[HOW TO] Install ClamAV on FreeNAS v11

[HOW TO] Install ClamAV on FreeNAS v11 v11.0-U2

ghostwolf59

Contributor
Joined
Mar 2, 2013
Messages
165
Hi there,

@ghostwolf59 - I am looking into this, as I also received the same message as well the other day.

I have also fixed a couple of issues with the scripts, new versions available from my github page. I will look into your other post as well, as I'm not getting any permissions issues.

Jonathan

I managed to sort the permission issues *relates to FreeNAS 11.3 *see my earlier comments on this* - so that's no longer an issue.
Not sure what changes you actually made to your scripts, but I am pretty happy with mine *modded to limit the number of times you update the virus defs as well allow for concurrent scan processes *see earlier threads where I posted both scripts - No issues running these scans now and gives me the flexibility to set up various types of scan targets *parameter passed in from the cron task.
I think its an overkill to enforce a refresh of the virus definitions for each run *as with your script* - By timestamp or date the virus definition you will speed up and cut network traffic by only refresh the definitions once per every 24 hour cycle.

The memory issues and time it takes to scan large volumes is still and issue though - Hence me working around this by limit the targets via parameters

cheers
 

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
Hi All, I have written a new version of the script(s).

This was the first script I wrote, so it had quite a few syntax errors and bad programming styles within it, and to be honest it was a bit "clunky", so I have done a complete rewrite of the script, taking into account the issues I found along with the feedback from @ghostwolf59 (above), to make it simpler and easier to use.

The changes are as follows:
  1. reduced coding and scripts to now only require a single script to run;
  2. turned all hard-coded log file names into variables;
  3. added in complete setup and usage instructions;
  4. defining 'root' as the default email (so no need to edit this if happy with that);
  5. script now requires a parameter of the target location to scan (with error checking);
  6. simplified the editing requirements for the endusers who are running in warden jails instead of iocage;
  7. the script now supports concurrent runs, by using automatically generated unique files names for the log files.
  8. separated and automated the freshclam update independently from this script, so you can configure how often you want to update the virus definitions.
You can get a copy of this script from: https://github.com/jaburt/FreeNAS-Server-ClamAV-Scan/blob/master/run_clamav_scan_beta.sh

I would appreciate if anyone could try it out (and feedback), before I update the resource to show only this single script and its operation. Please read the ### Usage ### section, as this explains how to setup the ClamAV jail, with a FreshClam daemon, along with instructions on how to use the script.

I hope you like it.

Yours
Jonathan
 
Last edited:

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
Hi, I've not received any negative feedback and its been working for me for over a week now, so am going "live" with this new version of the script. I have updated the resource and my GitHub page accordingly.

Jonathan.
 

dstocks

Cadet
Joined
May 19, 2020
Messages
6
I'm running the script from the command line to test, but it's simply returning after a second or two with no error or feedback. Maybe it's not configured to run this way? This even happens when I try running it with no parameter (target). I would expect an invalid parameter alert when running it without a target. I did use the plug-in to create the jail, but I verified that all is good with dir/file locations, mount points and the script config.
 

dstocks

Cadet
Joined
May 19, 2020
Messages
6
OK. Upon further inspection-- the jail doesn't have sendmail configured. I don't really want to run sendmail on the jail when all I need is an outbound mail client for email alerts. Maybe using something like ssmtp for basic outbound mail as an option?
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
OK. Upon further inspection-- the jail doesn't have sendmail configured. I don't really want to run sendmail on the jail when all I need is an outbound mail client for email alerts. Maybe using something like ssmtp for basic outbound mail as an option?

So that doesn't make any sense. You don't want to run Sendmail but you want to run something else that does mail. Do you have something against Sendmail? It's the default MSA and it is extremely competent. You can easily make it submit to a smarthost, optionally with local queue capabilities.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
It is and ssmtp is in ports/packages:

OTOH without any settings in rc.conf Sendmail defaults to a local submit agent. Combine that with a mailertable entry for "." pointing to your smarthost and you are set up in less than a minute.
 

dstocks

Cadet
Joined
May 19, 2020
Messages
6
So that doesn't make any sense. You don't want to run Sendmail but you want to run something else that does mail. Do you have something against Sendmail? It's the default MSA and it is extremely competent. You can easily make it submit to a smarthost, optionally with local queue capabilities.

Thanks!
 

dstocks

Cadet
Joined
May 19, 2020
Messages
6
It is and ssmtp is in ports/packages:

OTOH without any settings in rc.conf Sendmail defaults to a local submit agent. Combine that with a mailertable entry for "." pointing to your smarthost and you are set up in less than a minute.

Right! I'm a little rusty and forgot that was the case. Thank you!
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
OTOH without any settings in rc.conf Sendmail defaults to a local submit agent. Combine that with a mailertable entry for "." pointing to your smarthost and you are set up in less than a minute.

Or just change freebsd.submit.mc to FEATURE('msp`, 'your-smarthost`)dnl

That refers to the last line where it has [127.0.0.1] wired in, by the way.

