[HOW TO] Install ClamAV on FreeNAS v11 v11.0-U2

[cellardoor]

I have not read the entire thread and do not use ClamAV on TrueNAS myself, but I can offer some fundamental hints:

1. The mountpoint in the jail needs to exist. So you need to login to the jail and use mkdir to create it.
2. I doubt that it is necessary to have the mountpoint in the jail be the same as the path outside the jail - why should that be necessary? But ...
3. Of course the cronjob runs in the jail where ClamAV is installed, so again login to the jail and use the crontab command to create it.

Hope that helps and I am not missing anything fundamental myself.

Sorry, i am very sorry but i have to correct you. I do it for other people searching for help.
You better read first and than try to help.
1. As you see in the pictures the mountpoints already exist in the jail
2. It is not necessary but makes it easier.
3. wrong. totaly wrong
You define the cronjobs in truenas, not in the jail!!
This is the reason to make the mountpoints be the same as the path outside the jail,
so it is easier to set them without making a mistake.

Again sorry for correcting you so strict. But I thought it is important at that point to understand the whole
construct.
Stay save

 

[Patrick M. Hausen]

I see now that everything starts with a shell script that uses iocage exec. That means the cron job runs on the NAS but the command is finally executed in the jail.

Sorry for giving the wrong advice but I still dare question the whole architecture. Why go through these contortions instead of doing just that - run the job from within?

 

[cellardoor]

I think it is easier for people without so much knowledge in scripting and so on.
As long as it is running, the author is right

 

[Patrick M. Hausen]

Then what may the problem for the people who cannot make the mount point work, if it's not the fact that some intermediate directory does not exist, yet?

 

[cellardoor]

Everything is working by now. But for people like me it was not realy clear that there are
a few variables inside the script to set. If you name your jail not ClamAV but clamav the script is not working
although the mountpoints were set properly.

 

[Patrick M. Hausen]

Got it. Of course path names are case sensitive.

 

[xbmcgotham]

Thanks everyone for the assistance.
I finally found the issue.
I had a wrong path defined for the [jail_location="/mnt/xxxxxxx"] in the run_clamav_scan.sh
Its working great now.
Thanks

I have not read the entire thread and do not use ClamAV on TrueNAS myself, but I can offer some fundamental hints:
1. The mountpoint in the jail needs to exist. So you need to login to the jail and use mkdir to create it.
2. I doubt that it is necessary to have the mountpoint in the jail be the same as the path outside the jail - why should that be necessary? But ...
3. Of course the cronjob runs in the jail where ClamAV is installed, so again login to the jail and use the crontab command to create it.
Hope that helps and I am not missing anything fundamental myself.

 

[csax]

Update:
Turns out that 11.3 have mail issues - mail is sent once I remove the echo "Content-Type: text/html" from the script.
Seem to be an issue with the rollout of 11.3.

Permission is an issue though - if a top folder allow access but subfolder dont, then nothing will be shown.
By mapping individual supfolders then it show - Weird.
As part of this I ended up passing folder parameters in with the script - works fine

I modded these script to allow for concurrent processes as well cut down on the overhead of updating the virus definition for each run.
Virus db will only be updated once per 24 hour cycle
Also handle folder names containing spaces when passing scan target parameter

Cron task:

Code:

/mnt/JailSSD/apps/clamav/run_clamav_scan.sh "folder target name with spaces if needed as long its surrounded by quotes"

Note the top folder needs to be defined within the jail


avscan.sh

Code:

#!/bin/sh

### Notes ###
## Shell scripts to update the ClamAV definations, then run a scan and prepare an email template ##
## This script is called from a master script running as a cron job on the FreeNAS server ##
## Master script is: run_clamav_scan.sh  ##
##
## Instructions: ##
## 1) To use this you need to create a Jail called "ClamAV" ##
## 2) Open a Shall to the jail and then run: "pkg update" ##
## 3) The run: "pkg install clamav" ##
## 4) You can then "exit" the Jail ##
## 5) Add the windows shares you wish to scan by using the Jail Add Storage feature ##
## 5a) Add the shares to same location you use in the variable: "scanlocation" ##
## 6) Setp a cronjob on the FreeNAS server to run a shell script on the FreeNAS server: "run_clamav_scan.sh" ##
## 7) The shell script "run_clamav_scan.sh" then connects to the Jail and runs this script. ##
## 8) Once finished, the "run_clamav_scan.sh" script emails a log to the email entered in the variable: "to_email" ##
##
## https://www.clamav.net/ ##
## ClamAV® is an open source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, ##
## and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command ##
## line scanner and an advanced tool for automatic database updates. ##

pid=${1}
#echo "pid argument ${pid}"

targetdir=${2}
#targetdir=${@}
#echo "targetdir ${targetdir}"

