[ClamAV] Move to official ClamAV Docker container (#4525)
Since ClamAV starts to offer Docker containers this PR introduces said containers so we don't need to build the container on our own anymore. This was an easy task until v0.104, but then ClamAV changed its buildprocess to use cmake and with v0.105 it also needs the Rust toolchain -> https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html#ubuntu--debian Here are the main changes for the new container Creates clamd-db-vol-1 volume Still uses the same config files Downloads ClamAV databases in said volume Smaller container footprint 13MB vs 150MB --- * [ClamAV] Move to official ClamAV Docker container * [ClamAV] Remove vim + nano * [ClamAV] Use normal version in docker-compose
This commit is contained in:
Peter
GitHub
parent
b375e6a250
commit
fd7269d455
@ -1,76 +1,15 @@
|
|||||||
FROM debian:bullseye-slim
|
FROM clamav/clamav:0.104.2-2_base
|
||||||
|
|
||||||
LABEL maintainer "André Peters <andre.peters@servercow.de>"
|
LABEL maintainer "André Peters <andre.peters@servercow.de>"
|
||||||
|
|
||||||
ARG CLAMAV=0.104.2
|
RUN apk upgrade --no-cache \
|
||||||
ARG TINI_VERSION=v0.19.0
|
&& apk add --update --no-cache \
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
||||||
ca-certificates \
|
|
||||||
build-essential \
|
|
||||||
pkg-config \
|
|
||||||
python3 \
|
|
||||||
python3-pip \
|
|
||||||
valgrind \
|
|
||||||
check \
|
|
||||||
libbz2-dev \
|
|
||||||
libcurl4-openssl-dev \
|
|
||||||
libjson-c-dev \
|
|
||||||
libmilter-dev \
|
|
||||||
libncurses5-dev \
|
|
||||||
libpcre2-dev \
|
|
||||||
libssl-dev \
|
|
||||||
libxml2-dev \
|
|
||||||
zlib1g-dev \
|
|
||||||
curl \
|
|
||||||
bash \
|
|
||||||
wget \
|
|
||||||
tzdata \
|
|
||||||
dnsutils \
|
|
||||||
rsync \
|
rsync \
|
||||||
dos2unix \
|
bind-tools \
|
||||||
netcat \
|
bash
|
||||||
&& python3 -m pip install cmake \
|
|
||||||
&& rm -rf /var/lib/apt/lists/* \
|
|
||||||
&& wget -O - https://www.clamav.net/downloads/production/clamav-${CLAMAV}.tar.gz | tar xfvz - \
|
|
||||||
&& cd clamav-${CLAMAV} \
|
|
||||||
&& cmake . \
|
|
||||||
-D CMAKE_INSTALL_PREFIX=/usr \
|
|
||||||
-D CMAKE_INSTALL_LIBDIR=/usr/lib \
|
|
||||||
-D APP_CONFIG_DIRECTORY=/etc/clamav \
|
|
||||||
-D CMAKE_INSTALL_MANDIR=/usr/share/man \
|
|
||||||
-D CMAKE_INSTALL_INFODIR=/usr/share/info \
|
|
||||||
-D CLAMAV_USER=clamav \
|
|
||||||
-D CLAMAV_GROUP=clamav \
|
|
||||||
-D DATABASE_DIRECTORY=/var/lib/clamav \
|
|
||||||
-D ENABLE_APP=ON \
|
|
||||||
-D ENABLE_JSON_SHARED=OFF \
|
|
||||||
-D CMAKE_BUILD_TYPE=MinSizeRel \
|
|
||||||
&& cmake --build . -j4 \
|
|
||||||
&& cmake --build . --target install \
|
|
||||||
&& cd .. && rm -rf clamav-${CLAMAV} \
|
|
||||||
&& apt-get -y --auto-remove purge build-essential \
|
|
||||||
&& apt-get -y purge pkg-config \
|
|
||||||
python3 \
|
|
||||||
python3-pip \
|
|
||||||
valgrind \
|
|
||||||
check \
|
|
||||||
libbz2-dev \
|
|
||||||
libcurl4-openssl-dev \
|
|
||||||
libjson-c-dev \
|
|
||||||
libmilter-dev \
|
|
||||||
libncurses5-dev \
|
|
||||||
libpcre2-dev \
|
|
||||||
libssl-dev \
|
|
||||||
libxml2-dev \
|
|
||||||
zlib1g-dev \
|
|
||||||
|
|
||||||
&& addgroup --system --gid 700 clamav \
|
|
||||||
&& adduser --system --no-create-home --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \
|
|
||||||
&& rm -rf /tmp/* /var/tmp/*
|
|
||||||
|
|
||||||
COPY clamd.sh ./
|
COPY clamd.sh ./
|
||||||
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
|
|
||||||
RUN chmod +x /sbin/tini
|
RUN chmod +x /sbin/tini
|
||||||
|
|
||||||
CMD ["/sbin/tini", "-g", "--", "/clamd.sh"]
|
ENTRYPOINT []
|
||||||
|
CMD ["/sbin/tini", "-g", "--", "/clamd.sh"]
|
||||||
@ -14,10 +14,10 @@ rm -rf /var/lib/clamav/clamav-*.tmp
|
|||||||
|
|
||||||
mkdir -p /run/clamav /var/lib/clamav
|
mkdir -p /run/clamav /var/lib/clamav
|
||||||
|
|
||||||
if [[ -s /etc/clamav/whitelist.ign2 ]]; then
|
#if [[ -s /etc/clamav/whitelist.ign2 ]]; then
|
||||||
echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
|
# echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
|
||||||
cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
|
# cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
|
||||||
fi
|
#fi
|
||||||
|
|
||||||
if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
|
if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
|
||||||
echo "Creating /var/lib/clamav/whitelist.ign2"
|
echo "Creating /var/lib/clamav/whitelist.ign2"
|
||||||
|
|||||||
@ -58,7 +58,7 @@ services:
|
|||||||
- redis
|
- redis
|
||||||
|
|
||||||
clamd-mailcow:
|
clamd-mailcow:
|
||||||
image: mailcow/clamd:1.44
|
image: mailcow/clamd:1.50
|
||||||
restart: always
|
restart: always
|
||||||
dns:
|
dns:
|
||||||
- ${IPV4_NETWORK:-172.22.1}.254
|
- ${IPV4_NETWORK:-172.22.1}.254
|
||||||
@ -67,6 +67,7 @@ services:
|
|||||||
- SKIP_CLAMD=${SKIP_CLAMD:-n}
|
- SKIP_CLAMD=${SKIP_CLAMD:-n}
|
||||||
volumes:
|
volumes:
|
||||||
- ./data/conf/clamav/:/etc/clamav/:Z
|
- ./data/conf/clamav/:/etc/clamav/:Z
|
||||||
|
- clamd-db-vol-1:/var/lib/clamav:z
|
||||||
networks:
|
networks:
|
||||||
mailcow-network:
|
mailcow-network:
|
||||||
aliases:
|
aliases:
|
||||||
@ -631,3 +632,4 @@ volumes:
|
|||||||
crypt-vol-1:
|
crypt-vol-1:
|
||||||
sogo-web-vol-1:
|
sogo-web-vol-1:
|
||||||
sogo-userdata-backup-vol-1:
|
sogo-userdata-backup-vol-1:
|
||||||
|
clamd-db-vol-1:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user