ThatTallGuy21 Posted July 28, 2021 Share Posted July 28, 2021 On 7/19/2021 at 4:27 PM, luca2 said: Hi, thx for the docker! I tri3ed -after install- to add: --max-scansize=4000N --max-filesize=4000N but as soon as I press save, the docker disappears. Anyone expiriencieng the same? Rgds Also to note, based on what I read earlier in the thread, it should be 4000"M", not 4000"N". Quote Link to comment
ThatTallGuy21 Posted July 28, 2021 Share Posted July 28, 2021 On 4/18/2021 at 8:32 AM, SmokeyColes said: Great thank you, "Antivirus Scan Started" and the schedule is set in User Scripts. I am a little confused - what is it actually scanning? Every disk in the array or just dockers? Once it finds a file, does it inform you and does it treat it? Thanks Chris I've never created a custom script before and am pretty confused on the formatting. Can you or someone else share your script for getting a virus scan to execute automatically on a schedule via User Scripts? Quote Link to comment
Squid Posted July 28, 2021 Share Posted July 28, 2021 9 hours ago, ThatTallGuy21 said: I've never created a custom script before and am pretty confused on the formatting. Can you or someone else share your script for getting a virus scan to execute automatically on a schedule via User Scripts? The script to use in user scripts is in the OP Quote Link to comment
AmokK Posted September 4, 2021 Share Posted September 4, 2021 Hi everyone ! i'm getting this errors / warnings : Updating ClamAV scan DB ClamAV update process started at Sat Sep 4 08:52:39 2021 WARNING: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN). WARNING: You are still on cool-down until after: 2021-09-04 12:48:27 This means that you have been rate limited by the CDN. 1. Run FreshClam no more than once an hour to check for updates. FreshClam should check DNS first to see if an update is needed. 2. If you have more than 10 hosts on your network attempting to download, it is recommended that you set up a private mirror on your network using cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the CDN and your own network. 3. Please do not open a ticket asking for an exemption from the rate limit, it will not be granted. Freshclam updated the DB ClamAV 0.103.3/26217/Wed Jun 30 11:10:04 2021 Scanning /scan LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** Any idea what the problem could be ? I'm running ClamAV on a monthly basis, nothing more Quote Link to comment
TQ Posted September 5, 2021 Author Share Posted September 5, 2021 16 hours ago, AmokK said: Hi everyone ! i'm getting this errors / warnings : Updating ClamAV scan DB ClamAV update process started at Sat Sep 4 08:52:39 2021 WARNING: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN). WARNING: You are still on cool-down until after: 2021-09-04 12:48:27 This means that you have been rate limited by the CDN. 1. Run FreshClam no more than once an hour to check for updates. FreshClam should check DNS first to see if an update is needed. 2. If you have more than 10 hosts on your network attempting to download, it is recommended that you set up a private mirror on your network using cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the CDN and your own network. 3. Please do not open a ticket asking for an exemption from the rate limit, it will not be granted. Any idea what the problem could be ? I'm running ClamAV on a monthly basis, nothing more You've been rate limited. Are you behind a large NAT? That error indicates rate limited. If you continue to have issues, rebuild the container and try again. If that doesn't work, try manually installing the main db files into a bind mounted dir and see if that works. Quote Link to comment
AmokK Posted September 7, 2021 Share Posted September 7, 2021 (edited) I completely deleted the container including appdata folder, rebuilt it, no problems now. Not being behind a large NAT by the way, just my personal home connection. Thanks for your help @TQ Edited September 7, 2021 by AmokK typo error Quote Link to comment
Helediron Posted October 11, 2021 Share Posted October 11, 2021 (edited) Thank you @TQ for this. EDIT 2024-01-14: please see updated version here: I wrote another user script to start and control the scanning. With it you can select which shares to scan. The script can be scheduled. You can select one day in a week when the script runs another set of shares. The intention is to scan a small set daily and then a full scan once per week, and and completely avoid scanning some shares. Some snippets as a sample: # Edit these parameters: # List of Unraid shares to scan under /mnt/user. Check YOUR Unraid "Shares" tab. # Put a space between each share name. FOLDERSDAILY="incoming shared" FOLDERSWEEKLY="isos incoming shared backups myverybigshare" # Select which day is weekly scan day (1=mon, 7=sun). WEEKLYDAY=2 The script writes the target directories into a parameter file. # Switch to advanced mode (click basic mode at top right) and change # "Post parameters" to "-i -f /var/lib/clamav/clamavtargets.txt". # This tells the scanner to use a target list in a file instead of # scanning every Unraid share. This is the only required change to the container definition. The user script writes the parameter file and runs the container. Full script is here: https://github.com/Helediron/unraid-dailyclamavscan Credits to @Squid for the original script, on which this is based. Edited January 14 by Helediron Endorsing another user's updates Quote Link to comment
rbronco21 Posted October 18, 2021 Share Posted October 18, 2021 On 10/11/2021 at 12:11 PM, Helediron said: I wrote another user script to start and control the scanning. With it you can select which shares to scan. The script can be scheduled. You can select one day in a week when the script runs another set of shares. The intention is to scan a small set daily and then a full scan once per week, and and completely avoid scanning some shares. Thanks Helediron. Can I do a daily scan of cache without making huge changes to the script? Quote Link to comment
Helediron Posted October 18, 2021 Share Posted October 18, 2021 (edited) 5 hours ago, rbronco21 said: Thanks Helediron. Can I do a daily scan of cache without making huge changes to the script? Hi, script parameter and container parameter customisation sshould be enough. ClamAV scans whatever it finds in the Docker container's internal /scan folder, which usually is mapped to external folder /mnt/user. If you change that container parameter to e.g. /mnt/cache (assuming "standard" naming), then you can direct the container to scan the cache. Now, if you want to scan the cache completely, you don't need my script. Just point the container to the cache as above and run the container. This one-liner starts the scan: docker start ClamAV Put that into a user script, schedule it daily and you're done. If you want the folder selection or those fancy notifications, then continue. -> To modify the script, there are more parameters in the script to customise. Find this block: #Technical parameters # name of the container. CONTAINER=ClamAV # Location of ClamAV application data folder in Unraid host. # Must match with container parameter "ClamAV Signatures:" HOSTAPPDATA=/mnt/user/appdata/clamav # Location of scanned directory. # Must match with container parameter "Folder to Scan:" HOSTSCANDIR=/mnt/user ... and customize the script too. The script parameter HOSTSCANDIR must match with the container parameter. Change "HOSTSCANDIR=/mnt/user" to "HOSTSCANDIR=/mnt/cache". Put into FOLDERSDAILY and FOLDERSWEEKLY directories right under /mnt/cache, e.g. FOLDERSDAILY="domains isos" . If you want to run both user shares and directories under cache, it's getting more complex. There are two options: If you want to scan both /mnt/cache and /mnt/user completely, then set the scan point to /mnt and set FOLDERSDAILY and FOLDERSWEEKLY to "cache user" . We just moved here one step higher in folder hierarchy. If you want to scan subsets in both, then you have to duplicate the ClamAV container and script and customise them independently. In the second script you have to change CONTAINER and HOSTAPPDATA to match the second container. (Actually i don't yet know how that's done in Unraid, i'm Unraid noob). The script prints some debugging info. You'll see that if you run the script interactively with User Script plugin. It verifies that the folders actually exist and prints what it finds and finds not. If the scan takes long time, you can safely stop the script, but remember to stop the ClamAV container too. Edited October 18, 2021 by Helediron Quote Link to comment
svh1985 Posted November 7, 2021 Share Posted November 7, 2021 I just started a 2nd scan after two months, and the notify script still picks up the previous infection (a file that I since removed) from the ClamAV docker logs, so I still get an FOUND message. Anyone else seeing this? Quote Link to comment
Aceriz Posted November 11, 2021 Share Posted November 11, 2021 Hoping someone might be able to help me out with a part of my setup. I have the ClamAv from https://hub.docker.com/r/mkodockx/docker-clamav setup so that I can run this as an active daemon scanner for Nextcloud which I got working But I note the below error I am not sure how I would go about changing things to not hit the time limit.. for the database test. Below is the error log that I have. Thu Nov 11 05:53:25 2021 -> ClamAV update process started at Thu Nov 11 05:53:25 2021 Thu Nov 11 05:53:26 2021 -> ^Your ClamAV installation is OUTDATED! Thu Nov 11 05:53:26 2021 -> ^Local version: 0.102.4 Recommended version: 0.103.4 Thu Nov 11 05:53:26 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Thu Nov 11 05:53:26 2021 -> daily database available for update (local version: 26349, remote version: 26350) Thu Nov 11 05:53:28 2021 -> Testing database: '/var/lib/clamav/tmp.da8a6/clamav-657c926e1e7e31ed3ddaa24ef0748942.tmp-daily.cld' ... Thu Nov 11 05:53:33 2021 -> Database test passed. Thu Nov 11 05:53:33 2021 -> daily.cld updated (version: 26350, sigs: 1943487, f-level: 90, builder: raynman) Thu Nov 11 05:53:34 2021 -> main.cld database is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Thu Nov 11 05:53:34 2021 -> bytecode.cld database is up to date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Quote Link to comment
neverendingtech Posted November 23, 2021 Share Posted November 23, 2021 Quote 2021-11-23T21:30:18+00:00 ClamAV process starting Updating ClamAV scan DB ERROR: Can't create freshclam.dat in /var/lib/clamav ERROR: Failed to save freshclam.dat! WARNING: Failed to create a new freshclam.dat! ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. Quote Link to comment
TQ Posted November 24, 2021 Author Share Posted November 24, 2021 4 hours ago, neverendingtech said: Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. Wherever you're mounting those directories, you do not have access. If you've not mounted those directories, then your docker.img file is full. Quote Link to comment
Sayuuk Posted November 28, 2021 Share Posted November 28, 2021 On 11/23/2021 at 10:41 PM, neverendingtech said: Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. I'm getting the same error and am confused about what I need to do... Quote Link to comment
NotYourAverageDev Posted November 30, 2021 Share Posted November 30, 2021 On 11/24/2021 at 3:11 AM, neverendingtech said: Getting the error above using the latest version from the CA on Unraid 6.10 RC2. I specified the UID/GID as 99/100 in the settings. Can you check the config for appdata mount? i also had the issue, but my app data was configured like this (default value) /mnt/cache/appdata/claimav However this is supposed to be from the user shares. Update the path to /mnt/user/appdata/clamav or choose appdata folder manually, rather than using the default value. Quote Link to comment
Sayuuk Posted November 30, 2021 Share Posted November 30, 2021 1 hour ago, NotYourAverageDev said: Can you check the config for appdata mount? i also had the issue, but my app data was configured like this (default value) /mnt/cache/appdata/claimav However this is supposed to be from the user shares. Update the path to /mnt/user/appdata/clamav or choose appdata folder manually, rather than using the default value. I had changed that, but for some reason it still created the appdata/clamav folder with the wrong permissions. (rwx r-x r-x, which incidentally is the same as for my resilio and avidemux dockers, without any issues). I manually created the appdata/clamav folder via Windows Explorer and now it works just fine. Thanks for the hint though! Quote Link to comment
coreylane Posted December 2, 2021 Share Posted December 2, 2021 (edited) I'm having the same permissions issue deploying this container with unraid version 6.10.0-rc2 The only solution I've found so far is changing /mnt/user/appdata/clamav to 777 2021-12-02T22:10:35+00:00 ClamAV process starting Updating ClamAV scan DB ERROR: Can't create freshclam.dat in /var/lib/clamav ERROR: Failed to save freshclam.dat! WARNING: Failed to create a new freshclam.dat! ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') Mappings: /var/lib/clamav <-> /mnt/user/appdata/clamav /scan <-> /mnt/user USER_ID & GROUP_ID are set to 99/100 root@darktower:~# stat /mnt/user/appdata/clamav File: /mnt/user/appdata/clamav Size: 0 Blocks: 0 IO Block: 4096 directory Device: 0,51 Inode: 13792273858936362 Links: 1 Access: (0755/drwxr-xr-x) Uid: ( 99/ nobody) Gid: ( 100/ users) Access: 2021-12-02 16:10:03.832225925 -0600 Modify: 2021-12-02 16:10:03.832225925 -0600 Change: 2021-12-02 16:10:03.832225925 -0600 Edited December 2, 2021 by ceddybu Quote Link to comment
jeuser Posted December 4, 2021 Share Posted December 4, 2021 Hi, has someone an idea how to get notice of errors or a found virus without checking the log manually each time? Quote Link to comment
