameter.  Change "HOSTSCANDIR=/mnt/user" to "HOSTSCANDIR=/mnt/cache".

 

Put into FOLDERSDAILY and FOLDERSWEEKLY directories right under /mnt/cache, e.g. FOLDERSDAILY="domains isos" .

 

If you want to run both user shares and directories under cache, it's getting more complex. There are two options:

  1. If you want to scan both /mnt/cache and /mnt/user completely, then set the scan point to /mnt and set FOLDERSDAILY and FOLDERSWEEKLY to "cache user" . We just moved here one step higher in folder hierarchy.
  2. If you want to scan subsets in both, then you have to duplicate the ClamAV container and script and customise them independently. In the second script you have to change CONTAINER and HOSTAPPDATA to match the second container. (Actually i don't yet know how that's done in Unraid, i'm Unraid noob).

The script prints some debugging info. You'll see that if you run the script interactively with User Script plugin. It verifies that the folders actually exist and prints what it finds and finds not. If the scan takes long time, you can safely stop the script, but remember to stop the ClamAV container too.

Is it possible to use share names with spaces in the name, I tried messing with the script but I wasn't able figure out how to do this.  Any help is appreciated!

Can someone tell me if the ClamAV container is impacted by the Log4j vulnerability?

  • 2 weeks later...
  • Author

No vulns detected.

Updated the images to address the vulns found post-scan.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.