{"id":20286404,"url":"https://github.com/antoonline/clamscan-docker","last_synced_at":"2026-04-20T06:04:37.707Z","repository":{"id":158543050,"uuid":"634104033","full_name":"AntoOnline/clamscan-docker","owner":"AntoOnline","description":"This Docker container will use ClamAV to scan a mounted volume for viruses and send an email or Slack message if a virus is found.","archived":false,"fork":false,"pushed_at":"2023-04-30T20:47:49.000Z","size":11,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-14T08:14:15.642Z","etag":null,"topics":["clamav","docker","malware","ubuntu","virus"],"latest_commit_sha":null,"homepage":"https://anto.online","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AntoOnline.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-29T04:08:06.000Z","updated_at":"2023-06-18T15:43:12.000Z","dependencies_parsed_at":"2023-05-21T06:00:43.835Z","dependency_job_id":null,"html_url":"https://github.com/AntoOnline/clamscan-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AntoOnline%2Fclamscan-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AntoOnline%2Fclamscan-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AntoOnline%2Fclamscan-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AntoOnline%2Fclamscan-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AntoOnline","download_url":"https://codeload.github.com/AntoOnline/clamscan-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241780499,"owners_count":20019061,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clamav","docker","malware","ubuntu","virus"],"created_at":"2024-11-14T14:33:58.957Z","updated_at":"2026-04-20T06:04:32.686Z","avatar_url":"https://github.com/AntoOnline.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# clamscan-docker\n\nThis Docker container will use ClamAV to scan a mounted volume for viruses and send an email or Slack message if a virus is found.\n\nYou can get the container to scan at startup and then on a cron schedule. It will only scan new files on the cron schedule.\n\nPlease check out the original source from: abes-esr/clamscan-docker. This is a fork of that project. I have only added Slack and use the latest Ubuntu image.\n\nNote: I have not tested the email functionality. I have only tested the Slack functionality. Please use abes-esr/clamscan-docker if you need email functionality.\n\n## Parameters\n\n- `SCAN_AT_STARTUP`: if 1, then start with a scan when the container is created (default is `1`)\n- `FRESHCLAM_AT_STARTUP`: if 1, then update the virus database when the container startup (default is `1`)\n- `SCAN_ONLY_NEW_FILES`: if 1, then the scan will scan a first time the whole `FOLDER_TO_SCAN` content, and the next time (see `CRON_CLAMSCAN`) it will only scan the new files found. Thanks to this feature, the process will be lighter (less CPU usage) especially when there is lot and lot of files in `FOLDER_TO_SCAN` (default is `1`)\n- `FOLDER_TO_SCAN`: this is the folder to scan with clamscan (default is `/folder-to-scan/`)\n- `CRON_CLAMSCAN`: crontab parameters to run the clamscan command which is used to scan the `FOLDER_TO_SCAN` (default is `*/5 * * * *` - it means each 5 minutes)\n- `CRON_FRESHCLAM`: crontab parameters to run the freshclam command which is used to update virus databases (default is `0 * * * * *` - it means each hours)\n- `ALERT_MAILTO`: email address to send the alerts to (empty value as default so nothing is sent as)\n- `ALERT_SUBJECT`: email subject for sending alerts to (`Alert from clamscan !` is the default value)\n- `SMTP_TLS`: to enable TLS, set the value to `on` (default is `off`)\n- `SMTP_HOST`: host or ip of the smtp server used to send the alerts (default is `127.0.0.1`)\n- `SMTP_PORT`: port of the smtp server used to send the alerts (default is` 25`)\n- `SMTP_USER`: smtp server login (empty value as default)\n- `SMTP_PASSWORD`: smtp server password (empty value as default)\n- `SLACK_WEB_HOOK`: the slack web hook url to send a message too.