Scale: Installation of ClamAV (TrueNAS Community version)

[Scott Anderson]

Hi,

Can someone point me to installation/configuration instructions for the ClamAV app?

I've installed the TrueNAS Community version from the Available Apps but I can't find any information about how to use or configure it. It is showing that port 30005/tcp is configured but I can't connected to the port (although a port scan shows it is responding)

Any pointers?

Thanks,

Scott

 

[Dysonco]

Hi,

Can someone point me to installation/configuration instructions for the ClamAV app?

I've installed the TrueNAS Community version from the Available Apps but I can't find any information about how to use or configure it. It is showing that port 30005/tcp is configured but I can't connected to the port (although a port scan shows it is responding)

Any pointers?

Thanks,

Scott

Did you ever work this out? I'm having similar issues, just can't find details on how to configure....

 

[Scott Anderson]

Did you ever work this out? I'm having similar issues, just can't find details on how to configure....

No, I gave up in the end. I rsync the data to a QNAP device anyway and perform the check there. Not ideal but better than nothing.

 

[Dysonco]

Thanks for the response Scott.

Seems ridiculous there isn't any documentation for ClamAV on Scale....

 

[ragametal]

@Dysonco i share your frustration with the lack of support with the apps in truenas and i agree with you.
Supposedly everybody is using ClamAV in their system, and yet very few people chime in when it comes to answer questions about it.

ClamAv is kind of complicated and it took me lots of hours reading throught the manual to understand it. So, i will give you pointers and you should take it from there as i cannot possibly teach you everything i know about this app.

The way clamAV works is not how you think. It doesn't have a web interface or any other GUI. it is more like a command.

ClamAV is installed in a container, meaning that initially it doesn't have access to the system files.
So, the first thing you need to do is to add the system folder you want to scan, as a local folder inside the ClamAV container.

After you deploy the app, clamscan will be running but, how do you start a scan?

Well in a bare metal system, if you wanted to scan a directory called "scandir" then you would have to go to the terminal and type a command similar to :
clamscan -zri /scandir

That will get the scan going.

Then, to automate things, you would add a cronjob to run that command at a certain schedule of your choosing.

Most people (like me) create a script to run additional commands besides this. For instance, my script scans the folder and then sends me an email with the results. My cronjob runs it once a month.

Now, since ClamAV is not installed baremetal the process will be a bit different. ClamAV is installed in a container and you would have to pass the command from the main system to the container. For me this was the most difficult part to figure out but the people from heavscript have an example of a script that does just that. It can be found at Command to Container Cron Job.

I used that example as basis for my script so it could issue the command from Truenas to the ClamAV container via a cronjob.

Now, that is MY setup. I believe the Truenas implementation of ClamAV has builtin functions to setup a cronjob for scans. Just enable the function "Enable conjob" and set up a schedule for it. It should look similar to this:

If i were you, i would start there.

If you want more advanced functions such as emails reports, then i would study how to send a command to a container and use one of the many clamAV scripts available on the web.

Another reason why i like to run my own script is that i can use the command "clamdscan" which is much faster than "clamscan". To give you an idea, in my system a scan with "clamscan" takes about 5 days, the same scan takes about 40 minutes with "clamdscan". I don't remember the reason why but i believe "clamdscan" is a multicore process while "clamscan" is a single core one (I'm not sure about this so please do your research if interested in learning more).

As you can see, ClamAV is not as straight forward to setup. I think Truenas made a great effort in their implementation but without email reports the end user will never get feedback that the app is even running so it is very frustrating to use.

I hope this can get you going because you will never get a proper response from IXsystems about how their own implementation of Apps works.

 

[Dysonco]

Hi Ragametal,

Thanks you so much for taking the time to help me out!

Working through it now!

 

[Dysonco]

Soooo,

Firstly my apologies, I've only recently moved from Core to Scale and I'm still getting my head round the differences between UIs. I'm struggling a little to match your screenshots to what I'm seeing here.

