[ClamAV] Move to official ClamAV Docker container (#4525)

Since ClamAV starts to offer Docker containers this PR introduces said containers so we don't need to build the container on our own anymore. This was an easy task until v0.104, but then ClamAV changed its buildprocess to use cmake and with v0.105 it also needs the Rust toolchain -> https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html#ubuntu--debian

Here are the main changes for the new container

Creates clamd-db-vol-1 volume
Still uses the same config files
Downloads ClamAV databases in said volume
Smaller container footprint 13MB vs 150MB

---

* [ClamAV] Move to official ClamAV Docker container

* [ClamAV] Remove vim + nano

* [ClamAV] Use normal version in docker-compose
This commit is contained in:
Peter 2022-03-28 11:07:47 +02:00 committed by GitHub
parent b375e6a250
commit fd7269d455
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 73 deletions

View File

@ -1,76 +1,15 @@
FROM debian:bullseye-slim
FROM clamav/clamav:0.104.2-2_base
LABEL maintainer "André Peters <andre.peters@servercow.de>"
ARG CLAMAV=0.104.2
ARG TINI_VERSION=v0.19.0
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
build-essential \
pkg-config \
python3 \
python3-pip \
valgrind \
check \
libbz2-dev \
libcurl4-openssl-dev \
libjson-c-dev \
libmilter-dev \
libncurses5-dev \
libpcre2-dev \
libssl-dev \
libxml2-dev \
zlib1g-dev \
curl \
bash \
wget \
tzdata \
dnsutils \
RUN apk upgrade --no-cache \
&& apk add --update --no-cache \
rsync \
dos2unix \
netcat \
&& python3 -m pip install cmake \
&& rm -rf /var/lib/apt/lists/* \
&& wget -O - https://www.clamav.net/downloads/production/clamav-${CLAMAV}.tar.gz | tar xfvz - \
&& cd clamav-${CLAMAV} \
&& cmake . \
-D CMAKE_INSTALL_PREFIX=/usr \
-D CMAKE_INSTALL_LIBDIR=/usr/lib \
-D APP_CONFIG_DIRECTORY=/etc/clamav \
-D CMAKE_INSTALL_MANDIR=/usr/share/man \
-D CMAKE_INSTALL_INFODIR=/usr/share/info \
-D CLAMAV_USER=clamav \
-D CLAMAV_GROUP=clamav \
-D DATABASE_DIRECTORY=/var/lib/clamav \
-D ENABLE_APP=ON \
-D ENABLE_JSON_SHARED=OFF \
-D CMAKE_BUILD_TYPE=MinSizeRel \
&& cmake --build . -j4 \
&& cmake --build . --target install \
&& cd .. && rm -rf clamav-${CLAMAV} \
&& apt-get -y --auto-remove purge build-essential \
&& apt-get -y purge pkg-config \
python3 \
python3-pip \
valgrind \
check \
libbz2-dev \
libcurl4-openssl-dev \
libjson-c-dev \
libmilter-dev \
libncurses5-dev \
libpcre2-dev \
libssl-dev \
libxml2-dev \
zlib1g-dev \
&& addgroup --system --gid 700 clamav \
&& adduser --system --no-create-home --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \
&& rm -rf /tmp/* /var/tmp/*
bind-tools \
bash
COPY clamd.sh ./
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
RUN chmod +x /sbin/tini
ENTRYPOINT []
CMD ["/sbin/tini", "-g", "--", "/clamd.sh"]

View File

@ -14,10 +14,10 @@ rm -rf /var/lib/clamav/clamav-*.tmp
mkdir -p /run/clamav /var/lib/clamav
if [[ -s /etc/clamav/whitelist.ign2 ]]; then
echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
fi
#if [[ -s /etc/clamav/whitelist.ign2 ]]; then
# echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
# cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
#fi
if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
echo "Creating /var/lib/clamav/whitelist.ign2"

View File

@ -58,7 +58,7 @@ services:
- redis
clamd-mailcow:
image: mailcow/clamd:1.44
image: mailcow/clamd:1.50
restart: always
dns:
- ${IPV4_NETWORK:-172.22.1}.254
@ -67,6 +67,7 @@ services:
- SKIP_CLAMD=${SKIP_CLAMD:-n}
volumes:
- ./data/conf/clamav/:/etc/clamav/:Z
- clamd-db-vol-1:/var/lib/clamav:z
networks:
mailcow-network:
aliases:
@ -631,3 +632,4 @@ volumes:
crypt-vol-1:
sogo-web-vol-1:
sogo-userdata-backup-vol-1:
clamd-db-vol-1: