ClamAV daemon image.

clamd/.dockerignore

+*
+!entrypoint
+!clamd.conf
+!clamd-ping
+!clamd-update

clamd/Dockerfile

+FROM debian:stretch-slim
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        clamav-daemon \
+        clamav-freshclam \
+        netcat-openbsd \
+        procps \
+    && \
+    freshclam --verbose --stdout && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
+COPY --chown=root:root clamd.conf /etc/clamav/
+RUN clamconf -n
+COPY --chown=root:root entrypoint /entrypoint
+COPY --chown=root:root clamd-ping clamd-update /usr/local/bin/
+EXPOSE 3310
+VOLUME /run/clamav
+ENTRYPOINT [ "/entrypoint" ]
+CMD [ "clamd" ]
+HEALTHCHECK CMD clamd-ping

clamd/README.md

+# clamd
+
+> ClamAV container image.
+
+## Exposed interfaces
+
+The daemon is accessible over TCP at port 3310 and over the `clamd.ctl` Unix
+socket in the `/run/clamav` volume.
+
+## Updates
+
+The image comes with an updated virus database from the time the image was
+built. To update the database run `clamd-update` from inside the container with
+`docker exec` (there's no need to restart the container afterwards). For an
+example see the [Cron image](../crond) inside this project.
+
+## License
+
+This software is licensed under the MIT license (see `LICENSE.txt`).
+
+## Author Information
+
+Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my [website](
+https://www.shore.co.il/). Patches are welcome via [`git send-email`](
+http://git-scm.com/book/en/v2/Git-Commands-Email). The repository is located
+at: <https://www.shore.co.il/git/>.

clamd/clamd-ping

+#!/bin/sh
+set -eux
+
+echo PING | nc -U /run/clamav/clamd.ctl || exit 1
+echo PING | nc -t localhost 3310 || exit 1
+exit 0

clamd/clamd-update

+#!/bin/sh
+set -eux
+
+i=0
+while ! clamd-ping
+do
+    i=$(( i + 1 ))
+    [ "$i" -lt '5' ] || exit 1
+    sleep 10
+done
+
+freshclam --verbose --stdout
+#echo RELOAD | nc -U /run/clamav/clamd.ctl

clamd/clamd.conf

+#Automatically Generated by clamav-daemon postinst
+#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
+#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
+LocalSocket /var/run/clamav/clamd.ctl
+FixStaleSocket true
+LocalSocketGroup clamav
+LocalSocketMode 666
+# TemporaryDirectory is not set to its default /tmp here to make overriding
+# the default with environment variables TMPDIR/TMP/TEMP possible
+User clamav
+ScanMail true
+ScanArchive true
+ArchiveBlockEncrypted false
+MaxDirectoryRecursion 15
+FollowDirectorySymlinks false
+FollowFileSymlinks false
+ReadTimeout 180
+MaxThreads 12
+MaxConnectionQueueLength 15
+LogFacility LOG_LOCAL6
+LogClean false
+LogVerbose false
+PreludeEnable no
+PreludeAnalyzerName ClamAV
+DatabaseDirectory /var/lib/clamav
+OfficialDatabaseOnly false
+SelfCheck 0
+Foreground true
+Debug false
+ScanPE true
+MaxEmbeddedPE 10M
+ScanOLE2 true
+ScanPDF true
+ScanHTML true
+MaxHTMLNormalize 10M
+MaxHTMLNoTags 2M
+MaxScriptNormalize 5M
+MaxZipTypeRcg 1M
+ScanSWF true
+DetectBrokenExecutables false
+ExitOnOOM false
+LeaveTemporaryFiles false
+AlgorithmicDetection true
+ScanELF true
+IdleTimeout 30
+CrossFilesystems true
+PhishingSignatures true
+PhishingScanURLs true
+PhishingAlwaysBlockSSLMismatch false
+PhishingAlwaysBlockCloak false
+PartitionIntersection false
+DetectPUA false
+ScanPartialMessages false
+HeuristicScanPrecedence false
+StructuredDataDetection false
+CommandReadTimeout 5
+SendBufTimeout 200
+MaxQueue 100
+ExtendedDetectionInfo true
+OLE2BlockMacros false
+ScanOnAccess false
+AllowAllMatchScan true
+ForceToDisk false
+DisableCertCheck false
+DisableCache false
+MaxScanSize 100M
+MaxFileSize 25M
+MaxRecursion 16
+MaxFiles 10000
+MaxPartitions 50
+MaxIconsPE 100
+PCREMatchLimit 10000
+PCRERecMatchLimit 5000
+PCREMaxFileSize 25M
+ScanXMLDOCS true
+ScanHWP3 true
+MaxRecHWP3 16
+StreamMaxLength 25M
+LogTime true
+LogFileUnlock false
+LogFileMaxSize 0
+Bytecode true
+BytecodeSecurity TrustSigned
+BytecodeTimeout 60000
+TCPSocket 3310
+TCPAddr 0.0.0.0

clamd/entrypoint

+#!/bin/sh
+set -eux
+
+install -d -m 755 -o clamav -g clamav /run/clamav
+
+eval exec "$@"