Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.
[HOW TO] Install ClamAV on FreeNAS v11

[HOW TO] Install ClamAV on FreeNAS v11 v11.0-U2

ghostwolf59

Member
Joined
Mar 2, 2013
Messages
165
Hi there,

@ghostwolf59 - I am looking into this, as I also received the same message as well the other day.

I have also fixed a couple of issues with the scripts, new versions available from my github page. I will look into your other post as well, as I'm not getting any permissions issues.

Jonathan
I managed to sort the permission issues *relates to FreeNAS 11.3 *see my earlier comments on this* - so that's no longer an issue.
Not sure what changes you actually made to your scripts, but I am pretty happy with mine *modded to limit the number of times you update the virus defs as well allow for concurrent scan processes *see earlier threads where I posted both scripts - No issues running these scans now and gives me the flexibility to set up various types of scan targets *parameter passed in from the cron task.
I think its an overkill to enforce a refresh of the virus definitions for each run *as with your script* - By timestamp or date the virus definition you will speed up and cut network traffic by only refresh the definitions once per every 24 hour cycle.

The memory issues and time it takes to scan large volumes is still and issue though - Hence me working around this by limit the targets via parameters

cheers
 

Hazimil

Member
Joined
May 26, 2014
Messages
172
Hi All, I have written a new version of the script(s).

This was the first script I wrote, so it had quite a few syntax errors and bad programming styles within it, and to be honest it was a bit "clunky", so I have done a complete rewrite of the script, taking into account the issues I found along with the feedback from @ghostwolf59 (above), to make it simpler and easier to use.

The changes are as follows:
  1. reduced coding and scripts to now only require a single script to run;
  2. turned all hard-coded log file names into variables;
  3. added in complete setup and usage instructions;
  4. defining 'root' as the default email (so no need to edit this if happy with that);
  5. script now requires a parameter of the target location to scan (with error checking);
  6. simplified the editing requirements for the endusers who are running in warden jails instead of iocage;
  7. the script now supports concurrent runs, by using automatically generated unique files names for the log files.
  8. separated and automated the freshclam update independently from this script, so you can configure how often you want to update the virus definitions.
You can get a copy of this script from: https://github.com/jaburt/FreeNAS-Server-ClamAV-Scan/blob/master/run_clamav_scan_beta.sh

I would appreciate if anyone could try it out (and feedback), before I update the resource to show only this single script and its operation. Please read the ### Usage ### section, as this explains how to setup the ClamAV jail, with a FreshClam daemon, along with instructions on how to use the script.

I hope you like it.

Yours
Jonathan
 
Last edited:

Hazimil

Member
Joined
May 26, 2014
Messages
172
Hi, I've not received any negative feedback and its been working for me for over a week now, so am going "live" with this new version of the script. I have updated the resource and my GitHub page accordingly.

Jonathan.
 

dstocks

Neophyte
Joined
May 19, 2020
Messages
6
I'm running the script from the command line to test, but it's simply returning after a second or two with no error or feedback. Maybe it's not configured to run this way? This even happens when I try running it with no parameter (target). I would expect an invalid parameter alert when running it without a target. I did use the plug-in to create the jail, but I verified that all is good with dir/file locations, mount points and the script config.
 

dstocks

Neophyte
Joined
May 19, 2020
Messages
6
OK. Upon further inspection-- the jail doesn't have sendmail configured. I don't really want to run sendmail on the jail when all I need is an outbound mail client for email alerts. Maybe using something like ssmtp for basic outbound mail as an option?
 

jgreco

Resident Grinch
Moderator
Joined
May 29, 2011
Messages
12,389
OK. Upon further inspection-- the jail doesn't have sendmail configured. I don't really want to run sendmail on the jail when all I need is an outbound mail client for email alerts. Maybe using something like ssmtp for basic outbound mail as an option?
So that doesn't make any sense. You don't want to run Sendmail but you want to run something else that does mail. Do you have something against Sendmail? It's the default MSA and it is extremely competent. You can easily make it submit to a smarthost, optionally with local queue capabilities.
 

Patrick M. Hausen

Neophyte Sage
Joined
Nov 25, 2013
Messages
1,480
It is and ssmtp is in ports/packages:

OTOH without any settings in rc.conf Sendmail defaults to a local submit agent. Combine that with a mailertable entry for "." pointing to your smarthost and you are set up in less than a minute.
 

dstocks

Neophyte
Joined
May 19, 2020
Messages
6
So that doesn't make any sense. You don't want to run Sendmail but you want to run something else that does mail. Do you have something against Sendmail? It's the default MSA and it is extremely competent. You can easily make it submit to a smarthost, optionally with local queue capabilities.
Thanks!
 

dstocks

Neophyte
Joined
May 19, 2020
Messages
6
It is and ssmtp is in ports/packages:

OTOH without any settings in rc.conf Sendmail defaults to a local submit agent. Combine that with a mailertable entry for "." pointing to your smarthost and you are set up in less than a minute.
Right! I'm a little rusty and forgot that was the case. Thank you!
 

jgreco

Resident Grinch
Moderator
Joined
May 29, 2011
Messages
12,389
OTOH without any settings in rc.conf Sendmail defaults to a local submit agent. Combine that with a mailertable entry for "." pointing to your smarthost and you are set up in less than a minute.
Or just change freebsd.submit.mc to FEATURE('msp`, 'your-smarthost`)dnl

That refers to the last line where it has [127.0.0.1] wired in, by the way.

If you do that, you should *probably* set

sendmail_msp_queue_enable="YES"

which will cause Sendmail to periodically run its MSP queue but do nothing else. This is optional, but if you don't do it and your mailhost is down or cannot receive mail, mail will queue and never be processed (not Sendmail's fault).
 
Last edited:

Patrick M. Hausen

Neophyte Sage
Joined
Nov 25, 2013
Messages
1,480
Or just change freebsd.submit.mc to FEATURE('msp`, 'your-smarthost`)dnl
I think it's simpler - and don't forget that freebsd.submit.mc gets copied to my.fq.dn.submit.mc etc. - to just put this in mailertable and invoke make:
. esmtp:[my.smart.host]
 

Hazimil

Member
Joined
May 26, 2014
Messages
172
I'm running the script from the command line to test, but it's simply returning after a second or two with no error or feedback. Maybe it's not configured to run this way? This even happens when I try running it with no parameter (target). I would expect an invalid parameter alert when running it without a target. I did use the plug-in to create the jail, but I verified that all is good with dir/file locations, mount points and the script config.
Hi, remember, you need to run the script from outside of the Jail, as that's where sendmail is (installed with base FreeNAS).

Also, I can't guarantee the script will run if you use the Plugin instead of creating a clean Jail as per my notes (as I not tested it with the plugin).

J.
 

Patrick M. Hausen

Neophyte Sage
Joined
Nov 25, 2013
Messages
1,480
You can easily run Sendmail in the jail without any additional installation. Remove all the lines explicitly disabling it and configure mailertable as suggested - done.
 
Top