Skip to content
Snippets Groups Projects
Commit 754b3cea authored by nimrod's avatar nimrod
Browse files

ClamAV daemon image.

parent a02baa9e
No related branches found
No related tags found
No related merge requests found
*
!entrypoint
!clamd.conf
!clamd-ping
!clamd-update
FROM debian:stretch-slim
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
clamav-daemon \
clamav-freshclam \
netcat-openbsd \
procps \
&& \
freshclam --verbose --stdout && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
COPY --chown=root:root clamd.conf /etc/clamav/
RUN clamconf -n
COPY --chown=root:root entrypoint /entrypoint
COPY --chown=root:root clamd-ping clamd-update /usr/local/bin/
EXPOSE 3310
VOLUME /run/clamav
ENTRYPOINT [ "/entrypoint" ]
CMD [ "clamd" ]
HEALTHCHECK CMD clamd-ping
# clamd
> ClamAV container image.
## Exposed interfaces
The daemon is accessible over TCP at port 3310 and over the `clamd.ctl` Unix
socket in the `/run/clamav` volume.
## Updates
The image comes with an updated virus database from the time the image was
built. To update the database run `clamd-update` from inside the container with
`docker exec` (there's no need to restart the container afterwards). For an
example see the [Cron image](../crond) inside this project.
## License
This software is licensed under the MIT license (see `LICENSE.txt`).
## Author Information
Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my [website](
https://www.shore.co.il/). Patches are welcome via [`git send-email`](
http://git-scm.com/book/en/v2/Git-Commands-Email). The repository is located
at: <https://www.shore.co.il/git/>.
#!/bin/sh
set -eux
echo PING | nc -U /run/clamav/clamd.ctl || exit 1
echo PING | nc -t localhost 3310 || exit 1
exit 0
#!/bin/sh
set -eux
i=0
while ! clamd-ping
do
i=$(( i + 1 ))
[ "$i" -lt '5' ] || exit 1
sleep 10
done
freshclam --verbose --stdout
#echo RELOAD | nc -U /run/clamav/clamd.ctl
#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PreludeEnable no
PreludeAnalyzerName ClamAV
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 0
Foreground true
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
CrossFilesystems true
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
ScanOnAccess false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StreamMaxLength 25M
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
TCPSocket 3310
TCPAddr 0.0.0.0
#!/bin/sh
set -eux
install -d -m 755 -o clamav -g clamav /run/clamav
eval exec "$@"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment