https://github.com/tiredofit/docker-clamav
Docker antivirus software with monitoring and customizable features
https://github.com/tiredofit/docker-clamav
alpine antivirus clamav docker malware-detection zabbix-agent
Last synced: 6 months ago
JSON representation
Docker antivirus software with monitoring and customizable features
- Host: GitHub
- URL: https://github.com/tiredofit/docker-clamav
- Owner: tiredofit
- License: mit
- Created: 2017-09-12T16:49:00.000Z (about 8 years ago)
- Default Branch: main
- Last Pushed: 2025-01-22T17:34:37.000Z (8 months ago)
- Last Synced: 2025-03-21T02:21:56.177Z (7 months ago)
- Topics: alpine, antivirus, clamav, docker, malware-detection, zabbix-agent
- Language: Dockerfile
- Homepage:
- Size: 110 KB
- Stars: 28
- Watchers: 3
- Forks: 18
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# github.com/tiredofit/docker-clamav
[](https://github.com/tiredofit/docker-clamav/releases/latest)
[](https://github.com/tiredofit/docker-clamav/actions)
[](https://hub.docker.com/r/tiredofit/clamav/)
[](https://hub.docker.com/r/tiredofit/clamav/)
[](https://github.com/sponsors/tiredofit)
[](https://www.paypal.me/tiredofit)
* * *
## About
Dockerfile to build an [Clam Antivirus](https://www.clamav.net) to scan files or mail messages.
- Auto Configuration Support
- Sane Defaults
- Automatic Downlad and update of Virus Definitions
- Ability to load custom definitions
- Log rotation
## Maintainer
- [Dave Conroy](https://github.com/tiredofit/)
## Table of Contents
- [About](#about)
- [Maintainer](#maintainer)
- [Table of Contents](#table-of-contents)
- [Prerequisites and Assumptions](#prerequisites-and-assumptions)
- [Installation](#installation)
- [Build from Source](#build-from-source)
- [Prebuilt Images](#prebuilt-images)
- [Configuration](#configuration)
- [Quick Start](#quick-start)
- [Persistent Storage](#persistent-storage)
- [Environment Variables](#environment-variables)
- [Base Images used](#base-images-used)
- [Core Configuration](#core-configuration)
- [Virus Definitions Configuration](#virus-definitions-configuration)
- [Virus Scanning Settings](#virus-scanning-settings)
- [Scanning Limits](#scanning-limits)
- [Alerting Settings](#alerting-settings)
- [Networking](#networking)
- [Maintenance](#maintenance)
- [Shell Access](#shell-access)
- [Manual Definition Updates](#manual-definition-updates)
- [Support](#support)
- [Usage](#usage)
- [Bugfixes](#bugfixes)
- [Feature Requests](#feature-requests)
- [Updates](#updates)
- [License](#license)
## Prerequisites and Assumptions
- This container doesn't do much on it's own unless you use an additional service or communicator to talk to it! You can scan files if you'd like by binding a volume inside the container but that is not the intent of this image.
## Installation
### Build from Source
Clone this repository and build the image with `docker build -t (imagename) .`
### Prebuilt Images
Builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/clamav)
```bash
docker pull docker.io/tiredofit/clamav:(imagetag)
```
Builds of the image are also available on the [Github Container Registry](https://github.com/tiredofit/docker-clamav/pkgs/container/docker-clamav)
```
docker pull ghcr.io/tiredofit/docker-clamav:(imagetag)
```
The following image tags are available along with their tagged release based on what's written in the [Changelog](CHANGELOG.md):
| Container OS | Tag |
| ------------ | --------- |
| Alpine | `:latest` |
## Configuration
### Quick Start
* The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). See the examples folder for a working [docker-compose.yml](examples/docker-compose.yml) that can be modified for development or production use.
* Set various [environment variables](#environment-variables) to understand the capabilities of this image.
* Map [persistent storage](#data-volumes) for access to configuration and data files for backup.
### Persistent Storage
The container will look for definition files upon startup in `/data` and if not found, download them. 6 times a day it will also check for updated definitions.
