Dockerfile to build an Clam Antivirus to scan files or mail messages.
- Auto Configuration Support
- Sane Defaults
- Automatic Downlad and update of Virus Definitions
- Ability to load custom definitions
- Log rotation
- About
- Maintainer
- Table of Contents
- Prerequisites and Assumptions
- Installation
- Configuration
- Maintenance
- Support
- License
- This container doesn't do much on it's own unless you use an additional service or communicator to talk to it! You can scan files if you'd like by binding a volume inside the container but that is not the intent of this image.
Clone this repository and build the image with docker build -t (imagename) .
Builds of the image are available on Docker Hub
docker pull docker.io/tiredofit/clamav:(imagetag)
Builds of the image are also available on the Github Container Registry
docker pull ghcr.io/tiredofit/docker-clamav:(imagetag)
The following image tags are available along with their tagged release based on what's written in the Changelog:
Container OS | Tag |
---|---|
Alpine | :latest |
-
The quickest way to get started is using docker-compose. See the examples folder for a working docker-compose.yml that can be modified for development or production use.
-
Set various environment variables to understand the capabilities of this image.
-
Map persistent storage for access to configuration and data files for backup.
The container will look for definition files upon startup in /data
and if not found, download them. 6 times a day it will also check for updated definitions.
The following directories are used for configuration and can be mapped for persistent storage.
Directory | Description |
---|---|
/data/definitions |
Virus Definitions |
/data/config |
Configuration Files |
/logs |
Log Files |
This image relies on an Alpine Linux or Debian Linux base image that relies on an init system for added capabilities. Outgoing SMTP capabilities are handlded via msmtp
. Individual container performance monitoring is performed by zabbix-agent. Additional tools include: bash
,curl
,less
,logrotate
, nano
.
Be sure to view the following repositories to understand all the customizable options:
Image | Description |
---|---|
OS Base | Customized Image based on Alpine Linux |
Parameter | Description | Default |
---|---|---|
SETUP_TYPE |
Auto Configure Configuration each startup - Set to MANUAL to disable |
AUTO |
CLAMD_CONFIG_FILE |
Clamd Configuration file | clamd.conf |
CLAMD_LOCAL_SOCKET |
Clamd Socket Name | /run/clamd/clamd.sock |
CLAMD_TEMP_LOCATION |
CLamd Temp Location | /tmp/clamd/ |
CONCURRENT_DATABASE_RELOAD |
Enable non-blocking (multi-threaded/concurrent) database reloads. | TRUE |
DATA_LOCATION |
Base Folder for Data Files | /data/ |
CONFIG_LOCATION |
Folder for Config Files | ${DATA_LOCATION}/config/ |
DEFINITIONS_LOCATION |
Folder for Virus Definitions | ${DATA_LOCATION}/definitions/ |
ENABLE_CLAMD |
Enable ClamD Daemon | TRUE |
ENABLE_LOG_CLAMD |
Enable Logging for Clamd | TRUE |
ENABLE_LOG_FRESHCLAM |
Enable Logging for Definitions Updaer | TRUE |
FRESHCLAM_CONFIG_FILE |
Freshclam Definitions Updater configuration file | freshclam.conf |
FRESHCLAM_DATABASES |
Comma seperated list of additional definitions eg | |
http://www.rfxn.com/downloads/rfxn.ndb,http://www.rfxn.com/downloads/rfxn.hdb |
||
LISTEN_PORT |
ClamD TCP Socket Listen port | 3310 |
LOG_FILE_CLAMD |
ClamD Log File | clamd.log |
LOG_FILE_FRESHCLAM |
Freshclam Log File | freshclam.log |
LOG_PATH |
Logfile locations | /logs/ |
LOG_VERBOSE |
Enable Verbosity in Logs | FALSE |
Parameter | Description | Default |
