How to get ClamAV to scan my Nextcloud Folder

  • I have the ClamAV plugin installed on OMV 4.whateveriscurrent. I have scheduled scans for a different folder each night. Only one folder has a problem, get a "Permission Denied" response. That folder is Nextcloud, which is running in docker (with my UID/GID).


    The other folders that scan fine have the following permissions:
    rwxrwsr-x
    Owner: root
    Group: users


    Nextcloud folder has the following permissions:
    rwxrwx---
    Owner: My user
    Group: users


    I'd like to be able to scan this folder once a week, since my father-in-law is dumping all his files off his 32 (seriously) thumb drives. He has not really been security conscious in the past, and want to make sure he's not trying to infect my server.


    Is there a way to set permissions/add clamav to a group that will allow it to scan this folder WITHOUT breaking my Nextcloud?

    Is this old airplane safe to fly? How in the world do you think it got to be this old?

  • So, as it turns out - some update to ClamAV may have changed something because now it will not scan any folders. I've tried adding user clamav to users group, added AllowSupplmentaryGroups true to clamd.conf and now I'm running out of ideas.


    SSH'ing into my OMV machine, and running clamdscan --fdpass works, however clamdscan doesn't work without fdpass regardless of user group clamav is in. I set up clamav with the plugin, and all my scheduled scans are in the plugin. Is there a way to change those scheduled scans so that --fdpass gets sent?

    Is this old airplane safe to fly? How in the world do you think it got to be this old?

  • OK, in case someone else runs into this problem - I finally got everything up and scanning correctly with the help of several webpages and the Arch Wiki. Looking at the syslog, it looks like ClamAV was being blocked by Apparmor (which makes sense, because I just installed updates on Sunday). Arch Wiki had the fix for that.


    SSH in, and either use su, sudo, or log in as root and type:

    Code
    aa-complain clamd
    nano /etc/clamav/clamd.conf

    The first line sets apparmor to complain vice deny clamd. The second line is editing your clamd configuration file to run as a different user. I used nano, but you can use whatever editor you prefer. Scroll down to "User" and change clamav to root. Finally, type:

    Code
    /etc/init.d/clamav-daemon restart

    This restarts the clamav daemon, and everything (at least in my usecase thus far) works as advertised.

    Is this old airplane safe to fly? How in the world do you think it got to be this old?

  • Hi,


    I've run into a similar issue. I have a new install of OMV5 and I added the Clamav plugin. I setup a job to scan one of my shared folders and when it runs the job fails indicating it does not have permission to access the share.


    I attempted the above steps changing the user to root, but in when I go back to OMV and try running the job I now get a different error message


    "ERROR: Could not connect to clamd on LocalSocket /run/clamav/clamd.ctl: No such file or directory"


    Any thoughts?


    Thanks!
    Tom G.

  • Added note: I did a reset on the services antivirus screen in OMV and I am back to getting the permissions error.


    /srv/dev-disk-by-label-shared01/Documents: lstat() failed: Permission denied. ERROR


    when I looked back at the clamd.conf file it appears that the reset changed the user back to clamav.


    Apparently that's to be expected based on the warning in the second line of the file that reads: # WARNING: Do not edit this file, your changes will get lost.


    Any further thoughts on how to trouble shoot this would be greatly appreciated.


    Thanks!
    Tom G.

  • SOLVED!


    I went into the ACL permissions on each share that I want to virus scan and added clamav read/write permissions.


    All now works!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!