How to use clamAV in nixos

igel · June 16, 2022, 4:46am

 - system: `"x86_64-linux"` 
 - host os: `Linux 5.15.43, NixOS, 22.05 (Quokka), 22.05.866.1f8d88087a3` 
 - multi-user?: `yes` 
 - sandbox: `yes` 
 - version: `nix-env (Nix) 2.8.1` 
 - channels(root): `"home-manager-22.05.tar.gz, nixos-22.05"` 
 - channels(usera): `""` 
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

nix-env -i clamav # clamav-0.105.0

clamscan ./Downloads/x.iso
LibClamAV Error: cl_load(): No such file or directory: /nix/store/gxpwmgmxp76z78cl5cam1dp9wwlwnljs-clamav-0.105.0/share/clamav

ls -lah /nix/store/gxpwmgmxp76z78cl5cam1dp9wwlwnljs-clamav-0.105.0/share/
total 16K
dr-xr-xr-x 4 root root 4,0K Jan  1  1970 .
dr-xr-xr-x 7 root root 4,0K Jan  1  1970 ..
dr-xr-xr-x 3 root root 4,0K Jan  1  1970 doc
dr-xr-xr-x 5 root root 4,0K Jan  1  1970 man

diego · June 16, 2022, 7:07am

I recently configured it and while the configuration itself was pretty simple, I had to restart the shell for the command to be available and I had to manually run sudo freshclam the first time.

igel · June 17, 2022, 6:52pm

nixos-rebuild results switch in:

starting the following units: accounts-daemon.service
the following new units were started: clamav-freshclam.timer
warning: the following units failed: clamav-daemon.service

× clamav-daemon.service - ClamAV daemon (clamd)
     Loaded: loaded (/etc/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2022-06-17 20:45:49 CEST; 1min 30s ago
    Process: 740557 ExecStartPre=/nix/store/x4hcqp2gfav46cd0gq31biii7gsrvv1p-unit-script-clamav-daemon-pre-start/bin/clamav-daemon-pre-start (code=exited, status=0/SUCCESS)
    Process: 740560 ExecStart=/nix/store/gxpwmgmxp76z78cl5cam1dp9wwlwnljs-clamav-0.105.0/bin/clamd (code=exited, status=1/FAILURE)
   Main PID: 740560 (code=exited, status=1/FAILURE)
         IP: 0B in, 0B out
        CPU: 15ms

Jun 17 20:45:49 nixosP34 systemd[1]: Starting ClamAV daemon (clamd)...
Jun 17 20:45:49 nixosP34 systemd[1]: Started ClamAV daemon (clamd).
Jun 17 20:45:49 nixosP34 clamd[740560]: LibClamAV Error: cl_load(): No such file or directory: /var/lib/clamav
Jun 17 20:45:49 nixosP34 clamd[740560]: ERROR: Can't get file status
Jun 17 20:45:49 nixosP34 systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE
Jun 17 20:45:49 nixosP34 systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.

diego · June 18, 2022, 9:43am

Yes, same as happened to me. I’m fairly sure that the service being toast will not prevent the switch to happen, so now you should have the binaries available to manually run sudo freschclam (the command that downloads the database). Fairly sure is not intended behavior (ClamAV service should work without manual intervention, right?) but it’s the best I could come up with.