1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-01-12 04:23:24 +02:00

[ClamAV] Update to 0.101.1 (based on Debian to fix some errors)

[ClamAV] Some config values are deprecated and were replaced
This commit is contained in:
andryyy 2019-01-08 12:54:33 +01:00
parent 75d5de016a
commit e42afa39a8
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
5 changed files with 61 additions and 53 deletions

View File

@ -1,18 +1,32 @@
FROM alpine:3.8
FROM debian:stretch-slim
LABEL maintainer "André Peters <andre.peters@servercow.de>"
# Add scripts
COPY dl_files.sh bootstrap.sh ./
# Installation
ENV CLAMAV 0.100.2
ENV CLAMAV 0.101.1
RUN apk add --no-cache --virtual build-dependencies alpine-sdk ncurses-dev zlib-dev bzip2-dev pcre-dev linux-headers fts-dev libxml2-dev libressl-dev \
&& apk add --no-cache curl bash tini libxml2 libbz2 pcre fts libressl tzdata \
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
zlib1g-dev \
libncurses5-dev \
libzip-dev \
libpcre2-dev \
libxml2-dev \
libssl-dev \
build-essential \
libjson-c-dev \
curl \
bash \
wget \
tzdata \
dnsutils \
rsync \
dos2unix \
netcat \
&& rm -rf /var/lib/apt/lists/* \
&& wget -O - https://www.clamav.net/downloads/production/clamav-${CLAMAV}.tar.gz | tar xfvz - \
&& cd clamav-${CLAMAV} \
&& LIBS=-lfts ./configure \
&& ./configure \
--prefix=/usr \
--libdir=/usr/lib \
--sysconfdir=/etc/clamav \
@ -30,18 +44,22 @@ RUN apk add --no-cache --virtual build-dependencies alpine-sdk ncurses-dev zlib-
&& make install \
&& make clean \
&& cd .. && rm -rf clamav-${CLAMAV} \
&& apk del build-dependencies \
&& addgroup -S clamav \
&& adduser -S -D -h /var/lib/clamav -s /sbin/nologin -G clamav -g clamav clamav \
&& adduser clamav tty \
&& apt-get -y --auto-remove purge build-essential \
&& apt-get -y purge zlib1g-dev \
libncurses5-dev \
libzip-dev \
libpcre2-dev \
libxml2-dev \
libssl-dev \
libjson-c-dev \
&& addgroup --system --gid 700 clamav \
&& adduser --system --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \
&& mkdir -p /run/clamav \
&& chown clamav:clamav /run/clamav \
&& chmod +x /dl_files.sh \
&& set -ex; /bin/bash /dl_files.sh \
&& chmod 750 /run/clamav
&& chmod 750 /run/clamav \
&& rm -rf /tmp/* /var/tmp/*
# Port provision
EXPOSE 3310
COPY bootstrap.sh ./
COPY tini /sbin/tini
# AV daemon bootstrapping
CMD ["/sbin/tini", "-g", "--", "/bootstrap.sh"]

View File

@ -10,7 +10,7 @@ fi
mkdir -p /var/log/clamav
touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log
chown -R clamav:clamav /var/log/clamav/
chown root:tty /dev/console
adduser clamav tty
chmod g+rw /dev/console
# Prepare whitelist
@ -37,6 +37,27 @@ done
) &
BACKGROUND_TASKS+=($!)
(
while true; do
sleep 2m
SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"
for sane_mirror in ${SANE_MIRRORS}; do
rsync -avp --chown=clamav:clamav --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
--include 'blurl.ndb' \
--include 'junk.ndb' \
--include 'jurlbl.ndb' \
--include 'phish.ndb' \
--exclude='*' /var/lib/clamav/
if [ $? -eq 0 ]; then
echo RELOAD | nc localhost 3310
break
fi
done
sleep 30h
done
) &
BACKGROUND_TASKS+=($!)
clamd &
BACKGROUND_TASKS+=($!)

View File

@ -1,32 +0,0 @@
#!/bin/bash
declare -a DB_MIRRORS=(
"switch.clamav.net"
"clamavdb.heanet.ie"
"clamav.iol.cz"
"clamav.univ-nantes.fr"
"clamav.easynet.fr"
"clamav.begi.net"
)
declare -a DB_MIRRORS=( $(shuf -e "${DB_MIRRORS[@]}") )
DB_FILES=(
"bytecode.cvd"
"daily.cvd"
"main.cvd"
)
for i in "${DB_MIRRORS[@]}"; do
for j in "${DB_FILES[@]}"; do
[[ -f "/var/lib/clamav/${j}" && -s "/var/lib/clamav/${j}" ]] && continue;
if [[ $(curl -o /dev/null --connect-timeout 1 \
--max-time 1 \
--silent \
--head \
--write-out "%{http_code}\n" "${i}/${j}") == 200 ]]; then
curl "${i}/${j}" -o "/var/lib/clamav/${j}" -#
fi
done
done
chown clamav:clamav /var/lib/clamav/*.cvd

BIN
data/Dockerfiles/clamd/tini Executable file

Binary file not shown.

View File

@ -1,3 +1,4 @@
#Debug true
LogFile /dev/console
LogTime yes
LogClean yes
@ -23,9 +24,9 @@ DetectPUA yes
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
AlgorithmicDetection yes
HeuristicAlerts yes
ScanOLE2 yes
OLE2BlockMacros yes
AlertOLE2Macros yes
ScanPDF yes
ScanSWF yes
ScanXMLDOCS yes