Clamav clamscan or clamdscan - run in pod or TrueNAS native?

Dear all -

during the past I used clamav Truecharts running in a pod at Cobia - now I changed this app to Clamav TrueNAS community edition, after my Dragonfish update.

I mounted the “need-to-scan” folder of my dataset to the clamav pod’s /scandir folder with using the host path option at setup page:

I set uid 568 for clamav app (default) and set “apps” user with read/write privileges recursively on this specific “need-to-scan” dataset path. If I would like to initiate a scan from outside (eg. from TrueNAS shell) to a specific file with clamscan via the clamav pod, it works as you can see below.

However, if I would like to use clamdscan because of the multi-core cpu scan (its evident that clamdscan a lot faster than clamscan) - it simply not working for the same file/folder, drops a “File path check failure: Permission Denied. ERROR.” message.

With clamav TrueNAS community edition, I don’t have a chance to change run user to “root” because this option isn’t exist on the config page. Then I learned the “- -fdpass” option, which parameter could be used for clamav if the run user is different than the “need-to-scan” folder’s owner/group. This is working, however it’s just a workaround.

Should I leave fdpass for clamdscan as it is used right now, when I’m setting up the cron for the automatized scan?

2nd question: is it possible somehow to add more “need-to-scan” host path to a different scandir folder (like a 2nd dataset path to /scandir2) ?

Anyway: does it make any sense to run clamav as an app in a pod, if I only want to scan my datasets on the NAS host itself not in other pods - or is it better to install clamav directly on TrueNAS and set up cron for it on opsys level?

Unless some has tested exactly the same things, you may not get a direct answer.

My guess would be running as an App without a pod is best.
If you try it, you can report problems.

With Electric Eel, the Apps have improved, but its BETA only. Use if you have a test system.

1 Like