github.com/tiredofit/docker-clamav
About
Dockerfile to build an Clam Antivirus to scan files or mail messages.
- Auto Configuration Support
- Sane Defaults
- Automatic Downlad and update of Virus Definitions
- Ability to load custom definitions
- Log rotation
Maintainer
Table of Contents
- About
- Maintainer
- Table of Contents
- Prerequisites and Assumptions
- Installation
- Configuration
- Maintenance
- Support
- License
Prerequisites and Assumptions
- This container doesn't do much on it's own unless you use an additional service or communicator to talk to it! You can scan files if you'd like by binding a volume inside the container but that is not the intent of this image.
Installation
Build from Source
Clone this repository and build the image with docker build -t (imagename) .
Prebuilt Images
Builds of the image are available on Docker Hub
docker pull docker.io/tiredofit/clamav:(imagetag)Builds of the image are also available on the Github Container Registry
docker pull ghcr.io/tiredofit/docker-clamav:(imagetag)
The following image tags are available along with their tagged release based on what's written in the Changelog:
| Container OS | Tag |
|---|---|
| Alpine | :latest |
Configuration
Quick Start
-
The quickest way to get started is using docker-compose. See the examples folder for a working docker-compose.yml that can be modified for development or production use.
-
Set various environment variables to understand the capabilities of this image.
-
Map persistent storage for access to configuration and data files for backup.
Persistent Storage
The container will look for definition files upon startup in /data and if not found, download them. 6 times a day it will also check for updated definitions.
The following directories are used for configuration and can be mapped for persistent storage.
| Directory | Description |
|---|---|
/data/definitions |
Virus Definitions |
/data/config |
Configuration Files |
/logs |
Log Files |
Environment Variables
Base Images used
This image relies on an Alpine Linux or Debian Linux base image that relies on an init system for added capabilities. Outgoing SMTP capabilities are handlded via msmtp. Individual container performance monitoring is performed by zabbix-agent. Additional tools include: bash,curl,less,logrotate, nano.
Be sure to view the following repositories to understand all the customizable options:
| Image | Description |
|---|---|
| OS Base | Customized Image based on Alpine Linux |
Core Configuration
| Parameter | Description | Default |
|---|---|---|
SETUP_TYPE |
Auto Configure Configuration each startup - Set to MANUAL to disable |
AUTO |
CLAMD_CONFIG_FILE |
Clamd Configuration file | clamd.conf |
CLAMD_LOCAL_SOCKET |
Clamd Socket Name | /run/clamd/clamd.sock |
CLAMD_TEMP_LOCATION |
CLamd Temp Location | /tmp/clamd/ |
CONCURRENT_DATABASE_RELOAD |
Enable non-blocking (multi-threaded/concurrent) database reloads. | TRUE |
DATA_LOCATION |
Base Folder for Data Files | /data/ |
CONFIG_LOCATION |
Folder for Config Files | ${DATA_LOCATION}/config/ |
DEFINITIONS_LOCATION |
Folder for Virus Definitions | ${DATA_LOCATION}/definitions/ |
ENABLE_CLAMD |
Enable ClamD Daemon | TRUE |
ENABLE_LOG_CLAMD |
Enable Logging for Clamd | TRUE |
ENABLE_LOG_FRESHCLAM |
Enable Logging for Definitions Updaer | TRUE |
FRESHCLAM_CONFIG_FILE |
Freshclam Definitions Updater configuration file | freshclam.conf |
FRESHCLAM_DATABASES |
Comma seperated list of additional definitions eg | |
http://www.rfxn.com/downloads/rfxn.ndb,http://www.rfxn.com/downloads/rfxn.hdb |
||
LISTEN_PORT |
ClamD TCP Socket Listen port | 3310 |
LOG_FILE_CLAMD |
ClamD Log File | clamd.log |
LOG_FILE_FRESHCLAM |
Freshclam Log File | freshclam.log |
LOG_PATH |
Logfile locations | /logs/ |
LOG_VERBOSE |
Enable Verbosity in Logs | FALSE |