\n\n## Usage\n\nHere is a basic usecase for sending email:\n\nYou have a folder (`/var/www/html/uploads/`) where anonymous users can upload attachment thanks to a web form. You want to be sure there is no malicious uploaded files. So you decide to deploy `clamscan-docker` to scan this folder each 15 minutes and to be alerted to `mymail@mydomain.fr` if a virus is uploaded. Here is the docker commande you will run:\n\n```\ndocker run -d --name myclamavcontainer \\\n  -v /var/www/html/uploads/:/folder-to-scan/ \\\n  -e SCAN_AT_STARTUP=\"1\"\n  -e CRON_CLAMSCAN=\"*/15 * * * *\" \\\n  -e ALERT_SUBJECT=\"Alert from clamscan !\" \\\n  -e ALERT_MAILTO=\"mymail@mydomain.fr\" \\\n  -e SMTP_HOST=\"smtp.mydomain.fr\" \\\n  -e SMTP_PORT=\"25\" \\\n  antoonline/clamscan-docker:latest\n```\n\nOr using docker-compose:\n\n```\nversion: '3'\n\nservices:\n  clamav:\n    build: ./image/\n    image: antoonline/clamscan-docker:latest\n    container_name: clamav\n    environment:\n      FRESHCLAM_AT_STARTUP: \"1\"\n      SCAN_AT_STARTUP: \"1\"\n      SCAN_ONLY_NEW_FILES: \"1\"\n      FOLDER_TO_SCAN: \"/folder-to-scan/\"\n      CRON_CLAMSCAN: \"0 * * * *\"\n      CLAMSCAN_OPTIONS: \"--recursive=yes --allmatch=yes --remove=no --suppress-ok-results\"\n    depends_on:\n      - clamav-mailhog\n    volumes:\n      - /path/to/scan/:/folder-to-scan/\n\n  clamav-mailhog:\n    image: mailhog/mailhog:v1.0.1\n    container_name: clamav-mailhog\n    environment:\n      MH_SMTP_BIND_ADDR: \"0.0.0.0:1025\" # cf https://github.com/mailhog/MailHog/blob/master/docs/CONFIG.md\n    ports:\n      - 8025:8025\n    logging:\n      driver: none\n```\n\nHere is a basic usecase for sending to slack:\n\n```\ndocker run -d --name myclamavcontainer \\\n  -v /var/www/html/uploads/:/folder-to-scan/ \\\n  -e SCAN_AT_STARTUP=\"1\"\n  -e CRON_CLAMSCAN=\"*/15 * * * *\" \\\n  -e SLACK_WEB_HOOK=\"https://hooks.slack.com/services/.../.../....\" \\\n  antoonline/clamscan-docker:latest\n```\n\nOr using docker compose:\n\n```\nversion: '3'\n\nservices:\n  clamav:\n    build: ./image/\n    image: antoonline/clamscan-docker:latest\n    container_name: clamav\n    environment:\n      FRESHCLAM_AT_STARTUP: \"1\"\n      SCAN_AT_STARTUP: \"1\"\n      SCAN_ONLY_NEW_FILES: \"1\"\n      FOLDER_TO_SCAN: \"/folder-to-scan/\"\n      CRON_CLAMSCAN: \"0 * * * *\"\n      CLAMSCAN_OPTIONS: \"--recursive=yes --allmatch=yes --remove=no --suppress-ok-results\"\n      SLACK_WEB_HOOK: \"https://hooks.slack.com/services/.../.../....\"\n    volumes:\n      - /path/to/scan/:/folder-to-scan/\n```\n\n## Debugging and testing\n\nFirstly, download a virus and put it into `./volumes/folder-to-scan/`:\n\n```\ncd ./clamscan-docker/\nmkdir -p volumes/folder-to-scan/ \u0026\u0026 cd volumes/folder-to-scan/\ncurl -L \"https://github.com/ytisf/theZoo/blob/dd88d539de6c91e39483848fa0bd2fe859009c3e/malware/Binaries/Win32.LuckyCat/Win32.LuckyCat.zip?raw=true\" \u003e ./Win32.LuckyCat.zip\nunzip -P infected ./Win32.LuckyCat.zip\n```\n\nThen run the run the docker container to test.\n\n## See also\n- https://github.com/abes-esr/clamscan-docker\n- https://dev.to/brisbanewebdeveloper/scan-infected-files-with-docker-and-clam-antivirus-clamav-1939\n- https://medium.com/@darkcl_dev/scanning-files-with-clamav-inside-a-dockerized-node-application-bd2e5fcc5ce8\n\n## Want to connect?\n\nFeel free to contact me on [Twitter](https://twitter.com/OnlineAnto), [DEV Community](https://dev.to/antoonline/) or [LinkedIn](https://www.linkedin.com/in/anto-online) if you have any questions or suggestions.\n\nOr just visit my [website](https://anto.online) to see what I do.\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantoonline%2Fclamscan-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fantoonline%2Fclamscan-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantoonline%2Fclamscan-docker/lists"}