Contents

Dockerfile for ClamAV with HTTPS REST API

Dockerfile for ClamAV with https REST API.

Note

Original code comes from https://github.com/ajilaag/clamav-rest

Modifications:

  • Create https certificate on the fly
  • Fix GO compile problems after version 1.18.
  • Use latest alpine

Dockerfile

FROM public.ecr.aws/docker/library/alpine:latest

# Update Alpine
RUN apk update upgrade

# Install ClamAV and required packages
RUN apk --no-cache  add git tzdata make musl-dev openssl go clamav clamav-libunrar && mkdir /run/clamav && chown clamav:clamav /run/clamav

# Setup TimeZone
RUN ln -s /usr/share/zoneinfo/America/New_York /etc/localtime

# Generate Self Signed Certificate for HTTPS
WORKDIR /etc/ssl/clamav-rest
RUN openssl req -newkey rsa:2048 -nodes -keyout clamav.key -x509 -subj "/C=US/ST=Maryland/O=Maryland/localityName=Bethesda/commonName=letslearntogether\.info/organizationalUnitName=DevOps/emailAddress=info\@letslearntogether\.info" -days 365 -out clamav.crt

# Configure GO
ENV GOROOT /usr/lib/go
ENV GOPATH /go
ENV PATH /go/bin:$PATH
RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
WORKDIR ${GOPATH}

# Get ClamAV RestAPI code 
RUN git clone https://github.com/ajilaag/clamav-rest src/clamav-rest && cd src/clamav-rest

# Configure clamAV to run in foreground with port 3310
RUN sed -i 's/^#Foreground .*$/Foreground true/g' /etc/clamav/clamd.conf \
    && sed -i 's/^#TCPSocket .*$/TCPSocket 3310/g' /etc/clamav/clamd.conf \
    && sed -i 's/^#Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf \
    && sed -i 's/server.crt/clamav.crt/g' src/clamav-rest/clamrest.go \
    && sed -i 's/server.key/clamav.key/g' src/clamav-rest/clamrest.go \
    && sed -i 's/9000/8080/g' src/clamav-rest/clamrest.go \
    && sed -i 's/9443/8443/g' src/clamav-rest/clamrest.go

# Compile ClamAV-Rest
RUN cd src/clamav-rest && go mod init && go mod tidy && go mod vendor && go build -v
COPY clamav-entrypoint.sh /usr/bin/
RUN chmod u+x /usr/bin/clamav-entrypoint.sh && mv src/clamav-rest/clamav-rest /usr/bin && rm -Rf src/clamav-rest

# Update ClamAv DB 
#RUN freshclam -v --quiet --no-dns
RUN freshclam -v

EXPOSE 8080
EXPOSE 8443

ENV MAX_SCAN_SIZE=100M
ENV MAX_FILE_SIZE=25M
ENV MAX_RECURSION=16
ENV MAX_FILES=10000
ENV MAX_EMBEDDEDPE=10M
ENV MAX_HTMLNORMALIZE=10M
ENV MAX_HTMLNOTAGS=2M
ENV MAX_SCRIPTNORMALIZE=5M
ENV MAX_ZIPTYPERCG=1M
ENV MAX_PARTITIONS=50
ENV MAX_ICONSPE=100
ENV PCRE_MATCHLIMIT=100000
ENV PCRE_RECMATCHLIMIT=2000
ENV SIGNATURE_CHECKS=2

ENTRYPOINT /usr/bin/clamav-entrypoint.sh

Entrypoint

#!/bin/sh

# Replace values with environment variables in clamd.conf
sed -i 's/^#MaxScanSize .*$/MaxScanSize '"$MAX_SCAN_SIZE"'/g' /etc/clamav/clamd.conf
sed -i 's/^#StreamMaxLength .*$/StreamMaxLength '"$MAX_FILE_SIZE"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxFileSize .*$/MaxFileSize '"$MAX_FILE_SIZE"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxRecursion .*$/MaxRecursion '"$MAX_RECURSION"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxFiles .*$/MaxFiles '"$MAX_FILES"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxEmbeddedPE .*$/MaxEmbeddedPE '"$MAX_EMBEDDEDPE"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxHTMLNormalize .*$/MaxHTMLNormalize '"$MAX_HTMLNORMALIZE"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxHTMLNoTags.*$/MaxHTMLNoTags '"$MAX_HTMLNOTAGS"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxScriptNormalize .*$/MaxScriptNormalize '"$MAX_SCRIPTNORMALIZE"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxZipTypeRcg .*$/MaxZipTypeRcg '"$MAX_ZIPTYPERCG"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxPartitions .*$/MaxPartitions '"$MAX_PARTITIONS"'/g' /etc/clamav/clamd.conf
sed -i 's/^#MaxIconsPE .*$/MaxIconsPE '"$MAX_ICONSPE"'/g' /etc/clamav/clamd.conf
sed -i 's/^#PCREMatchLimit.*$/PCREMatchLimit '"$PCRE_MATCHLIMIT"'/g' /etc/clamav/clamd.conf
sed -i 's/^#PCRERecMatchLimit .*$/PCRERecMatchLimit '"$PCRE_RECMATCHLIMIT"'/g' /etc/clamav/clamd.conf

freshclam --daemon --checks=$SIGNATURE_CHECKS &
clamd &
/usr/bin/clamav-rest &

pids=`jobs -p`

exitcode=0

terminate() {
    for pid in $pids; do
        if ! kill -0 $pid 2>/dev/null; then
            wait $pid
            exitcode=$?
        fi
    done
    kill $pids 2>/dev/null
}

trap terminate CHLD
wait

exit $exitcode

Build container

$ podman build . -t clamav-restapi:latest

Run container

$ podman run -p 8443:8443 localhost/clamav-reastapi:latest
Starting clamav rest bridge
Connecting to clamd on tcp://localhost:3310
clamD not running, waiting times [1]
ClamAV update process started at Sun Aug  7 07:51:43 2022
clamD not running, waiting times [2]
clamD not running, waiting times [3]
Sun Aug  7 07:51:52 2022 -> Limits: Global time limit set to 120000 milliseconds.
Sun Aug  7 07:51:52 2022 -> Limits: Global size limit set to 104857600 bytes.
Sun Aug  7 07:51:52 2022 -> Limits: File size limit set to 26214400 bytes.
Sun Aug  7 07:51:52 2022 -> Limits: Recursion level limit set to 16.
Sun Aug  7 07:51:52 2022 -> Limits: Files limit set to 10000.
Sun Aug  7 07:51:52 2022 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sun Aug  7 07:51:52 2022 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Sun Aug  7 07:51:52 2022 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sun Aug  7 07:51:52 2022 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Sun Aug  7 07:51:52 2022 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sun Aug  7 07:51:52 2022 -> Limits: MaxPartitions limit set to 50.
Sun Aug  7 07:51:52 2022 -> Limits: MaxIconsPE limit set to 100.
Sun Aug  7 07:51:52 2022 -> Limits: MaxRecHWP3 limit set to 16.
Sun Aug  7 07:51:52 2022 -> Limits: PCREMatchLimit limit set to 100000.
Sun Aug  7 07:51:52 2022 -> Limits: PCRERecMatchLimit limit set to 2000.
Sun Aug  7 07:51:52 2022 -> Limits: PCREMaxFileSize limit set to 26214400.
Sun Aug  7 07:51:52 2022 -> Archive support enabled.
Sun Aug  7 07:51:52 2022 -> AlertExceedsMax heuristic detection disabled.
Sun Aug  7 07:51:52 2022 -> Heuristic alerts enabled.
Sun Aug  7 07:51:52 2022 -> Portable Executable support enabled.
Sun Aug  7 07:51:52 2022 -> ELF support enabled.
Sun Aug  7 07:51:52 2022 -> Mail files support enabled.
Sun Aug  7 07:51:52 2022 -> OLE2 support enabled.
Sun Aug  7 07:51:52 2022 -> PDF support enabled.
Sun Aug  7 07:51:52 2022 -> SWF support enabled.
Sun Aug  7 07:51:52 2022 -> HTML support enabled.
Sun Aug  7 07:51:52 2022 -> XMLDOCS support enabled.
Sun Aug  7 07:51:52 2022 -> HWP3 support enabled.
Sun Aug  7 07:51:52 2022 -> Self checking every 600 seconds.
Sun Aug  7 07:51:52 2022 -> Set stacksize to 1048576
Clamd version: "ClamAV 0.104.3/26620/Sun Aug  7 03:52:41 2022"
Connected to clamd on tcp://localhost:3310
Sun Aug  7 08:03:24 2022 -> SelfCheck: Database status OK.
Sun Aug  7 08:13:24 2022 -> SelfCheck: Database status OK.
Tip
For more information please see https://github.com/ajilaag/clamav-rest