{"id":40112815,"url":"https://github.com/abes-esr/clamscan-docker","last_synced_at":"2026-01-19T12:03:24.415Z","repository":{"id":44869746,"uuid":"356935312","full_name":"abes-esr/clamscan-docker","owner":"abes-esr","description":"Dockerization 🐳 of ClamAV and specifically clamscan command used to scan periodicaly a specific folder for detecting trojans, viruses, malware \u0026 other malicious threats. If something bad is detected, an email is sent.","archived":false,"fork":false,"pushed_at":"2022-10-24T14:11:57.000Z","size":115,"stargazers_count":15,"open_issues_count":0,"forks_count":3,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-12-20T16:44:02.268Z","etag":null,"topics":["clamscan","docker"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/abes-esr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-04-11T17:35:05.000Z","updated_at":"2024-12-03T23:38:03.000Z","dependencies_parsed_at":"2023-01-20T05:13:01.246Z","dependency_job_id":null,"html_url":"https://github.com/abes-esr/clamscan-docker","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/abes-esr/clamscan-docker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abes-esr%2Fclamscan-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abes-esr%2Fclamscan-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abes-esr%2Fclamscan-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abes-esr%2Fclamscan-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/abes-esr","download_url":"https://codeload.github.com/abes-esr/clamscan-docker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abes-esr%2Fclamscan-docker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28567861,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T08:53:44.001Z","status":"ssl_error","status_checked_at":"2026-01-19T08:52:40.245Z","response_time":67,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clamscan","docker"],"created_at":"2026-01-19T12:03:24.343Z","updated_at":"2026-01-19T12:03:24.410Z","avatar_url":"https://github.com/abes-esr.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# clamscan-docker\n\n[![Docker Pulls](https://img.shields.io/docker/pulls/abesesr/clamscan-docker.svg)](https://hub.docker.com/r/abesesr/clamscan-docker/)\n[![clamscan-docker ci](https://github.com/abes-esr/clamscan-docker/actions/workflows/build-test-pubtodockerhub.yml/badge.svg)](https://github.com/abes-esr/clamscan-docker/actions/workflows/build-test-pubtodockerhub.yml)\n\nDockerization of [ClamAV](https://www.clamav.net/) and specifically `clamscan` command used to scan periodicaly a specific folder for detecting trojans, viruses, malware \u0026 other malicious threats. If something bad is detected, an email is sent.\n\n![](https://docs.google.com/drawings/d/e/2PACX-1vQEDK9TB6PJMLF1HA_Js9b36rVfaByUg8Z-9MWk0atfRWWl4DBop_wq8_phRzM82_y6R39iMoreE0vD/pub?w=200)\n\n[demo](https://user-images.githubusercontent.com/328244/116212678-5d9bb680-a745-11eb-909a-e2ad75d750a1.mp4)\n\n\n\n## Parameters\n\n- `SCAN_AT_STARTUP`: if 1, then start with a scan when the container is created (default is `1`)\n- `FRESHCLAM_AT_STARTUP`: if 1, then update the virus database when the container startup (default is `1`)\n- `SCAN_ONLY_NEW_FILES`: if 1, then the scan will scan a first time the whole `FOLDER_TO_SCAN` content, and the next time (see `CRON_CLAMSCAN`) it will only scan the new files found. Thanks to this feature, the process will be lighter (less CPU usage) especially when there is lot and lot of files in `FOLDER_TO_SCAN` (default is `1`)\n- `FOLDER_TO_SCAN`: this is the folder to scan with clamscan (default is `/folder-to-scan/`)\n- `CRON_CLAMSCAN`: crontab parameters to run the clamscan command which is used to scan the `FOLDER_TO_SCAN` (default is `*/5 * * * *` - it means each 5 minutes)\n- `CRON_FRESHCLAM`: crontab parameters to run the freshclam command which is used to update virus databases (default is `0 * * * * *` - it means each hours)\n- `ALERT_MAILTO`: email address to send the alerts to (empty value as default so nothing is sent as)\n- `ALERT_SUBJECT`: email subject for sending alerts to (`Alert from clamscan !