If you do that, you should *probably* set

sendmail_msp_queue_enable="YES"

which will cause Sendmail to periodically run its MSP queue but do nothing else. This is optional, but if you don't do it and your mailhost is down or cannot receive mail, mail will queue and never be processed (not Sendmail's fault).
 
Last edited:

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
Or just change freebsd.submit.mc to FEATURE('msp`, 'your-smarthost`)dnl
I think it's simpler - and don't forget that freebsd.submit.mc gets copied to my.fq.dn.submit.mc etc. - to just put this in mailertable and invoke make:
. esmtp:[my.smart.host]
 

Hazimil

Contributor
Joined
May 26, 2014
Messages
172
I'm running the script from the command line to test, but it's simply returning after a second or two with no error or feedback. Maybe it's not configured to run this way? This even happens when I try running it with no parameter (target). I would expect an invalid parameter alert when running it without a target. I did use the plug-in to create the jail, but I verified that all is good with dir/file locations, mount points and the script config.

Hi, remember, you need to run the script from outside of the Jail, as that's where sendmail is (installed with base FreeNAS).

Also, I can't guarantee the script will run if you use the Plugin instead of creating a clean Jail as per my notes (as I not tested it with the plugin).

J.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
You can easily run Sendmail in the jail without any additional installation. Remove all the lines explicitly disabling it and configure mailertable as suggested - done.
 

xbmcgotham

Dabbler
Joined
Oct 16, 2020
Messages
26
Hi, great tutorial thanks!

I having an issue at stap 4. All previous steps went fine, [i think] but when I Try editing the freshclam.conf file in terminal, it’s not there. The directory is full of files but not this one. Not sure now what todo? Any tips?

Additionally, at step 6 it says "Run this script with the scan location as a parameter, i.e. run_clamav_scan.sh "scan target"" now how do you load and set this script up in the CRON job inside the freenas UI. It only has an command option field.

I am very new to freenas, hopefully someone can give step by step guidance. :smile:

thanks

Screen Shot 2020-12-18 at 11.57.14.png
 
Last edited:

xbmcgotham

Dabbler
Joined
Oct 16, 2020
Messages
26
@Hazimil Hi,
Any idea why I am getting error messages by email telling me the scan target is not correctly configured and that the scan can't be performed?

I tried different ways. Any ideas?

Thanks

Screen Shot 2020-12-23 at 13.06.02.png

Screen Shot 2020-12-27 at 16.41.34.png
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
Any idea why I am getting error messages by email telling me the scan target is not correctly configured and that the scan can't be performed?

I tried different ways. Any ideas?
You're trying to launch a cron job from outside the jail pointing at a scan target inside the jail.

I think you'll need to configure it so that the path inside the jail matches the one outside and specify it like it's outside.

There's a note on making the paths match in the original doc:
Code:
(FreeNAS server)                                (ClamAV Jail)
/mnt/tank/Sysadmin     ---> mounted to ---->    /mnt/tank/Sysadmin
/mnt/tank/Documents    ---> mounted to ---->    /mnt/tank/Documents


So you would need to make a directory in your jail called /mnt/pool1, then mount the content there into the same effective path and then run the script with the target of /mnt/pool1/videos-casino
 

xbmcgotham

Dabbler
Joined
Oct 16, 2020
Messages
26
@sretalla Thanks for your quick response and help.

If I understand correctly, is this what you suggest? When I run it this way, it still gives the "error: Scan target location does not exist! /mnt/pool1/videos-casino/"

Am I still doing something wrong?

Thanks
Screen Shot 2020-12-27 at 18.36.24.png

Screen Shot 2020-12-27 at 18.31.42.png
 

xbmcgotham

Dabbler
Joined
Oct 16, 2020
Messages
26
Happy new year all!

@sretalla @Hazimil

Just wondering if you able to see anything in my screenshots above that needs to change to make it work. I really like to start using ClamAV. :smile:

Thanks again for any assistance


@sretalla Thanks for your quick response and help. If I understand correctly, is this what you suggest? When I run it this way, it still gives the "error: Scan target location does not exist! /mnt/pool1/videos-casino/" Am I still doing something wrong? Thanks View attachment 43760 View attachment 43761
 

cellardoor

Dabbler
Joined
Jul 21, 2017
Messages
25
Hello.

Same problem here!
Regards

Stupid me.
I just forgot to change the jail name to clamav in the script.
The script is awaiting the name ClamAV.
Sorry and thanks for the tutorial.
 
Last edited:

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
I have not read the entire thread and do not use ClamAV on TrueNAS myself, but I can offer some fundamental hints:

1. The mountpoint in the jail needs to exist. So you need to login to the jail and use mkdir to create it.
2. I doubt that it is necessary to have the mountpoint in the jail be the same as the path outside the jail - why should that be necessary? But ...
3. Of course the cronjob runs in the jail where ClamAV is installed, so again login to the jail and use the crontab command to create it.

Hope that helps and I am not missing anything fundamental myself.
 
Top