Sayuuk Posted December 4, 2021 Share Posted December 4, 2021 3 minutes ago, jeuser said: Hi, has someone an idea how to get notice of errors or a found virus without checking the log manually each time? I'm using one of the scripts in this thread, gives me notifications, which are handled by the default unraid notifications, however you have them set up. 1 Quote Link to comment
TQ Posted December 4, 2021 Author Share Posted December 4, 2021 1 hour ago, Sayuuk said: I'm using one of the scripts in this thread, gives me notifications, which are handled by the default unraid notifications, however you have them set up. Precisely. Squid posted a script that I linked in the original post. 1 Quote Link to comment
jeuser Posted December 4, 2021 Share Posted December 4, 2021 OK, I used an infected testfile but I get no notification. ClamAV 0.103.3/26373/Sat Dec 4 09:32:50 2021 Scanning /scan LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes LibClamAV Warning: Bytecode 78 failed to run: CL_ETIMEOUT: Time limit reached /scan/data/2_read/.sync/Archive/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND /scan/data/2_read/eicar.com: Win.Test.EICAR_HDB-1 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 8581021 Engine version: 0.103.3 Scanned directories: 32429 Scanned files: 133491 Infected files: 2 Data scanned: 95934.23 MB Data read: 2209284.16 MB (ratio 0.04:1) Time: 15151.955 sec (252 m 31 s) Start Date: 2021:12:04 17:50:13 End Date: 2021:12:04 22:02:45 Quote Link to comment
jeuser Posted December 12, 2021 Share Posted December 12, 2021 Hi, is it only me with and my setup is wrong? Do you get a notice when ClamAV detects a virus? Quote Link to comment
Johann Posted December 13, 2021 Share Posted December 13, 2021 On 10/18/2021 at 5:50 PM, Helediron said: Hi, script parameter and container parameter customisation sshould be enough. ClamAV scans whatever it finds in the Docker container's internal /scan folder, which usually is mapped to external folder /mnt/user. If you change that container parameter to e.g. /mnt/cache (assuming "standard" naming), then you can direct the container to scan the cache. Now, if you want to scan the cache completely, you don't need my script. Just point the container to the cache as above and run the container. This one-liner starts the scan: docker start ClamAV Put that into a user script, schedule it daily and you're done. If you want the folder selection or those fancy notifications, then continue. -> To modify the script, there are more parameters in the script to customise. Find this block: #Technical parameters # name of the container. CONTAINER=ClamAV # Location of ClamAV application data folder in Unraid host. # Must match with container parameter "ClamAV Signatures:" HOSTAPPDATA=/mnt/user/appdata/clamav # Location of scanned directory. # Must match with container parameter "Folder to Scan:" HOSTSCANDIR=/mnt/user ... and customize the script too. The script parameter HOSTSCANDIR must match with the container parameter. Change "HOSTSCANDIR=/mnt/user" to "HOSTSCANDIR=/mnt/cache". Put into FOLDERSDAILY and FOLDERSWEEKLY directories right under /mnt/cache, e.g. FOLDERSDAILY="domains isos" . If you want to run both user shares and directories under cache, it's getting more complex. There are two options: If you want to scan both /mnt/cache and /mnt/user completely, then set the scan point to /mnt and set FOLDERSDAILY and FOLDERSWEEKLY to "cache user" . We just moved here one step higher in folder hierarchy. If you want to scan subsets in both, then you have to duplicate the ClamAV container and script and customise them independently. In the second script you have to change CONTAINER and HOSTAPPDATA to match the second container. (Actually i don't yet know how that's done in Unraid, i'm Unraid noob). The script prints some debugging info. You'll see that if you run the script interactively with User Script plugin. It verifies that the folders actually exist and prints what it finds and finds not. If the scan takes long time, you can safely stop the script, but remember to stop the ClamAV container too. Is it possible to use share names with spaces in the name, I tried messing with the script but I wasn't able figure out how to do this. Any help is appreciated! Quote Link to comment
ThatTallGuy21 Posted December 20, 2021 Share Posted December 20, 2021 Can someone tell me if the ClamAV container is impacted by the Log4j vulnerability? Quote Link to comment
TQ Posted December 29, 2021 Author Share Posted December 29, 2021 No vulns detected. Updated the images to address the vulns found post-scan. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.