Beiträge von oem111

Hello experts,

I have recently updated my Microsoft accounts password and now everything seems to be broken.

Steps already done:

1. Change my ovm-password for this user aswell

2. Force updating samba password using smbpasswd

Until last month I could directly access my SMB shares by entering the UNC path or mapping the drive with Windows 10.

Now I always receive a prompt for my credentials.

But my syslog does not log any check_ntlm_password event

Before my password change I have mapped my username with my Microsofts account e-mail address using the samba user map function.

username map = /etc/samba/smbusers

Username = mail@domain.com

The Windows eventlog sending out events, but the samba service does not receive the request.

I also do not see any trace of my e-mail address in the samba log anymore, as if its not used anymore by my Windows 10 system.

I tried nearly everything to restore my old situation, where I did not have to enter any password, because credentials were matching.

I have tried increase the SMB level, increases the log level to find anything, setting the NTLMv2 Mode.

Nothing helps.

The only thing I see, is that the first connection request seems to be always anonymous.

Windows is either not sending the user account information to my OMV or Samba did not read it correctly.

When I enter my credentials, with either my user name or the e-mail address, and the correct password, everything works.

But the benefit from having the same credentials in Windows and OMV is gone.

Does someone may have any clue on this?

KR

oem111

Hi,

thanks for the advice with the mail.
I may test this aswell.

So my Investigation took a Little while but I found the SALT scripts that were generating the cron files.

For now I added the log paramter into the file
/var/cache/salt/minion/files/base/omv/deploy/clamav/files/cron-clamdscan-script.j2



old Line 22:
{{ separator }}"{{ salt['omv_conf.get_sharedfolder_path'](job.sharedfolderref) }}" & wait $!

new Line 22:

{{ separator }}"{{ salt['omv_conf.get_sharedfolder_path'](job.sharedfolderref) }}" --log="/tmp/scan_{{ salt['omv_conf.get_sharedfolder_name'](job.sharedfolderref) }}.log" & wait $!

Now the scheduled Tasks are generated with the Log Parameter as well.

I also changed /tmp with my actual samba share, so I can read them directly in Windows.

Thanks.

oem111

Hello and thanks for this first hint.


So I what I was seeing, If I start a "scheduled job" from the "Antivirus" Section in the WebGUI, the /var/log/clamav/clamav.log does not look different.

The scan summary is not listed in the calmav.log either.

The result of the running scheduled task, if I am logging into the web console, is show in popup and it contains a readable filename. See attachment
And according to Firefox the output is read from a file in /tmp.

See screenshot tmp_bgstatus.


The section "system logs" only read the calmav.log as it is the FD syntax only.

Whoever, these scheduled task will run unattended at night so I will never see this result.


It seems to me that the stdout of the scheduled task will be dropped.

So I was searching deeper in the system and found the cronfile that is performing the jobs and votdev said, it is also performed with --fdpass.

in Example: /var/lib/openmediavault/cron.d/clamdscan-19f590cd-4404-4ea2-8a8f-5743c44869e4

Just for testing I modified the cronfile, knowning that zThese changes will be overwritten by OMV.
However I was able to add --log=/tmp/test1 to the command and received a log file in /tmp

omv_log "Please wait, scanning shared folder <Docker> ...\n"

clamdscan --fdpass --stdout --multiscan --verbose "/srv/dev-disk-by-label-SSDRaid/Docker/" --log=/tmp/test1 & wait $!

omv_log "\nThe scan has completed successfully."

The output of the WebGUI poup is still working.

So if the developer of the plugin could add the possibilty to define an additional logfile, adding the --log parameter to the cron-file I would my issues would be solved.

For now I will add the --log to all my clamav cronjobs till they get overwritten.

As for know my decision was to use the HyperV pass through and use the RAID function / software raid from OMV.

Currently running totaly smooth.

Hello,

I have a question for those of you how uses the CLAMAV Plugin.

My log /var/log/clamav/clamav.log looks all like this:

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

Tue Apr 21 21:10:28 2020 -> fd[10]: OK

If have tested the EICAR Testfile ( see: https://easyengine.io/tutorial…server/testing/antivirus/ ) and put the file to /tmp.

Now I scanned using this command: sudo clamdscan /tmp/ --fdpass

This is how the log looks.

Tue Apr 21 21:17:40 2020 -> fd[10]: Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND

I do not now why or how I can get to see the filename. I mean, its nice to see a warning that a virus is detected, but with a log like this I dont know with file caused the alert.

Has someone a hint on how I can see the filename.


My environment:

OMV 5.39.x
CLAMAV Plugin: openmediavault-clamav 5.0.9-1

HardDisk are 2 SSDs in Raid1 (SoftRaid by OMV) and formated in EXT4


Here my conf file

root@MYNAS:/tmp# cat /etc/clamav/clamd.conf

# This file is auto-generated by openmediavault (https://www.openmediavault.org)

# WARNING: Do not edit this file, your changes will get lost.

LocalSocket /run/clamav/clamd.ctl

FixStaleSocket true

LocalSocketGroup clamav

LocalSocketMode 666

AlertEncrypted false

AlertEncryptedArchive false

AlertEncryptedDoc false

MaxDirectoryRecursion 15

FollowDirectorySymlinks False

FollowFileSymlinks False

ReadTimeout 120

MaxThreads 3

MaxConnectionQueueLength 15

LogSyslog false

LogRotate false

LogFacility LOG_LOCAL6

LogClean false

LogVerbose false

DatabaseDirectory /var/lib/clamav

SelfCheck 3600

Foreground false

Debug false

ScanPE True

MaxEmbeddedPE 10M

ScanOLE2 True

ScanPDF False

ScanHTML True

MaxHTMLNormalize 10M

MaxHTMLNoTags 2M

MaxScriptNormalize 5M

MaxZipTypeRcg 1M

ScanSWF true

ScanELF True

ScanArchive False

ScanMail false

AlertBrokenExecutables False

ExitOnOOM false

LeaveTemporaryFiles false

HeuristicAlerts True

IdleTimeout 30

PhishingSignatures true

PhishingScanURLs false

AlertPhishingSSLMismatch false

AlertPhishingCloak false

AlertPartitionIntersection false

DetectPUA False

ScanPartialMessages false

HeuristicScanPrecedence false

StructuredDataDetection false

CommandReadTimeout 30

SendBufTimeout 500

MaxQueue 100

ExtendedDetectionInfo true

AlertOLE2Macros false

AllowAllMatchScan true

ForceToDisk false

DisableCertCheck false

DisableCache false

MaxScanSize 100M

MaxFileSize 25M

MaxRecursion 16

MaxFiles 10000

MaxPartitions 50

MaxIconsPE 100

PCREMatchLimit 10000

PCRERecMatchLimit 5000

PCREMaxFileSize 25M

ScanXMLDOCS true

ScanHWP3 true

MaxRecHWP3 16

StreamMaxLength 25M

LogFile /var/log/clamav/clamav.log

LogTime true

LogFileUnlock false

LogFileMaxSize 0

Bytecode true

BytecodeSecurity TrustSigned

BytecodeTimeout 60000

OfficialDatabaseOnly false

CrossFilesystems true

VirusEvent /bin/run-parts --lsbsysinit -- /etc/clamav/virusevent.d/

User clamav

OnAccessMaxFileSize 100M

OnAccessMaxThreads 5

OnAccessDisableDDD false

OnAccessPrevention true

OnAccessExtraScanning true

OnAccessExcludeUname clamav

OnAccessRetryAttempts 3

Any help is welcome.

oem111

Hello to all of you in the community,


I have build some test VMs lately running openmediavault 5.0.5,

Last weekend my new server, a Dell T30 arrived and I migrated my old HyperV 2012 to an all new HyperV 2016.

Main reason for the hypervisor OS is running additional systems, mostly Linux based, and have some workspace for OS testing.

One of the key changes will be the shutdown of on old Windows Server 2008R2.
Clients are 3 Windows 10 PCs.

My new T30 System is up and running with currently 8GB RAM ECC, still waiting for the delivery of the additional 8GB to make it 16GB ECC in total.
CPU ist Xeon 1225v5 with 4 Cores.

The HyperV-OS is located on a separate SSD with 240GB. For Storage I have two SDDs with 2TB attached to the server.
The original 1TB Dell enterprise HDD will be sorted out afterwards. Openmediavault 5.3.7 is installed and running in a VM.

Most config is done, I only need to setup the storage and raise hell.

Bow I kind of searching for some options.

1. Would be to make use of the Dell T30 / Intel raid controller and pair the 2 SSDs with 2TB into a RAID1.

This would leave me with two options
1.a - Create a VHDX and assign it to the openmediavault VM

1.b - Use physical disk pass through and give openmediavault exclusive access to the RAID1-volume.

2. Option 2 would be to ignore the raid controller and use physical disk pass through. So that openmediavault could create a software raid 1 on its on.

Regardless of the option for filesystem I would use EXT4 as I do nothing about BTRFS and would say that currently RAID1+EXT4 should be the solution this less administrative work.

Does anyone have some experience or additional options for me?
Am I missing something?

Your feedback is requested.

KR

oem111