mko-x / docker-clamav Goto Github PK

Thu Apr 9 14:13:39 2020 -> ClamAV update process started at Thu Apr 9 14:13:39 2020
Thu Apr 9 14:13:39 2020 -> ^Your ClamAV installation is OUTDATED!
Thu Apr 9 14:13:39 2020 -> ^Local version: 0.102.1 Recommended version: 0.102.2

Tue Feb 25 15:08:17 2020 -> ^Your ClamAV installation is OUTDATED!
Tue Feb 25 15:08:17 2020 -> ^Local version: 0.102.1 Recommended version: 0.102.2

It seems that the build is pulling 0.102.1 from apk:

Step 4/11 : RUN apk add --no-cache clamav rsyslog wget clamav-libunrar
---> Running in b7a24ba2cfc7
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
(1/19) Installing ca-certificates (20191127-r1)
(2/19) Installing nghttp2-libs (1.40.0-r0)
(3/19) Installing libcurl (7.67.0-r0)
(4/19) Installing libltdl (2.4.6-r7)
(5/19) Installing pcre (8.43-r0)
(6/19) Installing clamav-libs (0.102.1-r0)
(7/19) Installing freshclam (0.102.1-r0)
Executing freshclam-0.102.1-r0.pre-install
(8/19) Installing clamav-scanner (0.102.1-r0)
(9/19) Installing clamav-daemon (0.102.1-r0)
Executing clamav-daemon-0.102.1-r0.pre-install
(10/19) Installing fts (1.2.7-r1)
(11/19) Installing clamav (0.102.1-r0)
(12/19) Installing libgcc (9.2.0-r3)
(13/19) Installing libstdc++ (9.2.0-r3)
(14/19) Installing clamav-libunrar (0.102.1-r0)
(15/19) Installing libestr (0.1.11-r1)
(16/19) Installing libfastjson (0.99.8-r2)
(17/19) Installing libuuid (2.34-r1)
(18/19) Installing rsyslog (8.1911.0-r1)
(19/19) Installing wget (1.20.3-r0)

I think "FROM debian:jessie" is better than "FROM debian:latest".
Just because some days later "jessie" maybe not "latest"
So I suggest you to change it.

Hej,

I saw your docker file is using debian:stretch-slim as based image from https://hub.docker.com/r/mkodockx/docker-clamav/dockerfile. I was wonder do you have a ClamAV based on RedHat image or instruction how to make a RedHat UBI based image ClamAV please?

I am running this image (thanks a lot for it!) successfully inside an Azure Container instance. At startup I can see the freshclam running and downloading the latest av definitions. Then clamav itself starts. So far so good.
My question now is: How can I verify that the auto-update of freshclam works? I didn't see any log entries in regards to the update or anything?!

I could connect to the container. Is there any command I could run to see the version of the currently installed definitions?

Thanks!

From docker logs:

[bootstrap] Initial clam DB download.
ERROR: Incorrect argument format for option LogSyslog

Content of freshclam.conf:

DatabaseDirectory /store/
LogSyslog yes
LogTime yes
PidFile /run/clamav/freshclam.pid
DatabaseOwner root

This bug appeared with the updated container. I am using the image inside a docker-compose.yaml with NextCloud.
Replaced yes with true, 1 didn't solve the issue.

I am attempting to scan a large archive than can be greater than 30Gb. I was wondering if this is something clamav can even support and dif so why i cannot get it to work I am getting Clamd size limit exceeded. Full reply from server: INSTREAM size limit exceeded. ERROR

My clamd.conf follows

#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
    LocalSocket /var/run/clamav/clamd.ctl
    FixStaleSocket true
    LocalSocketGroup clamav
    LocalSocketMode 666
    # TemporaryDirectory is not set to its default /tmp here to make overriding
    # the default with environment variables TMPDIR/TMP/TEMP possible
    User clamav
    ScanMail true
    ScanArchive true
    ArchiveBlockEncrypted false
    MaxDirectoryRecursion 15
    FollowDirectorySymlinks false
    FollowFileSymlinks false
    ReadTimeout 180
    MaxThreads 12
    MaxConnectionQueueLength 15
    LogSyslog false
    LogRotate true
    LogFacility LOG_LOCAL6
    LogClean false
    LogVerbose false
    PreludeEnable no
    PreludeAnalyzerName ClamAV
    DatabaseDirectory /var/lib/clamav
    OfficialDatabaseOnly false
    SelfCheck 3600
    Foreground true
    Debug false
    ScanPE true
    MaxEmbeddedPE 10M
    ScanOLE2 true
    ScanPDF true
    ScanHTML true
    MaxHTMLNormalize 10M
    MaxHTMLNoTags 2M
    MaxScriptNormalize 5M
    MaxZipTypeRcg 1M
    ScanSWF true
    ExitOnOOM false
    LeaveTemporaryFiles false
    AlgorithmicDetection true
    ScanELF true
    IdleTimeout 30
    CrossFilesystems true
    PhishingSignatures true
    PhishingScanURLs true
    PhishingAlwaysBlockSSLMismatch false
    PhishingAlwaysBlockCloak false
    PartitionIntersection false
    DetectPUA false
    ScanPartialMessages false
    HeuristicScanPrecedence false
    StructuredDataDetection false
    CommandReadTimeout 30
    SendBufTimeout 200
    MaxQueue 100
    ExtendedDetectionInfo true
    OLE2BlockMacros false
    AllowAllMatchScan true
    ForceToDisk false
    DisableCertCheck false
    DisableCache false
    MaxScanTime 120000
    MaxScanSize 999999M
    MaxFileSize 999999M
    MaxRecursion 16
    MaxFiles 10000
    MaxPartitions 50
    MaxIconsPE 100
    PCREMatchLimit 10000
    PCRERecMatchLimit 5000
    PCREMaxFileSize 25M
    ScanXMLDOCS true
    ScanHWP3 true
    MaxRecHWP3 16
    StreamMaxLength 25M
    LogFile /var/log/clamav/clamav.log
    LogTime true
    LogFileUnlock false
    LogFileMaxSize 0
    Bytecode true
    BytecodeSecurity TrustSigned
    BytecodeTimeout 60000
    OnAccessMaxFileSize 5M
    TCPSocket 3310