` is the default value)\n- `SMTP_TLS`: to enable TLS, set the value to `on` (default is `off`)\n- `SMTP_HOST`: host or ip of the smtp server used to send the alerts (default is `127.0.0.1`)\n- `SMTP_PORT`: port of the smtp server used to send the alerts (default is` 25`)\n- `SMTP_USER`: smtp server login (empty value as default)\n- `SMTP_PASSWORD`: smtp server password (empty value as default)\n\n## Usage\n\nHere is a basic usecase.\nYou have a folder (`/var/www/html/uploads/`) where anonymous users can upload attachment thanks to a web form. You want to be sure there is no malicious uploaded files. So you decide to deploy `clamscan-docker` to scan this folder each 15 minutes and to be alerted to `mymail@mydomain.fr` if a virus is uploaded. Here is the docker commande you will run:\n\n```\ndocker run -d --name myclamavcontainer \\\n  -v /var/www/html/uploads/:/folder-to-scan/ \\\n  -e SCAN_AT_STARTUP=\"1\"\n  -e CRON_CLAMSCAN=\"*/15 * * * *\" \\\n  -e ALERT_SUBJECT=\"Alert from clamscan !\" \\\n  -e ALERT_MAILTO=\"mymail@mydomain.fr\" \\\n  -e SMTP_HOST=\"smtp.mydomain.fr\" \\\n  -e SMTP_PORT=\"25\" \\\n  abesesr/clamscan-docker:1.4.7\n```\n\n## Developement\n\n### Debugging and testing\n\nFirstly, download a virus and put it into `./volumes/folder-to-scan/`:\n```\ncd ./clamscan-docker/\nmkdir -p volumes/folder-to-scan/ \u0026\u0026 cd volumes/folder-to-scan/ \ncurl -L \"https://github.com/ytisf/theZoo/blob/dd88d539de6c91e39483848fa0bd2fe859009c3e/malware/Binaries/Win32.LuckyCat/Win32.LuckyCat.zip?raw=true\" \u003e ./Win32.LuckyCat.zip\nunzip -P infected ./Win32.LuckyCat.zip \n```\n\nThen run the `docker-compose.yml` to scan the `volumes/folder-to-scan/` folder:\n```\ncd ./clamscan-docker/\ndocker-compose up\n```\n\nThen, open your browser at http://127.0.0.1:8025/ to look at the alert mail sent at the fake email `security@team.fr`\n\n### Generating a new version\n\nTo generate a new version you have to:\n1. Identify the version you want to create (the version should respect [semver (X.X.X)](https://semver.org/lang/fr/) and should not already exist)\n2. Go the github action in charge of creating a new release: https://github.com/abes-esr/clamscan-docker/actions/workflows/create-release.yml\n3. Clic on \"Run workflow\" on the right, indicate the version, and validate: ![image](https://user-images.githubusercontent.com/328244/158980351-04d98b20-fbf8-417b-a8d6-b573de4a0941.png)\n4. Validate and wait for the build, [![ci](https://github.com/abes-esr/clamscan-docker/actions/workflows/build-test-pubtodockerhub.yml/badge.svg)](https://github.com/abes-esr/clamscan-docker/actions/workflows/build-test-pubtodockerhub.yml)\n\n\n## See also\n\n- https://dev.to/brisbanewebdeveloper/scan-infected-files-with-docker-and-clam-antivirus-clamav-1939\n- https://medium.com/@darkcl_dev/scanning-files-with-clamav-inside-a-dockerized-node-application-bd2e5fcc5ce8\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabes-esr%2Fclamscan-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fabes-esr%2Fclamscan-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabes-esr%2Fclamscan-docker/lists"}