ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
This is a repo setup for utilization in Red Hat Openshift. This solution allows you to create a pod in your openshift environment to scan any file for known virus signatures, quickly and effectively.
The builds package the barebones service, and the deployment config will download latest signatures on first run.
Freshclam can be run within the container at any time to update the existing signatures. Alternatively, you can re-deploy which will fetch the latest into the running container.
The templates in the openshift/templates will build and deploy the app. Modify to suit your own environment. openshift/templates/clamav-bc.conf will create your builder image (ideally in your tools project), and openshift/templates/clamav-dc.conf will create the pod deployment. Modify the environment variables defined in both the build config and deployment config appropriately.
The Helm chart deploys a standard StatefulSet. This deployment should work on OpenShift Local, kind or even Docker Desktop
- Optional: if running on openshift local, create a namespace
oc new-project clamav-demo
- Import the build config template and create the build config
oc apply -f openshift/clamav-bc.conf -n clamav-demo
oc new-app --template=clamav
- Start a build
oc start-build clamav-build
-
When the build is complete, new image stream tag should be avilable,
clamav
with a single image stream tagclamav:latest
-
Deploy, if running locally be sure to set the clamav.freshclam.mirrors to something your instance can reach. By default the mirrors are configured for internal BC Gov mirror.
cd charts
helm install clamav clamav --set clamav.image=image-registry.openshift-image-registry.svc:5000/clamav-demo/clamav --set clamav.freshclam.mirrors[0]=https://db.us.clamav.net
Below are the steps required to deploy to kind. When the container starts up it will need to pull the latest virus defintions. It can take a little while before the pods are ready.
docker build -f Dockerfile . -t clamav:latest
kind create cluster
kind load docker-image clamav:latest
cd charts
helm install clamav clamav --set clamav.image=docker.io/library/clamav --set clamav.imagePullPolicy=Never
The commands are:
- Build the docker image, tagging it as latest
- Create a kind cluster
- Load the build image into the cluster node(s)
- Chages into the charts subdirectory
- Install the helm chart changing the docker image to the loaded image and changing the pull policy so it uses the loaded image.
To clean up everything,
docker rmi clamav:latest
kind delete cluster
To report bugs/issues/feature requests, please file an issue.