SOLVED clamav with my own script

[ragametal]

I have used clamav for years in a jail on truenas core and over that time i have developed my own script to run the scans and email me a report of the scan. I run this script via cronjob monthly.

On truenas scale my understanding is that we can install clamav from the truecharts catalog and its settings has a cron section where we can set a schedule for the scans.

All that is great but i prefer to run the scans via my script as i would like to receive an email with the results of the scans.

Can this be done? Do any of you know how can i use my own script to run scans with the clamav app in truenas scale?

I don't mind modifying the script but the main limitation i have is that i don't know how to pass a command from the truenas scale host to the clamav kubernetes pod. (I'm not well versed in kubernetes).

 

[LarsR]

your best bet for an answer would be to hit up stavros-k on the truecharts discord. He's the one who created the clamav app for truecharts.

 

[ragametal]

@LarsR I'll try to get some support from truecharts via discord but this question also applies to truenas as IXSystems has an official ClamAV APP as well.

How could i use my own script with the official app?

 

[LarsR]

Stavros-K is also the one who made the official app

Edit: Stravros started to work for iX as an app developer if i'm not mistaken.

 

[ragametal]

Well, i wasn't able to get the answer right away but someone at discord pointed me to the "Heavyguides". I really didn't want to over complicate my setup using the "HeavyScript" but in their webpage they have an example on how to pass a command from the host to an app in truenas scale Command to Container Cron Job .

With this information i was able to modify my clamav script to make it compatible with scale. I saved it in TrueNAS and ran it successfully as a cron Job from the TrueNAS GUI.

I prefer to use my own script because i get an email with a summary at the end of each scan and, as an additional bonus, I was even able to change it to use "clamdscan" instead of "clamscan".

The advantage is that "clamdscan" has a "Mulstican" mode that uses all the available cpu cores. "clamscan", on the other hand, uses a single core. The difference is inmense, my scans went from taking 6 days to complete to 6 HOURS.

I call this issue resolved.

 

[sfatula]

At least the example wasn't using the docker command since it's going away on the next Scale version. Kubectl very useful for doing such things. I suspect more people will be learning about it when they figure out their docker commands no longer work on Cobia.

 

[ragametal]

At least the example wasn't using the docker command since it's going away on the next Scale version. Kubectl very useful for doing such things. I suspect more people will be learning about it when they figure out their docker commands no longer work on Cobia.

That is reassuring because, while I'm comfortable using scripts, I am not well educated in docker and orchestration of pods. I really like to learn to set up something right the first time and forget about it.

 

[IdefixRC]

Well, i wasn't able to get the answer right away but someone at discord pointed me to the "Heavyguides". I really didn't want to over complicate my setup using the "HeavyScript" but in their webpage they have an example on how to pass a command from the host to an app in truenas scale Command to Container Cron Job .

With this information i was able to modify my clamav script to make it compatible with scale. I saved it in TrueNAS and ran it successfully as a cron Job from the TrueNAS GUI.

I prefer to use my own script because i get an email with a summary at the end of each scan and, as an additional bonus, I was even able to change it to use "clamdscan" instead of "clamscan".

The advantage is that "clamdscan" has a "Mulstican" mode that uses all the available cpu cores. "clamscan", on the other hand, uses a single core. The difference is inmense, my scans went from taking 6 days to complete to 6 HOURS.

I call this issue resolved.

Hi there,

I just found this post as I'm trying to get this to work on my side as well.
Cron executes the scan perfectly but I struggle to get the email summary sent.
Would you mind sharing the script you use?

Thanks a lot !

 

[ragametal]

@IdefixRC sure, just keep in mind that I'm not an IT or a programmer by trade so it may not be clear enough. I developed this script over the years, taking bits an pieces from multiple sources.

A couple of observaions:
Make sure to adjust the scanfolder and variables to match your environment. The variables section is almost at the beginning of the script.

I used the "sendmail" command to send out the email report. So, make sure you have set email notifications in Truenas.

This script uses clamdscan by default. If you would like to use clamscan instead just comment the default command and uncomment the one for clamscan.

Also, you may have to play around with the "get_pod" function in this script since it will vary depending on if you installed clamav from truecharts, truenas or the official docker container as a custom app. Right now, it is set for the latter.

Let me know if for some reason the script doesn't work.

Code:

#!/bin/bash
# Script to run the antivirus scan on the indicated
# folder.
# This script is designed to be run by a cronjob as root
# in the Truenas host, not by the app itself.
#
# By: ragametal 11-08-2023
# Based on example found on
# https://heavysetup.info/scripts/cmd_to_container/
#
##########################################################################
# Exit immediately if a command exits with a non-zero status.
set -e

#ignored dependency pods
ignore="mariadb|redis|postgres|memcached|cron|coredns|nvidia|openebs|cnpg"

##########################################################################
# Modify the variables below
# Name of the app that runs clamav
app_name="clamav"

# Command to Container/Pod here:
# assuming the directory to be scanned
# was mapped to /scandir
#command="clamscan -zri /scandir"
command="clamdscan -m -z --fdpass /scandir"

## INTERNAL TEMP VARS ##
TMP_OUTPUT="/PATH/TO/YOUR/LOG/FILE/avscan.log"

# Indicate the email information to be used in the reports
EMAIL_SUBJECT="AV Scan Results"
TO_EMAIL_ADDRESS="YOUREMAILHERE@DOMAIN.COM"

# do not change script below this line
###########################################################################
# Functions called by the script

get_namespace() {
    k3s kubectl get namespaces | awk '{print $1}' | grep -i ^ix-"$1" || echo "Are you sure, you used the right app name?" >&2
}

get_pod() {
##### This is the original command. It only works with apps from truecharts. It DOESN't work with custom apps
#    k3s kubectl get -n "$1" pods --field-selector=status.phase=Running --no-headers | awk '{print $1}' | grep -oE ^"$2-[[:alnum:]]{9,10}-[[:alnum:]]{5}" | grep -iEv "$3" | head -n 1

#This command works with custom apps
    k3s kubectl get -n "$1" pods --field-selector=status.phase=Running --no-headers | awk '{print $1}' | grep -oE ^"$2-ix-chart-[[:alnum:]]{9,10}-[[:alnum:]]{5}" | grep -iEv "$3" | head -n 1
}
###########################################################################
# Main Script

# find namespace of the app
namespace=$(get_namespace "$app_name")
if [ -z "$namespace" ]; then
    echo "Namespace for the app not found. Exiting." >&2
    exit 1
fi

# find pod running the app
pod=$(get_pod "$namespace" "$app_name" "$ignore")
if [ -z "$pod" ]; then
    echo "Pod for the app not found. Exiting." >&2
    exit 1
fi

# create the log file
if [ ! -f $TMP_OUTPUT ]; then
        touch $TMP_OUTPUT
fi

# Log the results
echo 'To: '$TO_EMAIL_ADDRESS                        > $TMP_OUTPUT
echo 'Subject: '$EMAIL_SUBJECT                        >> $TMP_OUTPUT
echo '--------------------------------------------------'         >> $TMP_OUTPUT
echo '--------------------------------------------------'         >> $TMP_OUTPUT
echo 'ClamAV AntiVirus Scan  '$(date)                    >> $TMP_OUTPUT
echo '--------------------------------------------------'         >> $TMP_OUTPUT
echo ''                                 >> $TMP_OUTPUT

#Scan selected folders
k3s kubectl exec -n "$namespace" "$pod" -- $command         >> $TMP_OUTPUT
wait

#Send results via email
sendmail -t -oi < $TMP_OUTPUT
exit 0