[HOW TO] Install ClamAV on FreeNAS v11

[HOW TO] Install ClamAV on FreeNAS v11 v11.0-U2

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
Hazimil submitted a new resource:

[HOW TO] Install ClamAV on FreeNAS v11 - How to install ClamAV on FreeNAS v11 to do a scan of windows shares.

Hi All, I've noticed a few posts about whether you should do an anti-virus scan on you NAS files, and thought I look into seeing how easy/hard it was to do.

One advantage to doing this is that your files are scanned by a different anti-virus product than what you have installed on your desktops (assuming you are not using ClamAV on your PC!). This is good practice within IT, i.e. having a 2nd-line anti-virus scanner (on servers) which is different than the one on your desktops.

So how do...

Read more about this resource...
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
Really nice tutorial however I've updated your second script because 11.2 are now using iocage jails

***Please be aware than when using this script you need to be mindful of changing the directory locations and files which are applicable to your locations. This script is also applicable to those jails created with iocage (not warden or any other means).

This is the second script (run_clamav_scan.sh):
Code:
#!/bin/sh

### Execute a shall script on the ClamAV jail, which updates the Anti-Virus definations and then runs a scan ###

## Define the location where the "scanav.sh" shell script is located on the jail:
scriptlocation="/mnt/sysadmin/scripts/"

## Execute the script ##
iocage exec clamav "$scriptlocation"scanav.sh

## email the log ##
sendmail -t < /mnt/tank/iocage/jails/clamav/root/tmp/clamavemail.tmp

## Delete the log file ##
rm /mnt/tank/iocage/jails/clamav/root/tmp/clamavemail.tmp

 

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
I have now updated the 2nd script (in the resource) to cover both warden and iocage Jails. Updated scripts are on github.
 
Last edited:

Mr. Slumber

Contributor
Joined
Mar 10, 2019
Messages
182
thank you! :)
 

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
NOTE: I've done more research, and noticed that we should really be using ports and not pkg for installing ClamAV. Am looking into this more indepth, and may need to update this accordingly.

Watch this space....

Jonathan
 

cozd74

Dabbler
Joined
May 31, 2018
Messages
45
running the avscan.sh file the antivirus reports the following error: "Can't access the file"

my scanlocation="/mnt/myVolume/backup" #my backup windows files
my scriptlocation="mnt/myVolume/myScript" #contain avscan.sh and run_clamav_scan.sh

my iocage folder is in "/mnt/iocage"

my source folder jail = "/mnt/myVolume"
my destination folder jail= "/mnt/" under clamav "root"

help!
thanks
D.
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
Hey thanks again for the support however I'm having some issues with Clamscan -- and I believe its a memory link. I run clamscan once a week -- full system scan using your script triggered by cron job. The clamscan takes about 2-3 days to actually complete. On about the 3rd or 4th run of the scan, I'll keep receiving messages that I have no available swap space. I run your scripts within iocage jail and the system has 64 Gb of ram with 2048 Mib of RAM allocated to 3 VM's -- so in theory I have plenty of RAM available. When the I receive the error about lack of swapspace the entire FreeNAS system is brought to its knees -- I have to reboot via the BMC since the machine is totally not responsive. I can't access logs or htop since system is effectively frozen. With google fu I've seen problems with memory leaks with ClamAV however honestly these reports are from the 2014-2017 era so I'm not sure if they are relevant, but by what is described its very similar behavior. In the cases I've read, all the repliers told original posters to purchase more RAM -- however in this case I have 64GB of total RAM and so this recommendation isn't really applicable. Is there anything I should be doing or researching at this point. Because of the memory leak clamscan really isn't a valuable tool.
 

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
@KevDog, to be honest I have no idea. Is your Jail up-to-date? And is Clam-AV up-to-date? That's all I can think.

Sorry
Jonathan
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
@KevDog, to be honest I have no idea. Is your Jail up-to-date? And is Clam-AV up-to-date? That's all I can think.