I'm running TrueNAS-SCALE-23.10.1. And I can't find the Cron job bit of the ClamAV app for instance.

I'm also having some premission issues I think? If I run a scan from the Pod shell it just says.

I added the hostpath during the initial App setup (i added the whole /mnt/ folder) and have added the libvirt_quemi user to allow access to the datasets too.
What am I missing here?

Thanks again for your help!

 

[ragametal]

@Dysonco see what I was saying? Not a single soul will comment on ClamAV. Shocking!!!
Anyway, back to your issue.
First, I apologize for misguiding you. I just realized that I'm not using the official Truenas ClamAV app. I'm using the Trucharts one.

Try that one and you should have the cronjob options available to you.

Second, you definitely have a permissions issue. If you go to the Pod shell, can you access the files and folders manually? If not, fix that before trying to run ClamAV.

I personally run ClamAV as root (PUID=0) as i consider it a system process similar to snapshots, scrubs and replication. It may not be the most secure way of doing things but that is how i managed to make it work.

Give that i try and hopefully that will make it work on your system.
Good luck, you are closer than before.

 

[LarsR]

There's a how-to from the truecharts clamav Version , but the steps should be nearly the Same foe the Community Version https://truecharts.org/charts/stable/clamav/how-to

 

[Dysonco]

@Dysonco see what I was saying? Not a single soul will comment on ClamAV. Shocking!!!
Anyway, back to your issue.
First, I apologize for misguiding you. I just realized that I'm not using the official Truenas ClamAV app. I'm using the Trucharts one.

Try that one and you should have the cronjob options available to you.

Second, you definitely have a permissions issue. If you go to the Pod shell, can you access the files and folders manually? If not, fix that before trying to run ClamAV.

I personally run ClamAV as root (PUID=0) as i consider it a system process similar to snapshots, scrubs and replication. It may not be the most secure way of doing things but that is how i managed to make it work.
View attachment 74705

Give that i try and hopefully that will make it work on your system.
Good luck, you are closer than before.

Hi ragametal,

Thanks again for your help. You'll be pleased to hear I'm now using the Truecharts ClamAV install,

I'm kinda getting my head round all of this, I still seem to have some permisissions issue going on though and I'm not sure how to fix it. I've tried mutliple variations of the storage settings in ClamAVs app setup, the howto lars shared above from Truecharts seem to suggest I need NFS shares rather than using a host path, yet if I do as they suggest then the locations arent visible in the pod shell.

Can I sense check my understanding as I'm not really familiar with how container/ pods work other than as a basic overview.

So, in theory if I can use the Pod shell to navigate to the folders I'd like to scan at /scandir if thats readable should that mean Clamscan can access them?

The above shows my two Pools as I currently have my scandir path set as /mnt/ Should it be the individual datasets set rather than the /mnt/ point?

I've always got the sudo privelages warning coming up too, could this be my permissions issue, if so, any suggestions?

Thanks again for your help!

Mike

 

[Dysonco]

There's a how-to from the truecharts clamav Version , but the steps should be nearly the Same foe the Community Version https://truecharts.org/charts/stable/clamav/how-to

Thanks Lars,

Unfortunately I think I'm still not understanding how this works and which bit relates to what.

I've uninstalled the community version and am now running the Truecharts version, yet if I follow the howto I'm still getting permissions issues and no virus scanning.

I have a suspicion I'm just missing some basic understanding....

 

[ragametal]

@Dysonco

"So, in theory if I can use the Pod shell to navigate to the folders I'd like to scan at /scandir if thats readable should that mean Clamscan can access them?"

YES.

I believe the advisement from Truecharts of using NFS mounts is outdated but not wrong as it is still a way of doing it. If my memory serves me right, in the past you could only mount NFS shares as local folders inside container (Not sure about this). The current version of TrueNAS now allows to mount regular system folders inside containers using "hostpath".

About the sudo warning, try running the app as root (PUID=0) and not at user APPS (PUID=568). As i said above, this may not be the safest way of setting it up, that is just how I have it in my system as i was having permission issues just like you.