Note: Best place to get the latest scripts is via GitHub https://github.com/jaburt/

Hi All, I've noticed a few posts about whether you should do an anti-virus scan on you NAS files, and thought I look into seeing how easy/hard it was to do.

One advantage to doing this is that your files are scanned by a different anti-virus product than what you have installed on your desktops (assuming you are not using ClamAV on your PC!). This is good practice within IT, i.e. having a 2nd-line anti-virus scanner (on servers) which is different than the one on your desktops.

Step 1 (editing the script)
There are four user-defined fields within the script. If you are using iocage, and are happy for the email to go to root and using the jail name ClamAV; then there is no need to edit any of them. Otherwise edit as per the notes in that section of the script.

Step 2 (creating Jail)
Create a new Jail called "ClamAV", either via the UI or as a command:

iocage create -n ClamAV ip4_addr="vnet0|192.168.0.105/24" -r 11.2-RELEASE vnet="on" allow.raw_sockets=”1” defaultrouter="192.168.0.1”

This will create an iocage Jail with the name (-n ClamAV), a static IPv4 address on a virtual network card (ip4_addr=vnet0|192.168.0.105/24), the release of FreeBSD as the base O/S for the Jail (-r 11.2-RELEASE), enabling the virtual network card (vnet=”on”), enabling Raw Sockets (allow.raw_sockets=”1”), and finally setting the default router IP address (defaultrouter=192.168.0.1”).

You now want to start the new Jail and set it to auto start on boot, either via the UI or by using the following commands:

iocage start ClamAV
iocage set boot=on ClamAV

Step 3 (installing ClamAV)
Open a Shell window to the new Jail ( iocage console ClamAV) and run the following commands:

pkg update && pkg upgrade -y
portsnap fetch
portsnap extract
cd /usr/ports/ports-mgmt/portmaster
make install clean
cd /usr/ports/security/clamav
make install clean
exit

Note: You are installing portmaster first, as this is a great tool for managing future updates to your ClamAV installation (see Step 7).

Step 4 (configuring freshclam)
You can now configure freshclam, freshclam needs to be configured to run as a daemon (i.e. always running within the Jail), to automate definition updates, based on the amount of updates you want to do each day (default is 12 updates/day):

iocage console ClamAV
freshclam
touch /var/log/clamav/freshclam.log
chmod 600 /var/log/clamav/freshclam.log
chown clamav /var/log/clamav/freshclam.log

You now need to edit the freshclam.conf file, which should be found at /usr/local/etc/freshclam.conf. You will want to edit/check the following options:

Location of freshclam.log file:
UpdateLogFile /var/log/clamav/freshclam.log
Number of checks (for updates) per day (default is 12):
Checks amount

You now need to start freshclam as a daemon service, and then exit and stop the Jail by typing the following commands (this only needs to be done once):

sysrc clamav_freshclam_enable="YES"
freshclam -d
exit
iocage stop ClamAV

Step 5 (adding storage)
Using the Add Storage feature of Jails, add all the Windows shares that you have files on which you wish to scan. I suggest their destination location is under /mnt. Ensure you tick the boxes for Read Only and Create directory.

I recommend you mount them into the /mnt directory and use the same naming scheme as your datasets (makes it easier to remember), for example:



Once you have configured your mounts you will need to start the Jail again:

iocage start ClamAV

Step 6 (Setup a Tasks -> Cron Jobs on the FreeNAS server)
Run this script with the scan location as a parameter, i.e. run_clamav_scan.sh "scan target". This script does some error checking and then runs the scan - an email will be sent upon completion. You can configure multiple scans with different scan locations and start times based on your needs. The script can now be run concurrently as many times as you need!

Step 7 (updating ClamAV)
Over time new versions of ClamAV will be released and you will want to upgrade to them. You will see a notification that ClamAV is out-of-date in the email you receive via the scripts above.

To update the ClamAV installation you use the following commands:

iocage console ClamAV
portsnap fetch
portsnap update
portmaster -a
exit


The command portmaster -a will update all outdated ports within the Jail. If you wish to see which ports would be updated then you can use the command portmaster -L.

Once you have finished updating the Jail, don’t forget to exit it and then restart the Jail. A soft restart is recommended, and this can be done by using iocage restart -s ClamAV.

Please Note: VNET/VIMAGE can cause unexpected system crashes when VNET enabled jails are destroyed. In other words, when the jail process is killed, removed, or stopped. As a workaround, iocage allows a soft restart without destroying the jail.

Further details can be found at: https://iocage.readthedocs.io/en/latest/known-issues.html

Thats it!
When it completes you should receive an email stating the start/end times of the scan, a summary of results, and a list of files which ClamAV has found which could be suspicious.

I say "could be", as you can always get false-positives with anti-virus scanners, but at least this way you can make a decision on what to do with the file.

I hope this makes sense. If you found this resource useful (or not) I would be grateful if you could feedback using the rating system!

Jonathan

Edits
07-Aug-2017: Added in message about clamd warning.
23-Mar-2019: Updated 2nd script to take into account iocage Jails. (Use the scripts from github)
15-Oct-2019: Updated to use Ports for install (as recommended by ClamAV), as well as iocage.
29-Mar-202: Updated completely due to script rewrite.