## Top directory of the files/directories you wish to scan, i.e. the "Jail Add Storage" locations ##
scanlocation="/scantarget/${targetdir}"


### Parameters ###
## email address ##
to_email="your@email"address"

NOW=$(date "+%Y%m%d")
### Only Update anti-virus definations once per day identified by date ###
## Look for existing freshcalm.log for todays date - if found, ignore updating the virus def
## If NOT found, clean up any old freshclam-*.log files stored on the system and re-created it along with fresh virus def
file="/var/log/clamav/freshclam-${NOW}.log"
if [ ! -f "$file" ]
then
    echo "$0: File '${file}' not found."
    ## Clean up old clam files and create a fresh up to date version
    f=0
    for file in /var/log/clamav/freshclam*.log
    do
        if [ -f "$file" ]
        then
            rm -f $file
            ((f++))
        fi
    done
    echo "number of files removed: $f"
    echo "creating a new freshclam"
    freshclam -l /var/log/clamav/freshclam-${NOW}.log
fi 
#freshclam -l /var/log/clamav/freshclam${pid}.log
### End ###

echo "scan starting targetting ${scanlocation}"

### Run the anti-virus scan uniquely identified by pid ###
started=$(date "+ClamAV Scan started at: %Y-%m-%d %H:%M:%S")
clamscan -i -r -l /var/log/clamav/clamscan${pid}.log "${scanlocation}"
finished=$(date "+ClamAV Scan finished at: %Y-%m-%d %H:%M:%S")
### End ###

### prepare the email - pid makes the file unique ###
## Set email headers ##
(
    echo "To: ${to_email}"
    echo "Subject: ${started}"
    echo "MIME-Version: 1.0"
#    echo "Content-Type: text/html" ## does not work with 11.3 for now
    echo -e "\\r\\n"
) >> /tmp/clamavemail${pid}.tmp

## Set email body ##
(
    echo "<pre style=\"font-size:14px\">"
    echo ""
    echo "scantarget ${scanlocation}"
    echo ""
    echo "${started}"
    echo ""
    echo "${finished}"
    echo ""
    echo "--------------------------------------"
    echo "ClamAV Scan Summary pid ${pid}"
    echo "--------------------------------------"
    tail -n 8 /var/log/clamav/clamscan${pid}.log
    echo ""
    echo ""
    echo "--------------------------------------"
    echo "freshclam log file"
    echo "--------------------------------------"
    tail -n +2 /var/log/clamav/freshclam-${NOW}.log
    echo ""
    echo ""
    echo "--------------------------------------"
    echo "clamav log file"
    echo "--------------------------------------"
    tail -n +4 /var/log/clamav/clamscan${pid}.log | sed -e :a -e '$d;N;2,10ba' -e 'P;D'
    echo "</pre>"
) >> /tmp/clamavemail${pid}.tmp

### Tidy Up ###
## Delete the freshclam log in preparation of a new log ##
#rm /var/log/clamav/freshclam-${NOW}.log ## Not required since file is created once per day i.e no need to refresh clam virus def for every run

## Delete the clamscan log in preparation of a new log ##
rm /var/log/clamav/clamscan${pid}.log
### End ###

run_clamav_scan.sh

Code:

#!/bin/sh

### Execute a shall script on the ClamAV jail, which updates the Anti-Virus definations and then runs a scan ###
## iocage = FreeNAS v11.1 and above (yes FreeNAS v11.1 supports both warden and iocage [via CLI]) ##

## Define the location where the "avscan.sh" shell script is located on the jail:
scriptlocation="/script/"

# Grab pid id from started process and sent it to tmp file so second process can pick it up

pid=$$
#echo "pid id ${pid}"

# Grab target directory parameter
scantarget=${@}

## Execute the script passing pid and target path ##
iocage exec clamav "$scriptlocation"avscan.sh "${pid}" "${scantarget}"

## email the log ##
sendmail -t < /mnt/JailSSD/iocage/jails/clamav/root/tmp/clamavemail${pid}.tmp

## Delete the log file ##
rm /mnt/JailSSD/iocage/jails/clamav/root/tmp/clamavemail${pid}.tmp

Then I setup individual cron tasks on server level passing in the folder I want to scan as a parameter

Code:

/mnt/JailSSD/apps/clamav/run_clamav_scan.sh "AccountManagement/Subfolder xyz"

I have a total newbie question probably. But where does one copy the scripts? Is it going to the jail/ClamAV/ or somewhere else?
When running the run the cron job I get an email saying:
/bin/sh: run_clamav_scan.sh: not found
However, I am not sure to which directory this points. And do all the scripts go to the same dir?

Any help is much appreciated
THX