Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
antivirus [2018_07_26 13:07] jimantivirus [2025_07_29 22:34] (current) – [Checking ClamAV Service Logs] steven
Line 1: Line 1:
 # Virus Scanning Protection # Virus Scanning Protection
 +Last updated: Jul 29, 2025
  
-The Enterprise File Fabric prevents the downloading and sharing of malicious files through a ‘scan on write’ approach. As files are uploaded they are scanned. If a virus is detected, the upload fails, and an error is returned immediately to the user or application.+<WRAP center round info 100%> 
 +**NOTE:** This guide is for Access Anywhere 2402.1 and above.  For versions before 2402.1 see [[antivirus-pre2402.1|]] 
 +</WRAP> 
 + 
 +Access Anywhere prevents the downloading and sharing of malicious files through a ‘scan on write’ approach. As files are uploaded they are scanned. If a virus is detected, the upload fails, and an error is returned immediately to the user or application.
  
 {{::antivirus:file-mgr_file-infected-error.png?800|}} {{::antivirus:file-mgr_file-infected-error.png?800|}}
Line 9: Line 14:
     File solution-brief.pdf uploaded to My Cloud files/mybucket. Scanned with antivirus ClamAV 0.99.2/24143/     File solution-brief.pdf uploaded to My Cloud files/mybucket. Scanned with antivirus ClamAV 0.99.2/24143/
  
-ClamAV is the officially supported virus scanner available for use with the File Fabric. ClamAV is a high performance multi-threaded daemon supporting many file formats including file and archive unpacking.+ClamAV is the officially supported virus scanner available for use with Access Anywhere. ClamAV is a high performance multi-threaded daemon supporting many file formats including file and archive unpacking.
  
-In High Availability environments each appliance will run a local ClamAV service (as configured by default).  Files added outside of the File Fabric, directly to the external storage and discovered through provider synchronization, are not scanned.+In High Availability environments each appliance serving web traffic will be required to run a local ClamAV service.  Files added outside of Access Anywhere, directly to the external storage and discovered through provider synchronization, are not scanned.
  
-Works with:+<WRAP center round info 100%> 
 +Files larger than 1.5GB will be uploaded without being scanned, and only the first 1.5GB of files that expand during scanning to more than 1.5GB will be scanned. 
 +</WRAP>
  
-* Enterprise Appliance (since 1712.00) 
  
-## Configuration+## Service Configuration
  
-The virus scanning of uploads is a configuration option for the organization. The option is available when added to the user package.+ClamAV must first be enabled and configured on each web node.  
 +## 1. Start and Enable ClamAV 
 + 
 +SSH to the appliance as user smeconfiguser, then become root 
 + 
 +    su - 
 + 
 +Start the Antivirus container.  It will automatically restart on reboots: 
 + 
 +    cd /var/www/smestorage/containers/clamav 
 +    docker compose up -d 
 +     
 +Next verify that it is running and enabled: 
 +**NOTE:** It might take 60+ seconds for the health to change from **starting** to **healthy** 
 + 
 +    # docker compose ps 
 +    NAME      IMAGE                                                COMMAND   SERVICE   CREATED          STATUS                             PORTS 
 +    clamav    registry.storagemadeeasy.com/clamav/clamav:1.4.3-3   "/init"   clamav    38 seconds ago   Up 37 seconds (healthy)   3310/tcp, 7357/tcp 
 + 
 + 
 +## 2. Verify Appliance Integration with ClamAV 
 + 
 +The appliance configuration file can be found at: 
 + 
 +    /var/www/smestorage/public_html/config.inc.php 
 + 
 +Verify that the settings below are configured as shown: 
 + 
 +    var $enableantivirus = 1; 
 +    var $clamavsocketpath = '/var/clamav/clamd.sock'; 
 + 
 +## Enabling ClamAV for Organizations 
 +The virus scanning of uploads is a configuration option for organizations. The option is available when added to the user package.
  
 ## 1. Adding the ClamAV Option to a User Package ## 1. Adding the ClamAV Option to a User Package
Line 34: Line 72:
  
 ## Troubleshooting ## Troubleshooting
 +### Checking ClamAV Service Logs
 +Once started the ClamAV service will generate log data.
  
-### Checking that the ClamAV Service is On +To review the ClamAV logs
-The ClamAV service is preinstalled on the appliance and is enabled and running by default.+
  
-To verify ClamAV has been running successfully check the last entries in the log:+    docker logs -f clamav
  
-    $ tail /var/log/freshclam.log 
-    ... 
-    Fri Feb 2 00:34:21 2018 -> SelfCheck: Database status OK 
- 
-Use systemctl to verify ClamAV is both enabled (that is, will startup on boot), and running: 
- 
-    $ systemctl status clamd@scan 
-    Loaded: loaded (/usr/lib/systemd/system/clamd@scan.server; enabled;...  
-    Active: active (running) 
- 
-If needed, to stop, start, enable, disable or restart run systemctl as root: 
- 
-    systemctl restart clamd@scan 
  
 #### Configuration #### Configuration
Line 58: Line 84:
 ClamAV configuration settings can be found at: ClamAV configuration settings can be found at:
  
-    /etc/clamd.d/scan.conf+    /var/www/smestorage/containers/clamav/clamd.conf
  
 ### Checking Virus Signatures are Fresh ### Checking Virus Signatures are Fresh
Line 64: Line 90:
 The Freshclam application updates the antivirus signature database. It is preinstalled on the appliance and by default is scheduled to run once an hour. The Freshclam application updates the antivirus signature database. It is preinstalled on the appliance and by default is scheduled to run once an hour.
  
-To verify Freshclam has been running successfully check the last entries in the log:+To verify Freshclam has been running successfully check the definition version and date
  
-    tail /var/log/freshclam.log+    # docker exec -it clamav clamd --version 
 +    ClamAV 1.4.3/27713/Mon Jul 28 08:36:30 2025
  
-To verify the connection to the online database (and update definitions) run as root: 
  
-    freshclam +In the output above ClamAV is running version 1.4.3 with a virus definition version of 27713 which was published on Mon Jul 28 08:36:30 2025
- +
-By default virus definitions are updated once an hour (see /etc/crontab). +
- +
-    47  *  *      * root /usr/bin/freshclam --quiet +
- +
-#### Configuration +
- +
-Freshclam can be configured through the file: +
- +
-    /var/www/smestorage/config/clamd/freshclam.conf +
- +
-### Checking Appliance Integration with ClamAV +
- +
-This configuration file can be found at: +
- +
-    /var/www/smestorage/public_html/config.inc.php +
- +
-Make sure the following settings are present: +
- +
-    var $enableantivirus = 1; +
-    var $clamavsocketpath = '/var/run/clamd.scan/clamd.sock';+
  
 ### Error: Socket Operation Failed ### Error: Socket Operation Failed
© Copyright 2025 Nasuni.