Nextcloud AIO v7.11.2 ClamAV seems to be not working

ℹ️ Support
, , ,
1

Nextcloud version (eg, 20.0.5): Nextcloud AIO v7.11.2
Operating system and version (eg, Ubuntu 20.04): Unraid Docker

The issue you are facing:

I uploaded a virus-test-file to see if it is detected. But nothing happens.
Also I don’t recognize any scheduled scanning of the files.

My guess is, that the nextcloud-cotainer can’t communicate with the clamav-container. I just enabled the clamav in the AIO-Interface, everything is default.
Antivirus-App in nextcloud-interface is present.

The output of the log from clamav:

Starting Freshclamd
Starting ClamAV

or clamd not found yet, retrying (0/90) ...ClamAV update process started at Mon Feb 12 05:07:50 2024
daily database available for update (local version: 27181, remote version: 27182)

or clamd not found yet, retrying (1/90) ...
or clamd not found yet, retrying (2/90) ...
or clamd not found yet, retrying (3/90) ...
or clamd not found yet, retrying (4/90) ...
or clamd not found yet, retrying (5/90) ...
or clamd not found yet, retrying (6/90) ...
or clamd not found yet, retrying (7/90) ...
or clamd not found yet, retrying (8/90) ...
or clamd not found yet, retrying (9/90) ...
or clamd not found yet, retrying (10/90) ...
or clamd not found yet, retrying (11/90) ...Testing database: '/var/lib/clamav/tmp.bf710e63e0/clamav-564e71c1580cf8d6f61d3a856624ddeb.tmp-daily.cld' ...

or clamd not found yet, retrying (12/90) ...
or clamd not found yet, retrying (13/90) ...
or clamd not found yet, retrying (14/90) ...
or clamd not found yet, retrying (15/90) ...
or clamd not found yet, retrying (16/90) ...
or clamd not found yet, retrying (17/90) ...
or clamd not found yet, retrying (18/90) ...
or clamd not found yet, retrying (19/90) ...
or clamd not found yet, retrying (20/90) ...
or clamd not found yet, retrying (21/90) ...
or clamd not found yet, retrying (22/90) ...
or clamd not found yet, retrying (23/90) ...
or clamd not found yet, retrying (24/90) ...
or clamd not found yet, retrying (25/90) ...
or clamd not found yet, retrying (26/90) ...
or clamd not found yet, retrying (27/90) ...
or clamd not found yet, retrying (28/90) ...
or clamd not found yet, retrying (29/90) ...
or clamd not found yet, retrying (30/90) ...
or clamd not found yet, retrying (31/90) ...
or clamd not found yet, retrying (32/90) ...
or clamd not found yet, retrying (33/90) ...
or clamd not found yet, retrying (34/90) ...
or clamd not found yet, retrying (35/90) ...
or clamd not found yet, retrying (36/90) ...
or clamd not found yet, retrying (37/90) ...
or clamd not found yet, retrying (38/90) ...
or clamd not found yet, retrying (39/90) ...
or clamd not found yet, retrying (40/90) ...
or clamd not found yet, retrying (41/90) ...
or clamd not found yet, retrying (42/90) ...
or clamd not found yet, retrying (43/90) ...
or clamd not found yet, retrying (44/90) ...
or clamd not found yet, retrying (45/90) ...
or clamd not found yet, retrying (46/90) ...
or clamd not found yet, retrying (47/90) ...Database test passed.
daily.cld updated (version: 27182, sigs: 2052980, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
WARNING: Clamd was NOT notified: Can't connect to clamd through /tmp/clamd.sock: No such file or directory

or clamd not found yet, retrying (48/90) ...
or clamd not found yet, retrying (49/90) ...
or clamd not found yet, retrying (50/90) ...
or clamd not found yet, retrying (51/90) ...
or clamd not found yet, retrying (52/90) ...
or clamd not found yet, retrying (53/90) ...
or clamd not found yet, retrying (54/90) ...
or clamd not found yet, retrying (55/90) ...
or clamd not found yet, retrying (56/90) ...
or clamd not found yet, retrying (57/90) ...
or clamd not found yet, retrying (58/90) ...
or clamd not found yet, retrying (59/90) ...
or clamd not found yet, retrying (60/90) ...
or clamd not found yet, retrying (61/90) ...
or clamd not found yet, retrying (62/90) ...
or clamd not found yet, retrying (63/90) ...
or clamd not found yet, retrying (64/90) ...
or clamd not found yet, retrying (65/90) ...
or clamd not found yet, retrying (66/90) ...Mon Feb 12 05:08:58 2024 -> Limits: Global time limit set to 120000 milliseconds.
Mon Feb 12 05:08:58 2024 -> Limits: Global size limit set to 419430400 bytes.
Mon Feb 12 05:08:58 2024 -> Limits: File size limit set to 104857600 bytes.
Mon Feb 12 05:08:58 2024 -> Limits: Recursion level limit set to 17.
Mon Feb 12 05:08:58 2024 -> Limits: Files limit set to 10000.
Mon Feb 12 05:08:58 2024 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Mon Feb 12 05:08:58 2024 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Mon Feb 12 05:08:58 2024 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Mon Feb 12 05:08:58 2024 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Mon Feb 12 05:08:58 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Mon Feb 12 05:08:58 2024 -> Limits: MaxPartitions limit set to 50.
Mon Feb 12 05:08:58 2024 -> Limits: MaxIconsPE limit set to 100.
Mon Feb 12 05:08:58 2024 -> Limits: MaxRecHWP3 limit set to 16.
Mon Feb 12 05:08:58 2024 -> Limits: PCREMatchLimit limit set to 100000.
Mon Feb 12 05:08:58 2024 -> Limits: PCRERecMatchLimit limit set to 2000.
Mon Feb 12 05:08:58 2024 -> Limits: PCREMaxFileSize limit set to 104857600.
Mon Feb 12 05:08:58 2024 -> Archive support enabled.
Mon Feb 12 05:08:58 2024 -> AlertExceedsMax heuristic detection disabled.
Mon Feb 12 05:08:58 2024 -> Heuristic alerts enabled.
Mon Feb 12 05:08:58 2024 -> Portable Executable support enabled.
Mon Feb 12 05:08:58 2024 -> ELF support enabled.
Mon Feb 12 05:08:58 2024 -> Mail files support enabled.
Mon Feb 12 05:08:58 2024 -> OLE2 support enabled.
Mon Feb 12 05:08:58 2024 -> PDF support enabled.
Mon Feb 12 05:08:58 2024 -> SWF support enabled.
Mon Feb 12 05:08:58 2024 -> HTML support enabled.
Mon Feb 12 05:08:58 2024 -> XMLDOCS support enabled.
Mon Feb 12 05:08:58 2024 -> HWP3 support enabled.
Mon Feb 12 05:08:58 2024 -> Self checking every 600 seconds.
Mon Feb 12 05:08:58 2024 -> Set stacksize to 1048576
socket found, clamd started.
Mon Feb 12 05:19:23 2024 -> SelfCheck: Database status OK.
Mon Feb 12 05:29:25 2024 -> SelfCheck: Database status OK.
Mon Feb 12 05:39:27 2024 -> SelfCheck: Database status OK.
Mon Feb 12 05:49:29 2024 -> SelfCheck: Database status OK.
Mon Feb 12 05:59:31 2024 -> SelfCheck: Database status OK.
Mon Feb 12 06:09:33 2024 -> SelfCheck: Database status OK.
Mon Feb 12 06:19:35 2024 -> SelfCheck: Database status OK.
Mon Feb 12 06:29:37 2024 -> SelfCheck: Database status OK.
Mon Feb 12 06:39:39 2024 -> SelfCheck: Database status OK.
Mon Feb 12 06:49:41 2024 -> SelfCheck: Database status OK.
Mon Feb 12 06:59:43 2024 -> SelfCheck: Database status OK.
Mon Feb 12 07:09:45 2024 -> SelfCheck: Database status OK.
Mon Feb 12 07:19:47 2024 -> SelfCheck: Database status OK.
2

OK, I did go to nextcloud management under logging:
https://nextcloug/settings/admin/logging

There I did found some entries. So it seems like that the used clamav wont recognize my test-file.

Am I correct, that the anti-virus-app is only logging to:
https://nextcloud.org/settings/admin/logging

Is there a way to get notified is there is a virus-file found?

Also: is there a log to understand the schedule and how many files were scanned and how long it took?

3

Hi, can you test with https://www.eicar.org/download-anti-malware-testfile/?

1 Like
4

yes! That worked like a charm! Don’t know what I did wrong before. :frowning:
So I cant upload the file! :heart_eyes: Very good!

Still: Is there a way to get notified by the antivirus app? Maybe the “normal” notifications?

To me it seems a bit silly to have to go to:
https://nextcloud/settings/admin/logging
to check if there was an event.

Also: how can I verify the scheduled file-scanning?

5

Any idea about that greyed-out option?

grafik
grafik1318×752 46.6 KB