[SOLVED] Docker: unable to start clamav service

[details=“Support intro”]

Nextcloud version (eg, 20.0.5): 22.1.0
Operating system and version (eg, Ubuntu 20.04): Debian 11
Apache or nginx version (eg, Apache 2.4.25): nginx/1.18.0
PHP version (eg, 7.4): 7.4.22

The issue you are facing:
Built a Docker stack including Nextcloud, mariaDB, OnlyOffice and ClamAV. ClamAV doesn’t work, despite the container is running:

• socket doesn’t exist
• clamav daemon is not running
  The container has been created strictly following the official documentation at https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/antivirus_configuration.html.

Is this the first time you’ve seen this error? Y:

Steps to replicate it:

1. Create the Docker container as per the official documentation
2. Run all containers
3. Try to configure Nextcloud through Administration > Security > File antivirus

The output of your Nextcloud log in Admin > Logging:

Error: stream_socket_client(): unable to connect to unix:///var/run/clamav/clamd.ctl (No such file or directory) at /var/www/html/custom_apps/files_antivirus/lib/Scanner/ExternalClam.php#41

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'default_phone_region' => 'BE',
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => 'instance-id',
  'passwordsalt' => 'SALT',
  'secret' => 'SECRET',
  'trusted_domains' => 
  array (
    0 => '192.168.1.34:8088',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '22.1.0.1',
  'overwrite.cli.url' => 'http://192.168.1.34:8088',
  'dbname' => 'nextcloud',
  'dbhost' => 'mariadb',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'db-user',
  'dbpassword' => 'db-pwd',
  'installed' => true,
  'mail_from_address' => 'nextcloud',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'mydomain.com',
  'mail_smtpsecure' => 'ssl',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp-host',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'smtp-name',
  'mail_smtppassword' => 'mail-pwd',
  'allow_local_remote_servers' => true,
  'app_install_overwrite' => 
  array (
    0 => 'groupfolders',
  ),
);

The output of your Apache/nginx/system log in /var/log/____:

2021/08/26 14:37:18 [notice] 50389#50389: using inherited sockets from "6;7;"

As soon I as try to save AV settings in Nextcloud, I get the message “Cannot connect to “/var/run/clamav/clamd.ctl”: No such file or directory (code 2)”.

Thanks in advance for any help!

Any help, please?

Did you try to check if path is there?

docker exec NC_CONTAINER_NAME ls -la /var/run/clamav/clamd.ctl

How did you run NC? How did you run clamav?
Please provide more info, as, your docker-compose file, or docker commands that you used to run it.

There is a “bug” in a docu, still was not approved. Check those changes to calmav: Update antivirus_configuration.rst by GAS85 · Pull Request #7127 · nextcloud/documentation · GitHub

But if you have NC in container and clamav in container too, you have to configure socket to some common folder that both containers could access to.

Hi Georgyi and thanks for your answser!

First, here’s the docker-compose I’ve used. As I’m a newbie to Docker, I’ve imported the file into Portainer as a stack.

version: '2'

networks:
  frontend:
  backend:

services:
  mariadb:
    image: mariadb:10.5
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - /home/nextcloud/database:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=rootpwd
      - MYSQL_DATABASE=ncdb
      - MYSQL_USER=ncuser
      - MYSQL_PASSWORD=sqlpwd
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "5"
    networks:
      - backend

  onlyoffice:
    image: onlyoffice/documentserver
    restart: always
    ports:
      - 8089:80
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "5"
    networks:
      - frontend

  # From https://github.com/mko-x/docker-clamav/blob/master/docker-compose.yml
  av:
    image: mkodockx/docker-clamav
    restart: always
    volumes:
      - /var/run/clamav/:/var/run/clamav/
    environment:
      - CLAMD_SETTINGS_CSV=LocalSocket=/var/run/clamav/clamd.ctl
    networks:
      - backend

  nextcloud:
    image: nextcloud
    ports:
      - 8088:80
    depends_on:
      - mariadb
      - onlyoffice
      - av
    volumes:
      - /home/nextcloud/html:/var/www/html
      - /home/nextcloud/data:/var/www/html/data
    environment:
      - MYSQL_DATABASE=ncdb
      - MYSQL_USER=nc-user
      - MYSQL_PASSWORD=sqlpwd
      - MYSQL_HOST=mariadb
    restart: always
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "5"
    networks:
      - frontend
      - backend

I’ve indeed ran the docker exec NC_CONTAINER_NAME ls -la /var/run/clamav/clamd.ctl command which returned “no such file or directory”. Should this directory be created within the container or on the host?

Thanks in advance for your advice!

First of all move to official CLAMAV Image:

clamav/clamav:stable_base

As soon as you have all Apps in Container, simply share folder between them. According to this it can be:

version: '2'

volumes:
  clamsocket: {}

...

  av:
    image: "clamav/clamav:stable_base"
    container_name: "clamav"
    volumes:
      # Socket
      - clamsocket:/var/run/clamav/
      # Virus DB
      - /var/docker/clamav/virus_db/:/var/lib/clamav/
    restart: unless-stopped
    networks:
      - backend

  nextcloud:
    image: nextcloud
    ports:
      - 8088:80
    depends_on:
      - mariadb
      - onlyoffice
      - av
    volumes:
      - /home/nextcloud/html:/var/www/html
      - /home/nextcloud/data:/var/www/html/data
      # Socket
      - clamsocket:/var/run/clamav/

...

As alternative guide check this out: How to Share Data Between Docker Containers

i would put it in /home/nextcloud/clamav just to have everything in one place. but it really doesn’t matter.

anyhow it’s always better to put everything in named volumes instead binding host folder.
example: - clamav_db:/var/lib/clamav/

You right, this example is copy-paste based on my own configuration and updated Docu and could be improved with your configuration.

Thanks guys for the help!

I have one more question on the syntax, to ensure correct modification of the existing stack: when you define - clamav_db:/var/lib/clamav/, I understand that you need to define elsewhere the value of clamav_db which is the destination folder.

So the compose file should look like

volumes:
  clamsocket: {}
  clam_db: {}
...

av:
    image: "clamav/clamav:stable_base"
    restart: always
    container_name: "clamav"
    volumes:
      - clamsocket:/var/run/clamav/
      - clamav_db:/var/lib/clamav/
    environment:
      - CLAMD_SETTINGS_CSV=LocalSocket=/var/run/clamav/clamd.ctl
    networks:
      - backend

nextcloud:
    image: nextcloud
    ports:
      - 8088:80
    depends_on:
      - mariadb
      - onlyoffice
      - av
    volumes:
      - /home/nextcloud/html:/var/www/html
      - /home/nextcloud/data:/var/www/html/data
      - clamsocket:/var/run/clamav/
      - clamav_db:/var/lib/clamav/
    environment:
      - <env edited>
    restart: always
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "5"
    networks:
      - frontend
      - backend

but where do I define the value for clamsocket and clamav_db (should indeed be respectively /home/clamav/ and /home/clamav/data in my case)?

Thanks in advance for the precisions!

This is Virus DB and according to the documentation it is better to point it to the local persistent storage. I would keep is simple and just map whatever you need, e.g. my containers are saved under /var/docker/, so I use following config:

Socket is a bit different and should be shared between containers, when you e.g. nextcloud and clamav both are in containers, in this case simply use example from above:

OK, thanks for the precision! What about the CLAMD_SETTINGS_CSV=LocalSocket=/var/run/clamav/clamd.ctl which I found in other compose file with socket? Is it relevant in this case?

As I point in Pull Request above this is a rest of unofficial and unsupported Image setup, fell free to remove it. Pull Reqest is already merged, and what we discussed here is part of official Documentation. Scroll till “docker, docker-compose”: Antivirus scanner — Nextcloud latest Administration Manual latest documentation

Hi @gas85!

I’ve installed the Clamav image but cannot configure Nextcloud to use the socket: /var/run/clamav (clamsocket) is empty, although Nextcloud properly detects /var/run/clamav/clamd.ctl in the “Socket” field, as in the documentation you pointed me to.

Cannot connect to "/var/run/clamav/clamd.ctl": No such file or directory (code 2)

Should I manually start the service or create the clamd.ctl file?

Thanks in advance for your help!

No, it should be created by the service.
Try few simple steps to troubleshoot this.

1. Check logs of clamav. Is there something that it could not create socket?

docker logs clamav

2. Check if socket was exposed is inside of clamav container? Folder should not be emtpy.

docker exec clamav ls -la /var/run/clamav/

3. Check if socket is accessible to nextcloud and our configuration is correct

docker exec nextcloud ls -la /var/run/clamav/

For me file was clamd.sock, not clamd.ctl.

Hi Georgy,

Here’s what I got:

• docker logs clamav: gives a whole bunch of

Starting ClamAV
Socket for clamd not found yet, retrying (13/1800) ...Fri Sep 24 05:48:35 2021 -> !LOCAL: Socket file /run/clamav/clamd.sock could not be bound: Permission denied
Fri Sep 24 05:48:35 2021 -> !Can't unlink the socket file /run/clamav/clamd.sock
Socket for clamd not found yet, retrying (1800/1800) ...
Failed to start clamd
Starting ClamAV
Socket for clamd not found yet, retrying (13/1800) ...Fri Sep 24 06:18:40 2021 -> !LOCAL: Socket file /run/clamav/clamd.sock could not be bound: Permission denied

• docker exec clamav ls -la /var/run/clamav/ returns:

total 4
drwxr-xr-x    3 root     root            60 Sep 23 16:57 .
drwxr-xr-x    1 root     root          4096 Sep 23 17:15 ..
drwxr-xr-x    2 root     root            40 Sep 23 16:57 clamd.ctl

• docker exec nextcloud ls -la /var/run/clamav/ returns:

total 8
drwxr-xr-x 3 root root   60 Sep 23 16:57 .
drwxr-xr-x 1 root root 4096 Sep 23 17:16 ..
drwxr-xr-x 2 root root   40 Sep 23 16:57 clamd.ctl

Obviously, the .ctl file is accessible from both containers, however it belongs to root, not www-data. I’ve tried to restart the clamav container but to no avail.

Should I deleted the clamd.ctl file and manually create the clamd.sock you were expecting?

Thanks for your help which is greatly appreciated!

I think it is permissions question. I believe that nextcloud somehow overtook this folder with own user and than clamav could not write to it. Or something similar. Try to add chmod 777 to this folder inside of container and restart clamav. E.g.

docker exec clamav chmod 777 /var/run/clamav/
docker restart clamav

SUCCESS! You guessed right! Chmod’ing the folder and restarting the container just created a /var/run/clamav/clamd.sock file, so I just modified the default Nextcloud setting clamd.ctl → clamd.sock and it runs fine!

It’s not the first time I stumble upon faulty default settings in Nextcloud (had a major issue with default OfficeOnline base plugin installed, even with no OfficeOnline app, colliding with OnlyOffice app), I will definitely question any setting now!

Thank you so much for your help and patience! Have a good day!

Better than chmod 777 /var/run/clamav, I suggest chown clamav:clamav /var/run/clamav.