Switch to upstream's clamav image

2024-12-04 10:24:41 +02:00 · 2023-10-13 16:24:10 +02:00 · 2023-10-13 16:24:10 +02:00 · 6a2169096c
commit 6a2169096c
parent bc6a38b655
10 changed files with 34 additions and 168 deletions
--- a/optional/clamav/Dockerfile
+++ b/optional/clamav/Dockerfile
@ -1,22 +0,0 @@
-# syntax=docker/dockerfile-upstream:1.4.3
-
-# clamav image
-FROM base
-
-ARG VERSION=local
-LABEL version=$VERSION
-
-RUN set -euxo pipefail \
-  ; apk add --no-cache clamav clamav-libunrar rsyslog wget
-
-COPY conf/ /etc/clamav/
-COPY start.py /
-
-RUN echo $VERSION >/version
-
-#EXPOSE 3310/tcp
-HEALTHCHECK CMD kill -0 `cat /run/clamd.pid` && kill -0 `cat /run/freshclam.pid`
-
-VOLUME ["/data"]
-
-CMD /start.py
--- a/optional/clamav/README.md
+++ b/optional/clamav/README.md
@ -1,12 +0,0 @@
-Mailu ClamAV container
-======================
-
-ClamAV is an open source antivirus engine for detecting trojans, viruses,
-malware & other malicious threats.
-
-Resources
---------
-
- * [Report issues](https://github.com/Mailu/Mailu/issues) and
-    [send Pull Requests](https://github.com/Mailu/Mailu/pulls)
-    in the [main Mailu repository](https://github.com/Mailu/Mailu)
--- a/optional/clamav/conf/clamd.conf
+++ b/optional/clamav/conf/clamd.conf
@ -1,56 +0,0 @@
-###############
-# General
-###############
-
-DatabaseDirectory /data
-TemporaryDirectory /tmp
-LogTime yes
-PidFile /run/clamd.pid
-LocalSocket /tmp/clamd.sock
-TCPSocket 3310
-Foreground yes
-
-###############
-# Results
-###############
-
-DetectPUA yes
-ExcludePUA NetTool
-ExcludePUA PWTool
-HeuristicAlerts yes
-Bytecode yes
-
-###############
-# Scan
-###############
-
-ScanPE yes
-DisableCertCheck yes
-ScanELF yes
-AlertBrokenExecutables yes
-ScanOLE2 yes
-ScanPDF yes
-ScanSWF yes
-ScanMail yes
-PhishingSignatures yes
-PhishingScanURLs yes
-ScanHTML yes
-ScanArchive yes
-
-###############
-# Scan
-###############
-
-MaxScanSize 150M
-MaxFileSize 30M
-MaxRecursion 10
-MaxFiles 15000
-MaxEmbeddedPE 10M
-MaxHTMLNormalize 10M
-MaxHTMLNoTags 2M
-MaxScriptNormalize 5M
-MaxZipTypeRcg 1M
-MaxPartitions 128
-MaxIconsPE 200
-PCREMatchLimit 10000
-PCRERecMatchLimit 10000
--- a/optional/clamav/conf/freshclam.conf
+++ b/optional/clamav/conf/freshclam.conf
@ -1,18 +0,0 @@
-###############
-# General
-###############
-
-DatabaseDirectory /data
-UpdateLogFile /dev/stdout
-LogTime yes
-PidFile /run/freshclam.pid
-DatabaseOwner root
-
-###############
-# Updates
-###############
-
-DatabaseMirror database.clamav.net
-ScriptedUpdates yes
-NotifyClamd /etc/clamav/clamd.conf
-Bytecode yes
--- a/optional/clamav/start.py
+++ b/optional/clamav/start.py
@ -1,21 +0,0 @@
-#!/usr/bin/env python3
-
-import os
-import logging as logger
-import sys
-from socrate import system
-
-system.set_env(log_filters=r'SelfCheck: Database status OK\.$')
-
-# Bootstrap the database if clamav is running for the first time
-if not os.path.isfile("/data/main.cvd"):
-    logger.info("Starting primary virus DB download")
-    os.system("freshclam")
-
-# Run the update daemon
-logger.info("Starting the update daemon")
-os.system("freshclam -d -c 6")
-
-# Run clamav
-logger.info("Starting clamav")
-os.system("clamd")
--- a/setup/flavors/compose/docker-compose.yml
+++ b/setup/flavors/compose/docker-compose.yml
@ -139,7 +139,7 @@ services:
    hostname: oletools
    restart: always
    networks:
-      - noinet
+      - oletools
    depends_on:
    {% if resolver_enabled %}
      - resolver
@ -172,10 +172,13 @@ services:
      driver: journald
      options:
        tag: mailu-antispam
-{% if oletools_enabled %}
    networks:
      - default
-      - noinet
+{% if oletools_enabled %}
+      - oletools
+{% endif %}
+{% if antivirus_enabled %}
+      - clamav
 {% endif %}
    volumes:
      - "{{ root }}/filter:/var/lib/rspamd"
@ -198,17 +201,16 @@ services:
  # Optional services
  {% if antivirus_enabled %}
  antivirus:
-    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-{{ version }}}
+    image: clamav/clamav-debian:1.2.0-6
    restart: always
-    env_file: {{ env }}
+    logging:
+      driver: journald
+      options:
+        tag: mailu-clamav
+    networks:
+      - clamav
    volumes:
-      - "{{ root }}/filter:/data"
-    {% if resolver_enabled %}
-    depends_on:
-      - resolver
-    dns:
-      - {{ dns }}
-    {% endif %}
+      - "{{ root }}/filter/clamav:/var/lib/clamav"
  {% endif %}

  {% if webdav_enabled %}
@ -275,8 +277,12 @@ networks:
  webmail:
    driver: bridge
 {% endif %}
+{% if antivirus_enabled %}
+  clamav:
+    driver: bridge
+{% endif %}
 {% if oletools_enabled %}
-  noinet:
+  oletools:
    driver: bridge
    internal: true
 {% endif %}
--- a/tests/build-ci.hcl
+++ b/tests/build-ci.hcl
@ -49,7 +49,6 @@ group "default" {

    "webmail",

-    "antivirus",
    "fetchmail",
    "resolver",
    "traefik-certdumper",
@ -207,15 +206,6 @@ target "webmail" {
 # -----------------------------------------------------------------------------------------
 # Optional images
 # -----------------------------------------------------------------------------------------
-target "antivirus" {
-  inherits = ["defaults"]
-  context = "optional/clamav/"
-  contexts = {
-    base = "docker-image://${DOCKER_ORG}/base:${MAILU_VERSION}"
-  }
-  tags = tag("clamav")
-}
-
 target "fetchmail" {
  inherits = ["defaults"]
  context = "optional/fetchmail/"
--- a/tests/build.hcl
+++ b/tests/build.hcl
@ -45,7 +45,6 @@ group "default" {

    "webmail",

-    "antivirus",
    "fetchmail",
    "resolver",
    "traefik-certdumper",
@ -201,15 +200,6 @@ target "webmail" {
 # -----------------------------------------------------------------------------------------
 # Optional images
 # -----------------------------------------------------------------------------------------
-target "antivirus" {
-  inherits = ["defaults"]
-  context = "optional/clamav/"
-  contexts = {
-    base = "target:base"
-  }
-  tags = tag("clamav")
-}
-
 target "fetchmail" {
  inherits = ["defaults"]
  context = "optional/fetchmail/"
--- a/tests/compose/filters/docker-compose.yml
+++ b/tests/compose/filters/docker-compose.yml
@ -70,7 +70,7 @@ services:
    hostname: oletools
    restart: always
    networks:
-      - noinet
+      - oletools

  antispam:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-local}
@ -78,7 +78,8 @@ services:
    env_file: mailu.env
    networks:
      - default
-      - noinet
+      - oletools
+      - clamav
    volumes:
      - "/mailu/filter:/var/lib/rspamd"
      - "/mailu/dkim:/dkim"
@ -88,11 +89,16 @@ services:

  # Optional services
  antivirus:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-local}
+    image: clamav/clamav-debian:1.2.0-6
    restart: always
-    env_file: mailu.env
+    logging:
+      driver: journald
+      options:
+        tag: mailu-clamav
+    networks:
+      - clamav
    volumes:
-      - "/mailu/filter:/data"
+      - "/mailu/filter/clamav:/var/lib/clamav"

  resolver:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-local}
@ -112,6 +118,8 @@ networks:
      driver: default
      config:
        - subnet: 192.168.203.0/24
-  noinet:
+  clamav:
+    driver: bridge
+  oletools:
    driver: bridge
    internal: true
--- a/towncrier/newsfragments/2059.misc
+++ b/towncrier/newsfragments/2059.misc
@ -0,0 +1 @@
+Switch to upstream's clamav image