Sorry
Jonathan

Yea everything is up to date. I doubt its the problem but I installed ClamAV from pkg and not from ports, however I don't see this as the possible problem. I'll look further. There is no doubt a memory link somewhere. When I was setting up my zpool I don't remember actually designating any of the pool space as swap. I have a l2arc, however I dont think this is swap either.
 

eldo

Explorer
Joined
Dec 18, 2014
Messages
99
https://www.ixsystems.com/documentation/freenas/11.2-U4.1/storage.html#swap-space

Swap is handled by FreeNAS autonomously. You would not have created any swap space.
Swap space is allocated when drives are partitioned before being added to a vdev. A 2 GiB partition for swap space is created on each data drive by default.

Relatively recently, swap went to mirrored pairs across discs, halving the swap space size. I think I found this out when I upgraded from 9.3 to 11.1.
 

jtoninger

Dabbler
Joined
Aug 29, 2018
Messages
13
How does this process compare to installing ClamAV using the pre-built plugin in FreeNAS 11.2? Is that what you are referring to when you say "Ports"?

Anyhow is seems as though the plugin already enables clamd, which leaves me in a bit of no-mans land between this method and what the plugin does.

Is there a reason not to use clamd?

In any case I'm just a bit confused here. I'd like to use the plugin based install but I cannot really find any details on how to make it work properly.
 

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
Hi,

Generally if you can install your own jail instead of a plugin its better, as you then have more control over the install.

Also, the Clam plugin only arrived in v11.2, and I was using this setup in 11.1.

I don't use Clamd service, as I'm only using Clam as an on-demand scanner, and had no need for a always on service (unsure how that would affect performance), so didn't set it up.

You can install packages at the CLI via the commands pkg or ports, the Clam website tells you to use ports for FreeBSD (this reminds me I need to update this for ports) - I don't know how the plugin is setup or configured.

Hope this helps?

Jonathan
 

jtoninger

Dabbler
Joined
Aug 29, 2018
Messages
13
Hi

Thanks for the reply! If nothing else I now have much more clarity about the scope of this guide and why things did not seem to be aligning for me.

I appreciate the insight.

Cheers!
 

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
I have done an update to the script today. Have corrected the install process to use Ports instead of PKG (as recommended by ClamAV) and also tweaked it for using on iocage Jails.

Jonathan
 

appliance

Explorer
Joined
Nov 6, 2019
Messages
96
thanks for the guide. i was surprised that after installing clamav, it does exactly nothing:) so i tried it this way. never got any email until i removed ContentType from email template, otherwise:
/middlewared[76]: Failed to send email to xxx: string payload expected: <class 'list'>
 

admoin

Cadet
Joined
Feb 5, 2020
Messages
2
Hi there from D!
Thanks for the Script.
After i tried some hours i found the first problem:

sh -x code.sh

i got some errors "not found" - and i saw a "\r"

HOLD ON !! google it :D

>> my fault: i had used my Putty and copy paste the code from raw.... *FAIL* Windows insert the return-code
now it works.

My Problem now is: sendmail don't send the tmp-file. I tried it manually, but nothing happen.
sendmail root and CTRL D is working fine...
Ideas or solutions?

cheers
Andre
 

ghostwolf59

Contributor
Joined
Mar 2, 2013
Messages
165
Got this to work apart from email never being sent!
When checking the mail queue the following is thrown back
Code:
root@freenas[~]# mailq
mailwrapper: no mapping in /etc/mail/mailer.conf


Not sure if I need to configure mail on server level?

Command I use within the script is...
Code:
sendmail -t < /mnt/JailSSD/iocage/jails/clamav/root/tmp/clamavemail.tmp


the mail log show this...
Code:
Mar  2 17:00:51 freenas /middlewared[77]: Failed to send email to spap@iinet.net.au: string payload expected: <class 'list'>


I also noticed permission issues on folder and files not owned by root - Individual users own their own storage and even though files and folders have read/execute for content, the mapped folders are empty on the mapped folders
 

ghostwolf59

Contributor
Joined
Mar 2, 2013
Messages
165
Got this to work apart from email never being sent!
When checking the mail queue the following is thrown back
Code:
root@freenas[~]# mailq
mailwrapper: no mapping in /etc/mail/mailer.conf


Not sure if I need to configure mail on server level?

Command I use within the script is...
Code:
sendmail -t < /mnt/JailSSD/iocage/jails/clamav/root/tmp/clamavemail.tmp


the mail log show this...
Code:
Mar  2 17:00:51 freenas /middlewared[77]: Failed to send email to spap@iinet.net.au: string payload expected: <class 'list'>


I also noticed permission issues on folder and files not owned by root - Individual users own their own storage and even though files and folders have read/execute for content, the mapped folders are empty on the mapped folders

Update:
Turns out that 11.3 have mail issues - mail is sent once I remove the echo "Content-Type: text/html" from the script.
Seem to be an issue with the rollout of 11.3.

Permission is an issue though - if a top folder allow access but subfolder dont, then nothing will be shown.
By mapping individual supfolders then it show - Weird.
As part of this I ended up passing folder parameters in with the script - works fine

I modded these script to allow for concurrent processes as well cut down on the overhead of updating the virus definition for each run.
Virus db will only be updated once per 24 hour cycle
Also handle folder names containing spaces when passing scan target parameter

Cron task:
Code:
/mnt/JailSSD/apps/clamav/run_clamav_scan.sh "folder target name with spaces if needed as long its surrounded by quotes"


Note the top folder needs to be defined within the jail


avscan.sh
Code:
#!/bin/sh

### Notes ###
## Shell scripts to update the ClamAV definations, then run a scan and prepare an email template ##
## This script is called from a master script running as a cron job on the FreeNAS server ##
## Master script is: run_clamav_scan.sh  ##
##
## Instructions: ##
## 1) To use this you need to create a Jail called "ClamAV" ##
## 2) Open a Shall to the jail and then run: "pkg update" ##
## 3) The run: "pkg install clamav" ##
## 4) You can then "exit" the Jail ##
## 5) Add the windows shares you wish to scan by using the Jail Add Storage feature ##
## 5a) Add the shares to same location you use in the variable: "scanlocation" ##
## 6) Setp a cronjob on the FreeNAS server to run a shell script on the FreeNAS server: "run_clamav_scan.sh" ##
## 7) The shell script "run_clamav_scan.sh" then connects to the Jail and runs this script. ##
## 8) Once finished, the "run_clamav_scan.sh" script emails a log to the email entered in the variable: "to_email" ##
##
## https://www.clamav.net/ ##
## ClamAV® is an open source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, ##
## and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command ##
## line scanner and an advanced tool for automatic database updates. ##

pid=${1}
#echo "pid argument ${pid}"

targetdir=${2}
#targetdir=${@}
#echo "targetdir ${targetdir}"

## Top directory of the files/directories you wish to scan, i.e. the "Jail Add Storage" locations ##
scanlocation="/scantarget/${targetdir}"


### Parameters ###
## email address ##
to_email="your@email"address"

NOW=$(date "+%Y%m%d")
### Only Update anti-virus definations once per day identified by date ###
## Look for existing freshcalm.log for todays date - if found, ignore updating the virus def
## If NOT found, clean up any old freshclam-*.log files stored on the system and re-created it along with fresh virus def
file="/var/log/clamav/freshclam-${NOW}.log"
if [ ! -f "$file" ]
then
    echo "$0: File '${file}' not found."
    ## Clean up old clam files and create a fresh up to date version
    f=0
    for file in /var/log/clamav/freshclam*.log
    do
        if [ -f "$file" ]
        then
            rm -f $file
            ((f++))
        fi
    done
    echo "number of files removed: $f"
    echo "creating a new freshclam"
    freshclam -l /var/log/clamav/freshclam-${NOW}.log
fi  
#freshclam -l /var/log/clamav/freshclam${pid}.log
### End ###

echo "scan starting targetting ${scanlocation}"

### Run the anti-virus scan uniquely identified by pid ###
started=$(date "+ClamAV Scan started at: %Y-%m-%d %H:%M:%S")
clamscan -i -r -l /var/log/clamav/clamscan${pid}.log "${scanlocation}"
finished=$(date "+ClamAV Scan finished at: %Y-%m-%d %H:%M:%S")
### End ###

### prepare the email - pid makes the file unique ###
## Set email headers ##
(
    echo "To: ${to_email}"
    echo "Subject: ${started}"
    echo "MIME-Version: 1.0"
#    echo "Content-Type: text/html" ## does not work with 11.3 for now
    echo -e "\\r\\n"
) >> /tmp/clamavemail${pid}.tmp

## Set email body ##
(
    echo "<pre style=\"font-size:14px\">"
    echo ""
    echo "scantarget ${scanlocation}"
    echo ""
    echo "${started}"
    echo ""
    echo "${finished}"
    echo ""
    echo "--------------------------------------"
    echo "ClamAV Scan Summary pid ${pid}"
    echo "--------------------------------------"
    tail -n 8 /var/log/clamav/clamscan${pid}.log
    echo ""
    echo ""
    echo "--------------------------------------"
    echo "freshclam log file"
    echo "--------------------------------------"
    tail -n +2 /var/log/clamav/freshclam-${NOW}.log
    echo ""
    echo ""
    echo "--------------------------------------"
    echo "clamav log file"
    echo "--------------------------------------"
    tail -n +4 /var/log/clamav/clamscan${pid}.log | sed -e :a -e '$d;N;2,10ba' -e 'P;D'
    echo "</pre>"
) >> /tmp/clamavemail${pid}.tmp

### Tidy Up ###
## Delete the freshclam log in preparation of a new log ##
#rm /var/log/clamav/freshclam-${NOW}.log ## Not required since file is created once per day i.e no need to refresh clam virus def for every run

## Delete the clamscan log in preparation of a new log ##
rm /var/log/clamav/clamscan${pid}.log
### End ###



run_clamav_scan.sh
Code:
#!/bin/sh

### Execute a shall script on the ClamAV jail, which updates the Anti-Virus definations and then runs a scan ###
## iocage = FreeNAS v11.1 and above (yes FreeNAS v11.1 supports both warden and iocage [via CLI]) ##

## Define the location where the "avscan.sh" shell script is located on the jail:
scriptlocation="/script/"

# Grab pid id from started process and sent it to tmp file so second process can pick it up

pid=$$
#echo "pid id ${pid}"

# Grab target directory parameter
scantarget=${@}

## Execute the script passing pid and target path ##
iocage exec clamav "$scriptlocation"avscan.sh "${pid}" "${scantarget}"

## email the log ##
sendmail -t < /mnt/JailSSD/iocage/jails/clamav/root/tmp/clamavemail${pid}.tmp

## Delete the log file ##
rm /mnt/JailSSD/iocage/jails/clamav/root/tmp/clamavemail${pid}.tmp



Then I setup individual cron tasks on server level passing in the folder I want to scan as a parameter

Code:
/mnt/JailSSD/apps/clamav/run_clamav_scan.sh "AccountManagement/Subfolder xyz"
 
Last edited:

ghostwolf59

Contributor
Joined
Mar 2, 2013
Messages
165
Anyone that have the know how resolving this...?
Seem that ClamAV is struggling with memory (only have 8GB RAM available), but for a scan....? Would have expected ClamAV would be minimal memory hungry !

Code:
scan target /scantarget/AccountManagement/
ClamAV update process started at Mon Mar  2 19:29:57 2020
daily.cld database is up to date (version: 25738, sigs: 2202395, f-level: 63, builder: raynman)
main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
LibClamAV Error: cli_realloc(): Attempt to allocate 0 bytes. Please report to https://bugzilla.clamav.net
LibClamAV Error: cli_pdf: cannot reallocate memory for decoded output
LibClamAV Warning: Bytecode run timed out in interpreter after 260050000 opcodes
LibClamAV Warning: Bytecode 44 failed to run: CL_ETIMEOUT: Time limit reached
LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 79 failed to run: CL_ETIMEOUT: Time limit reached
LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 79 failed to run: CL_ETIMEOUT: Time limit reached
LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes
LibClamAV Warning: Bytecode 79 failed to run: CL_ETIMEOUT: Time limit reached
 

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
Hi there,

@ghostwolf59 - I am looking into this, as I also received the same message as well the other day.

I have also fixed a couple of issues with the scripts, new versions available from my github page. I will look into your other post as well, as I'm not getting any permissions issues.

Jonathan
 
Top