Docker container for starting a ClamAV daemon.
These instructions will cover how to start a container both in Docker and within a Kubernetes cluster.
In order to run this container you'll need docker installed.
Optionally:
- A Kubernetes cluster to enable Kubernetes api discovery of other nodes.
The example below will start a single ClamAV instance.
docker run --name clamav -d -p 3310:3310 quay.io/ukhomeofficedigital/clamav:v0.1.1
To use with Kubernetes see the kubernetes examples.
The variables and the defaults are shown below. By default, the container does not depend on Kubernetes.
CLAMD_SETTINGS_CSV="LogVerbose=yes,VirusEvent=/custom_alert.sh"
See clamd.conf for more details
and see ./clamd.conf for the default settings.
To use specify a CSV of settings using Key=Value (not Key Value as the clamd.conf file) e.g."CLAMD_SETTINGS_CSV='Setting=value'"
Note, clamd has already been configured appropriately for a container but some useful settings include:VirusEvent=/path/to/alert_script.sh
If mounted in the container, will provide a custom alert facilityLogClean=yes
Will log every scan performed
FRESHCLAM_SETTINGS_CSV="LogVerbose=yes"
See freshclam.conf for more details
and see ./freshclam.conf for the default settings. See above for how this works.UPDATE=true
(default) will start freshclam daemon in background to watch for update antivirus definitions
UPDATE=false
will watch for first successful update from separate sidecar container before startingUPDATE_ONLY=true
configure as a sidecar container and run the update process in the foreground
UPDATE_ONLY=false
(default) will run clamd and freshclam as normal.
This container exposes:
3310
- Access the Clam AV API.
Feel free to submit pull requests and issues. If it's a particularly large PR, you may wish to discuss it in an issue first.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
We use SemVer for versioning. For the versions available, see the tags on this repository.
- Lewis Marshall - Initial work - Lewis Marshall
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE.md file for details.
- Ensure the DB access doesn't need to be for user 999 (so the volume can be mounted)...
- Long startup time, see point above.
- Add testing for Travis