The following directories are used for configuration and can be mapped for persistent storage.
| Directory | Description |
| ------------------- | ------------------- |
| `/data/definitions` | Virus Definitions |
| `/data/config` | Configuration Files |
| `/logs` | Log Files |
### Environment Variables
#### Base Images used
This image relies on an [Alpine Linux](https://hub.docker.com/r/tiredofit/alpine) or [Debian Linux](https://hub.docker.com/r/tiredofit/debian) base image that relies on an [init system](https://github.com/just-containers/s6-overlay) for added capabilities. Outgoing SMTP capabilities are handlded via `msmtp`. Individual container performance monitoring is performed by [zabbix-agent](https://zabbix.org). Additional tools include: `bash`,`curl`,`less`,`logrotate`, `nano`.
Be sure to view the following repositories to understand all the customizable options:
| Image | Description |
| ------------------------------------------------------ | -------------------------------------- |
| [OS Base](https://github.com/tiredofit/docker-alpine/) | Customized Image based on Alpine Linux |
#### Core Configuration
| Parameter | Description | Default |
| ---------------------------- | ------------------------------------------------------------------------------- | ------------------------------- |
| `SETUP_TYPE` | Auto Configure Configuration each startup - Set to `MANUAL` to disable | `AUTO` |
| `CLAMD_CONFIG_FILE` | Clamd Configuration file | `clamd.conf` |
| `CLAMD_LOCAL_SOCKET` | Clamd Socket Name | `/run/clamd/clamd.sock` |
| `CLAMD_TEMP_LOCATION` | CLamd Temp Location | `/tmp/clamd/` |
| `CONCURRENT_DATABASE_RELOAD` | Enable non-blocking (multi-threaded/concurrent) database reloads. | `TRUE` |
| `DATA_LOCATION` | Base Folder for Data Files | `/data/` |
| `CONFIG_LOCATION` | Folder for Config Files | `${DATA_LOCATION}/config/` |
| `DEFINITIONS_LOCATION` | Folder for Virus Definitions | `${DATA_LOCATION}/definitions/` |
| `ENABLE_CLAMD` | Enable ClamD Daemon | `TRUE` |
| `ENABLE_LOG_CLAMD` | Enable Logging for Clamd | `TRUE` |
| `ENABLE_LOG_FRESHCLAM` | Enable Logging for Definitions Updaer | `TRUE` |
| `FRESHCLAM_CONFIG_FILE` | Freshclam Definitions Updater configuration file | `freshclam.conf` |
| `FRESHCLAM_DATABASES` | Comma seperated list of additional definitions eg | |
| | `http://www.rfxn.com/downloads/rfxn.ndb,http://www.rfxn.com/downloads/rfxn.hdb` | |
| `LISTEN_PORT` | ClamD TCP Socket Listen port | `3310` |
| `LOG_FILE_CLAMD` | ClamD Log File | `clamd.log` |
| `LOG_FILE_FRESHCLAM` | Freshclam Log File | `freshclam.log` |
| `LOG_PATH` | Logfile locations | `/logs/` |
| `LOG_VERBOSE` | Enable Verbosity in Logs | `FALSE` |
#### Virus Definitions Configuration
| Parameter | Description | Default |
| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `ENABLE_DEFINITIONS_UPDATE` | Enable Automatic Definitions Updating | `TRUE` |
| `DEFINITIONS_UPDATE_FREQUENCY` | How often to check for new Definitions in minutes | `1440` |
| `DEFINITIONS_UPDATE_BEGIN` | What time to do the first dump. Defaults to immediate. Must be in one of two formats | |
| | Absolute HHMM, e.g. `2330` or `0415` | |
| | Relative +MM, i.e. how many minutes after starting the container, e.g. `+0` (immediate), `+10` (in 10 minutes), or `+90` in an hour and a half | |
#### Virus Scanning Settings
| Parameter | Description | Default |
| ------------------------------ | ------------------------------------------------ | ---------------- |
| `DISABLE_CERT_CHECK` | Disable PE Cert Checks | `TRUE` |
| `ENABLE_ALGORITHMIC_DETECTION` | Enable Algorithmic Detection | `TRUE` |
| `ENABLE_BYTECODE` | Enable Bytecode Checks | `TRUE` |
| `ENABLE_DETECT_PUA` | Detect PUA | `TRUE` |
| `ENABLE_PHISHING_SCAN_URLS` | Scan URLs for Phishing | `TRUE` |
| `ENABLE_PHISHING_SIGNATURES` | Scan for signatures related to Phishing | `TRUE` |
| `ENABLE_SCAN_ARCHIVE` | Scan Archives | `TRUE` |
| `ENABLE_SCAN_ELF` | Scan ELF files | `TRUE` |
| `ENABLE_SCAN_HTML` | Scan HTML Files | `TRUE` |
| `ENABLE_SCAN_MAIL` | Scan Mail Files | `TRUE` |
| `ENABLE_SCAN_OLE2` | Scan OLE2 Files | `TRUE` |
| `ENABLE_SCAN_PDF` | Scan PDF Files | `TRUE` |
| `ENABLE_SCAN_PE` | Scan PE Files | `TRUE` |
| `ENABLE_SCAN_SWF` | Scan SWF Files | `TRUE` |
| `EXCLUDE_PUA` | Comma Seperated Values of PUA formats to exclude | `NetTool,PWTool` |
| `INCLUDE_PUA` | Comma Seperated Values of PUA formats to exclude | `(null)` |
#### Scanning Limits
| Parameter | Description | Default |
| --------------------- | ------------------------- | ------- |
| `MAX_EMBEDDEDPE` | Max filesize Embedded PE | `10M` |
| `MAX_FILE_SIZE` | Max file to scan | `25M` |
| `MAX_FILES` | Max files to scan | `10000` |
| `MAX_HTMLNORMALIZE` | Max HTML Normalize | `10M` |
| `MAX_HTMLNOTAGS` | Max HTML No Tags | `2M` |
| `MAX_ICONSPE` | Max IconsPE | `100` |
| `MAX_PARTITIONS` | Max Partitons to Scan | `50` |
| `MAX_RECHWP3` | Max Recursive HWP3 | `16` |
| `MAX_RECURSION` | Max Folder Recursion | `16` |
| `MAX_SCAN_SIZE` | Max Scan Size | `100M` |
| `MAX_SCRIPTNORMALIZE` | Max Script Normalize Scan | `5M` |
| `MAX_THREADS` | Max Scanning Threads | `10` |
| `MAX_ZIPTYPERCG` | Max Zip type Recursive | `1M` |
| `PCRE_MATCH_LIMIT` | PCRE Match Limit | `10000` |
| `PCRE_MAX_FILE_SIZE` | PCRE Max File Size | `25M` |
| `PCRE_RECMATCH_LIMIT` | PCRE REcursive Max Limit | `2000` |
| `STREAM_MAX_LENGTH` | Max stream size to scan | `25M` |
#### Alerting Settings
| Parameter | Description | Default |
| -------------------------------- | ------------------------------------------------------------------ | ------- |
| `ENABLE_ALERT_ENCRYPTED_ARCHIVE` | Alert on encrypted archives (.zip, .7zip, .rar) | `FALSE` |
| `ENABLE_ALERT_ENCRYPTED_DOC` | Alert on encrypted documents (.pdf) | `FALSE` |
| `ENABLE_ALERT_OLE2_MACROS` | Alert on OLE2 files containing VBA macros | `FALSE` |
| `ENABLE_ALERT_EXCEEDS_MAX` | Alert on files exceeding MAX_FILES, MAX_SCAN_SIZE or MAX_RECURSION | `FALSE` |
### Networking
| Port | Description |
| ------ | -------------------- |
| `3310` | ClamD Listening Port |
* * *
## Maintenance
### Shell Access
For debugging and maintenance purposes you may want access the containers shell.
``bash
docker exec -it (whatever your container name is) bash
``
### Manual Definition Updates
Manual Definition Updates can be performed by entering the container and typing `update-now`
## Support
These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
### Usage
- The [Discussions board](../../discussions) is a great place for working with the community on tips and tricks of using this image.
- [Sponsor me](https://tiredofit.ca/sponsor) for personalized support
### Bugfixes
- Please, submit a [Bug Report](issues/new) if something isn't working as expected. I'll do my best to issue a fix in short order.
### Feature Requests
- Feel free to submit a feature request, however there is no guarantee that it will be added, or at what timeline.
- [Sponsor me](https://tiredofit.ca/sponsor) regarding development of features.
### Updates
- Best effort to track upstream changes, More priority if I am actively using the image in a production environment.
- [Sponsor me](https://tiredofit.ca/sponsor) for up to date releases.
## License
MIT. See [LICENSE](LICENSE) for more details.## References
* https://www.clamav.net