mailcow/data/Dockerfiles/clamd/bootstrap.sh

#!/bin/bash

if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
  echo "SKIP_CLAMD=y, skipping ClamAV..."
  sleep 365d
  exit 0
fi

# Prepare log pipes
mkdir -p /var/log/clamav
touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log
chown -R clamav:clamav /var/log/clamav/
adduser clamav tty
chmod g+rw /dev/console

# Prepare whitelist
if [[ -s /etc/clamav/whitelist.ign2 ]]; then
  cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
  chown clamav:clamav /var/lib/clamav/whitelist.ign2
fi
if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
  echo "Example-Signature.Ignore-1" > /var/lib/clamav/whitelist.ign2
fi
chown clamav:clamav /var/lib/clamav/whitelist.ign2

dos2unix /var/lib/clamav/whitelist.ign2
sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2

BACKGROUND_TASKS=()

(
while true; do
  sleep 1m
  freshclam
  sleep 1h
done
) &
BACKGROUND_TASKS+=($!)

(
while true; do
  sleep 2m
  SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"
  for sane_mirror in ${SANE_MIRRORS}; do
    rsync -avp --chown=clamav:clamav --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
      --include 'blurl.ndb' \
      --include 'junk.ndb' \
      --include 'jurlbl.ndb' \
      --include 'phish.ndb' \
      --exclude='*' /var/lib/clamav/
    if [ $? -eq 0 ]; then
      echo RELOAD | nc localhost 3310
      break
    fi
  done
  sleep 30h
done
) &
BACKGROUND_TASKS+=($!)

clamd &
BACKGROUND_TASKS+=($!)

while true; do
  for bg_task in ${BACKGROUND_TASKS[*]}; do
    if ! kill -0 ${bg_task} 1>&2; then
      echo "Worker ${bg_task} died, stopping container waiting for respawn..."
      kill -TERM 1
    fi
    sleep 10
  done
done
Not of any use as of today 2017-02-21 22:26:20 +01:00			`#!/bin/bash`
Use Alpine ClamAV 2017-05-17 07:48:48 +02:00
[Clamd] Add SKIP_CLAMD variable to disable Clamd start 2017-07-04 18:05:44 +02:00			`if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]\|[yY])+$ ]]; then`
[ClamAV] Use tini, check if background procs are running, use pipe to output to stdout 2017-10-14 23:25:29 +02:00			`echo "SKIP_CLAMD=y, skipping ClamAV..."`
			`sleep 365d`
			`exit 0`
[Clamd] Add SKIP_CLAMD variable to disable Clamd start 2017-07-04 18:05:44 +02:00			`fi`

[ClamAV] Do not try to modify cross-mounted file, copy whitelist from conf to lib directory 2018-10-27 13:25:05 +02:00			`# Prepare log pipes`
[Dovecot] Dovecot 2.3.1, Pigeonhole 0.5.1 [ClamAV] 0.100.0, new log method without pipes [Compose] New images for Dovecot and ClamAV, add persistent tty to clamd-mailcow 2018-04-26 12:36:13 +02:00			`mkdir -p /var/log/clamav`
[ClamAV] Use tini, check if background procs are running, use pipe to output to stdout 2017-10-14 23:25:29 +02:00			`touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log`
[Dovecot] Dovecot 2.3.1, Pigeonhole 0.5.1 [ClamAV] 0.100.0, new log method without pipes [Compose] New images for Dovecot and ClamAV, add persistent tty to clamd-mailcow 2018-04-26 12:36:13 +02:00			`chown -R clamav:clamav /var/log/clamav/`
[ClamAV] Update to 0.101.1 (based on Debian to fix some errors) [ClamAV] Some config values are deprecated and were replaced 2019-01-08 12:54:33 +01:00			`adduser clamav tty`
[ClamAV] Modify /dev/console to fit permissions 2018-05-02 21:08:40 +02:00			`chmod g+rw /dev/console`
[ClamAV] Use tini, check if background procs are running, use pipe to output to stdout 2017-10-14 23:25:29 +02:00
[ClamAV] Do not try to modify cross-mounted file, copy whitelist from conf to lib directory 2018-10-27 13:25:05 +02:00			`# Prepare whitelist`
			`if [[ -s /etc/clamav/whitelist.ign2 ]]; then`
			`cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2`
			`chown clamav:clamav /var/lib/clamav/whitelist.ign2`
			`fi`
			`if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then`
			`echo "Example-Signature.Ignore-1" > /var/lib/clamav/whitelist.ign2`
			`fi`
			`chown clamav:clamav /var/lib/clamav/whitelist.ign2`

[ClamAV] Add whitelist file for ClamAV, fixes #1607 [ACME] Test for CAA before running script, fixes #1632 2018-08-05 22:35:02 +02:00			`dos2unix /var/lib/clamav/whitelist.ign2`
			`sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2`

[ClamAV] Use tini, check if background procs are running, use pipe to output to stdout 2017-10-14 23:25:29 +02:00			`BACKGROUND_TASKS=()`

[Dovecot] Dovecot 2.3.1, Pigeonhole 0.5.1 [ClamAV] 0.100.0, new log method without pipes [Compose] New images for Dovecot and ClamAV, add persistent tty to clamd-mailcow 2018-04-26 12:36:13 +02:00			`(`
			`while true; do`
			`sleep 1m`
			`freshclam`
			`sleep 1h`
			`done`
			`) &`
[ClamAV] Use tini, check if background procs are running, use pipe to output to stdout 2017-10-14 23:25:29 +02:00			`BACKGROUND_TASKS+=($!)`

[ClamAV] Update to 0.101.1 (based on Debian to fix some errors) [ClamAV] Some config values are deprecated and were replaced 2019-01-08 12:54:33 +01:00			`(`
			`while true; do`
			`sleep 2m`
			`SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"`
			`for sane_mirror in ${SANE_MIRRORS}; do`
			`rsync -avp --chown=clamav:clamav --timeout=5 rsync://${sane_mirror}/sanesecurity/ \`
			`--include 'blurl.ndb' \`
			`--include 'junk.ndb' \`
			`--include 'jurlbl.ndb' \`
			`--include 'phish.ndb' \`
			`--exclude='*' /var/lib/clamav/`
			`if [ $? -eq 0 ]; then`
			`echo RELOAD \| nc localhost 3310`
			`break`
			`fi`
			`done`
			`sleep 30h`
			`done`
			`) &`
			`BACKGROUND_TASKS+=($!)`

Not of any use as of today 2017-02-21 22:26:20 +01:00			`clamd &`
[ClamAV] Use tini, check if background procs are running, use pipe to output to stdout 2017-10-14 23:25:29 +02:00			`BACKGROUND_TASKS+=($!)`
Not of any use as of today 2017-02-21 22:26:20 +01:00
[ClamAV] Use tini, check if background procs are running, use pipe to output to stdout 2017-10-14 23:25:29 +02:00			`while true; do`
			`for bg_task in ${BACKGROUND_TASKS[*]}; do`
			`if ! kill -0 ${bg_task} 1>&2; then`
			`echo "Worker ${bg_task} died, stopping container waiting for respawn..."`
			`kill -TERM 1`
			`fi`
			`sleep 10`
			`done`
			`done`