---|---|---|
ENABLE_DEFINITIONS_UPDATE |
Enable Automatic Definitions Updating | TRUE |
DEFINITIONS_UPDATE_FREQUENCY |
How often to check for new Definitions in minutes | 1440 |
DEFINITIONS_UPDATE_BEGIN |
What time to do the first dump. Defaults to immediate. Must be in one of two formats | |
Absolute HHMM, e.g. 2330 or 0415 |
||
Relative +MM, i.e. how many minutes after starting the container, e.g. +0 (immediate), +10 (in 10 minutes), or +90 in an hour and a half |
Parameter | Description | Default |
---|---|---|
DISABLE_CERT_CHECK |
Disable PE Cert Checks | TRUE |
ENABLE_ALGORITHMIC_DETECTION |
Enable Algorithmic Detection | TRUE |
ENABLE_BYTECODE |
Enable Bytecode Checks | TRUE |
ENABLE_DETECT_PUA |
Detect PUA | TRUE |
ENABLE_PHISHING_SCAN_URLS |
Scan URLs for Phishing | TRUE |
ENABLE_PHISHING_SIGNATURES |
Scan for signatures related to Phishing | TRUE |
ENABLE_SCAN_ARCHIVE |
Scan Archives | TRUE |
ENABLE_SCAN_ELF |
Scan ELF files | TRUE |
ENABLE_SCAN_HTML |
Scan HTML Files | TRUE |
ENABLE_SCAN_MAIL |
Scan Mail Files | TRUE |
ENABLE_SCAN_OLE2 |
Scan OLE2 Files | TRUE |
ENABLE_SCAN_PDF |
Scan PDF Files | TRUE |
ENABLE_SCAN_PE |
Scan PE Files | TRUE |
ENABLE_SCAN_SWF |
Scan SWF Files | TRUE |
EXCLUDE_PUA |
Comma Seperated Values of PUA formats to exclude | NetTool,PWTool |
INCLUDE_PUA |
Comma Seperated Values of PUA formats to exclude | (null) |
Parameter | Description | Default |
---|---|---|
MAX_EMBEDDEDPE |
Max filesize Embedded PE | 10M |
MAX_FILE_SIZE |
Max file to scan | 25M |
MAX_FILES |
Max files to scan | 10000 |
MAX_HTMLNORMALIZE |
Max HTML Normalize | 10M |
MAX_HTMLNOTAGS |
Max HTML No Tags | 2M |
MAX_ICONSPE |
Max IconsPE | 100 |
MAX_PARTITIONS |
Max Partitons to Scan | 50 |
MAX_RECHWP3 |
Max Recursive HWP3 | 16 |
MAX_RECURSION |
Max Folder Recursion | 16 |
MAX_SCAN_SIZE |
Max Scan Size | 100M |
MAX_SCRIPTNORMALIZE |
Max Script Normalize Scan | 5M |
MAX_THREADS |
Max Scanning Threads | 10 |
MAX_ZIPTYPERCG |
Max Zip type Recursive | 1M |
PCRE_MATCH_LIMIT |
PCRE Match Limit | 10000 |
PCRE_MAX_FILE_SIZE |
PCRE Max File Size | 25M |
PCRE_RECMATCH_LIMIT |
PCRE REcursive Max Limit | 2000 |
STREAM_MAX_LENGTH |
Max stream size to scan | 25M |
Parameter | Description | Default |
---|---|---|
ENABLE_ALERT_ENCRYPTED_ARCHIVE |
Alert on encrypted archives (.zip, .7zip, .rar) | FALSE |
ENABLE_ALERT_ENCRYPTED_DOC |
Alert on encrypted documents (.pdf) | FALSE |
ENABLE_ALERT_OLE2_MACROS |
Alert on OLE2 files containing VBA macros | FALSE |
ENABLE_ALERT_EXCEEDS_MAX |
Alert on files exceeding MAX_FILES, MAX_SCAN_SIZE or MAX_RECURSION | FALSE |
Port | Description |
---|---|
3310 |
ClamD Listening Port |
For debugging and maintenance purposes you may want access the containers shell.
bash docker exec -it (whatever your container name is) bash
Manual Definition Updates can be performed by entering the container and typing update-now
These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
- The Discussions board is a great place for working with the community on tips and tricks of using this image.
- Sponsor me for personalized support
- Please, submit a Bug Report if something isn't working as expected. I'll do my best to issue a fix in short order.
- Feel free to submit a feature request, however there is no guarantee that it will be added, or at what timeline.
- Sponsor me regarding development of features.
- Best effort to track upstream changes, More priority if I am actively using the image in a production environment.
- Sponsor me for up to date releases.
MIT. See LICENSE for more details.## References