Hello,
I am using NixOS on my Desktop for a while, but I am not an experienced user. Now, I am playing around with clamav, which is easy to set up as an on demand scanner. Unfortunately, I need something which scans my folders automatically for viruses. Thankfully, I found in the Arch wiki a guide I tried to implement on NixOS.
Therefore, I configured the clamav daemon in the /etc/nixos/configuration.nix with:
#edit sudoers
security.sudo.extraConfig =
''
clamav ALL = (ALL) NOPASSWD: SETENV: /run/current-system/sw/bin/notify-send
'';
#clamav
services.clamav.updater.enable = true;
services.clamav.daemon.enable = true;
services.clamav.daemon.settings = {
OnAccessMountPath = "/home/user/Downloads";
OnAccessPrevention = false;
OnAccessExtraScanning = true;
OnAccessExcludeUname = "clamav";
VirusEvent = "/etc/clamav/virus-event.bash";
User = "clamav";
};
and created the file /etc/clamav/virus-event.bash with the content
#!/bin/sh
ALERT="Signature detected by clamav: $CLAM_VIRUSEVENT_VIRUSNAME in $CLAM_VIRUSEVENT_FILENAME"
touch /tmp/virus
# Send an alert to all graphical users.
for ADDRESS in /run/user/*; do
USERID=${ADDRESS#/run/user/}
sudo -u "#$USERID" DBUS_SESSION_BUS_ADDRESS="unix:path=$ADDRESS/bus" \
notify-send -i dialog-warning "Virus found!" "$ALERT"
done
I can rebuild NixOS without error. Then I tested the system with a virus test file which I copied to the download folder. It gets recognized by clamscan if I run it manually, but not by the daemon. I assume this, because no /tmp/virus file is created, which I defined in the /etc/clamav/virus-event.bash file. Oh, and if I run the /etc/clamav/virus-event.bash script manually, it is doing its job. So what am I doing wrong on setting up the clamav daemon?
Thanks for your support
Nix is just so beautiful. Thank you both for the hard work, and thank you for this module! Just what I was looking for.