Virus Definitions Configuration
| Parameter | Description | Default |
|---|---|---|
ENABLE_DEFINITIONS_UPDATE |
Enable Automatic Definitions Updating | TRUE |
DEFINITIONS_UPDATE_FREQUENCY |
How often to check for new Definitions in minutes | 1440 |
DEFINITIONS_UPDATE_BEGIN |
What time to do the first dump. Defaults to immediate. Must be in one of two formats | |
Absolute HHMM, e.g. 2330 or 0415 |
||
Relative +MM, i.e. how many minutes after starting the container, e.g. +0 (immediate), +10 (in 10 minutes), or +90 in an hour and a half |
Virus Scanning Settings
| Parameter | Description | Default |
|---|---|---|
DISABLE_CERT_CHECK |
Disable PE Cert Checks | TRUE |
ENABLE_ALGORITHMIC_DETECTION |
Enable Algorithmic Detection | TRUE |
ENABLE_BYTECODE |
Enable Bytecode Checks | TRUE |
ENABLE_DETECT_PUA |
Detect PUA | TRUE |
ENABLE_PHISHING_SCAN_URLS |
Scan URLs for Phishing | TRUE |
ENABLE_PHISHING_SIGNATURES |
Scan for signatures related to Phishing | TRUE |
ENABLE_SCAN_ARCHIVE |
Scan Archives | TRUE |
ENABLE_SCAN_ELF |
Scan ELF files | TRUE |
ENABLE_SCAN_HTML |
Scan HTML Files | TRUE |
ENABLE_SCAN_MAIL |
Scan Mail Files | TRUE |
ENABLE_SCAN_OLE2 |
Scan OLE2 Files | TRUE |
ENABLE_SCAN_PDF |
Scan PDF Files | TRUE |
ENABLE_SCAN_PE |
Scan PE Files | TRUE |
ENABLE_SCAN_SWF |
Scan SWF Files | TRUE |
EXCLUDE_PUA |
Comma Seperated Values of PUA formats to exclude | NetTool,PWTool |
INCLUDE_PUA |
Comma Seperated Values of PUA formats to exclude | (null) |
Scanning Limits
| Parameter | Description | Default |
|---|---|---|
MAX_EMBEDDEDPE |
Max filesize Embedded PE | 10M |
MAX_FILE_SIZE |
Max file to scan | 25M |
MAX_FILES |
Max files to scan | 10000 |
MAX_HTMLNORMALIZE |
Max HTML Normalize | 10M |
MAX_HTMLNOTAGS |
Max HTML No Tags | 2M |
MAX_ICONSPE |
Max IconsPE | 100 |
MAX_PARTITIONS |
Max Partitons to Scan | 50 |
MAX_RECHWP3 |
Max Recursive HWP3 | 16 |
MAX_RECURSION |
Max Folder Recursion | 16 |
MAX_SCAN_SIZE |
Max Scan Size | 100M |
MAX_SCRIPTNORMALIZE |
Max Script Normalize Scan | 5M |
MAX_THREADS |
Max Scanning Threads | 10 |
MAX_ZIPTYPERCG |
Max Zip type Recursive | 1M |
PCRE_MATCH_LIMIT |
PCRE Match Limit | 10000 |
PCRE_MAX_FILE_SIZE |
PCRE Max File Size | 25M |
PCRE_RECMATCH_LIMIT |
PCRE REcursive Max Limit | 2000 |
STREAM_MAX_LENGTH |
Max stream size to scan | 25M |
Alerting Settings
| Parameter | Description | Default |
|---|---|---|
ENABLE_ALERT_ENCRYPTED_ARCHIVE |
Alert on encrypted archives (.zip, .7zip, .rar) | FALSE |
ENABLE_ALERT_ENCRYPTED_DOC |
Alert on encrypted documents (.pdf) | FALSE |
ENABLE_ALERT_OLE2_MACROS |
Alert on OLE2 files containing VBA macros | FALSE |
ENABLE_ALERT_EXCEEDS_MAX |
Alert on files exceeding MAX_FILES, MAX_SCAN_SIZE or MAX_RECURSION | FALSE |
Networking
| Port | Description |
|---|---|
3310 |
ClamD Listening Port |
Maintenance
Shell Access
For debugging and maintenance purposes you may want access the containers shell.
bash docker exec -it (whatever your container name is) bash
Manual Definition Updates
Manual Definition Updates can be performed by entering the container and typing update-now
Support
These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
Usage
- The Discussions board is a great place for working with the community on tips and tricks of using this image.
- Sponsor me for personalized support
Bugfixes
- Please, submit a Bug Report if something isn't working as expected. I'll do my best to issue a fix in short order.
Feature Requests
- Feel free to submit a feature request, however there is no guarantee that it will be added, or at what timeline.
- Sponsor me regarding development of features.
Updates
- Best effort to track upstream changes, More priority if I am actively using the image in a production environment.
- Sponsor me for up to date releases.
License
MIT. See LICENSE for more details.## References