I noticed it updates every 10 minutes by default. It would be nice to be able to change this time.

There is only a latest image tag on hub.docker.com.

Actual:
docker pull mkodockx/docker-clamav:buster-slim just has amd64 arch.

Expected:
docker pull mkodockx/docker-clamav:buster-slim should pull the correct arch for the platform I execute the command on

Proposal:

• have a build for each base folder (buster, stretch, main, edge)
• configure the hooks/post_push to execute the manifest tool (see below)

#!/bin/bash
curl -Lo manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.9.0/manifest-tool-linux-amd64
chmod +x manifest-tool

./manifest-tool push from-args \
    --platforms linux/amd64,linux/arm/v7,linux/arm64/v8 \
    --template ${repo}docker-clamav:buster-slim-ARCHVARIANT \
    --target ${repo}docker-clamav:buster-slim

Not sure if this is how the hooks can work, never worked with them myself ;-) Commands for alle images can be found in build-all.sh

Relates to #65

Support for multi arch dockerfiles should include

• amd64
• arm32
• arm64

--

• build which pushes platform/arch images to dockerhub

Also all dockerfiles for each platform and distro should be in master , so that it is easier to understand the full setup of all distro-arch-combinations.

Fri Jul 12 08:34:25 2019 -> Reading CVD header (bytecode.cvd): Fri Jul 12 08:34:25 2019 -> OK (IMS)
Fri Jul 12 08:34:25 2019 -> bytecode.cvd is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
Fri Jul 12 08:34:25 2019 -> *Can't query bytecode.328.93.1.0.AC15CBDE.ping.clamav.net
Fri Jul 12 08:34:28 2019 -> Database updated (6218762 signatures) from db.local.clamav.net
Fri Jul 12 08:34:28 2019 -> ^Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl: No such file or directory

Hi,

I can see that the container is running and exposing an endpoint on 3310. How can I send a file using the rest api? or does it offer a User Interface that I can use to upload / check the files?

I know it's not the correct place to ask a question so apologies for that.

Hi , I am running this container on Azure as app service( Linux Container)

I am getting the following error:

Issue 1 :
2020-06-13T18:21:23.313Z INFO - Initiating warmup request to container ##################_0_a43316a3 for site <########>
2020-06-13T18:21:23.258719351Z [bootstrap] Initial clam DB download.
2020-06-13T18:21:23.282271339Z Sat Jun 13 18:21:23 2020 -> ClamAV update process started at Sat Jun 13 18:21:23 2020
2020-06-13T18:21:23.348818270Z Sat Jun 13 18:21:23 2020 -> ^Your ClamAV installation is OUTDATED!
2020-06-13T18:21:23.349064372Z Sat Jun 13 18:21:23 2020 -> ^Local version: 0.102.1 Recommended version: 0.102.3
2020-06-13T18:21:23.349354375Z Sat Jun 13 18:21:23 2020 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
2020-06-13T18:21:23.349649577Z Sat Jun 13 18:21:23 2020 -> daily database available for download (remote version: 25842)
2020-06-13T18:21:26.910152000Z Sat Jun 13 18:21:26 2020 -> ^Mirror https://database.clamav.net is not synchronized.
2020-06-13T18:21:26.923311805Z Sat Jun 13 18:21:26 2020 -> !Unexpected error when attempting to update database: daily
2020-06-13T18:21:26.924324613Z Sat Jun 13 18:21:26 2020 -> ^fc_update_databases: fc_update_database failed: Up-to-date (1)
2020-06-13T18:21:26.924340213Z Sat Jun 13 18:21:26 2020 -> !Database update process failed: Up-to-date (1)
2020-06-13T18:21:26.924346113Z Sat Jun 13 18:21:26 2020 -> !Update failed.
2020-06-13T18:21:26.928438146Z [bootstrap] Schedule freshclam DB updater.
2020-06-13T18:21:26.943145663Z [bootstrap] Run clamav daemon
2020-06-13T18:21:26.951903133Z LibClamAV Error: cli_loaddbdir(): No supported database files found in /store
2020-06-13T18:21:26.953710848Z Sat Jun 13 18:21:26 2020 -> !Can't open file or directory

Issue 2:
2020-06-13T19:11:32.037Z INFO - docker run -d -p 1598:3310 --name ##################_0_c94effd8 -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=true -e WEBSITE_SITE_NAME=################## -e WEBSITE_AUTH_ENABLED=False -e PORT=3310 -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=##################.azurewebsites.net -e WEBSITE_INSTANCE_ID=############ mk0x/docker-clamav:alpine

2020-06-13T19:11:32.037Z INFO - Logging is not enabled for this container.
Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here.
2020-06-13T19:11:33.346Z INFO - Initiating warmup request to container ##################_0_c94effd8 for site ##################
2020-06-13T19:11:57.454Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 24.1084378 sec
2020-06-13T19:12:23.882Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 50.5368376 sec
2020-06-13T19:12:39.055Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 65.709756 sec
2020-06-13T19:12:54.173Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 80.827675 sec
2020-06-13T19:13:09.320Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 95.9744485 sec
2020-06-13T19:13:24.476Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 111.1301368 sec
2020-06-13T19:13:39.634Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 126.2880557 sec
2020-06-13T19:13:54.780Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 141.4341361 sec
2020-06-13T19:14:10.415Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 157.0697832 sec
2020-06-13T19:14:25.564Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 172.2188581 sec
2020-06-13T19:14:40.688Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 187.3428045 sec
2020-06-13T19:14:55.834Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 202.4886168 sec
2020-06-13T19:15:14.010Z INFO - Waiting for response to warmup request for container ##################_0_c94effd8. Elapsed time = 220.6640798 sec
2020-06-13T19:15:24.124Z ERROR - Container ##################_0_c94effd8 for site ################## did not start within expected time limit. Elapsed time = 230.7784448 sec
2020-06-13T19:15:24.127Z ERROR - Container ##################_0_c94effd8 didn't respond to HTTP pings on port: 3310, failing site start. See container logs for debugging.
2020-06-13T19:15:24.134Z INFO - Stopping site ################## because it failed during startup.

It doesn't look like the docker-compose.yml allows this thing to do anything. Am I missing something?

Describe the bug
Getting the following error

[bootstrap] Initial clam DB download.
ERROR: Incorrect argument format for option LogSyslog
ERROR: Can't open/parse the config file /etc/clamav/freshclam.conf

To Reproduce
docker run -p 3310:3310 mkodockx/docker-clamav:alpine

Expected behavior
no error, this was working with the previous version of the image

Host (please complete the following information):
ubuntu 20.04 via wsl

Image (please complete the following information):

Getting below error on Docker build:

E: Package 'libclamunrar7' has no installation candidate

It was working fine before. Suddenly, it's giving the error.

I am running this docker container along side a Nextcloud installation, and running the Nextcloud antivirus app in daemon mode to connect to ClamAV. I am getting the following error in the Nextcloud logs:
Error | files_antivirus | OCA\Files_Antivirus\BackgroundJob\BackgroundScanner::run, exception: The clamav module is not configured for daemon mode.
Any idea where I should begin looking? Thank you!

What i can see, the proxy settings is only supported during the build of the image. It would be nice to have the bootstrapper to read environment variables during startup and inject them into the config prior to start.

Best reg
Johan

I have set up a simple container that I want to connect to my next cloud installation(also in a container) but it keeps exiting with error,

nextav | /bootstrap.sh: line 32: 7 Killed clamd

this is when I run docker-compose up

  av:
    image: mk0x/docker-clamav
    container_name: nextav
    ports:
      - 3310:3310
    networks:
      - proxy-tier
    restart: unless-stopped

Hi,

I try to use your clamav container but I have an issue with the proxy.
I tried multiple things (using the environment variable) but I always get the "same error" which is the container stoping after starting.

Here is the docker-compose file.

version: '2'
services:
  clamav:
    image: mkodockx/docker-clamav
    volumes:
      - ./clamav/freshclam.conf:/etc/clamav/freshclam.conf
    mem_limit: 256m
    networks:
      - back
networks:
  front:
  back:

And here is the freshclam.conf file

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground true
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 0
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
SafeBrowsing false
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
HTTPProxyServer 10.100.xxx.xxx
HTTPProxyPort 80

Here is the error log in the container

clamav_1                 | Connecting via 10.100.xxx.xxx
clamav_1                 | Thu Jun  4 08:10:30 2020 -> ClamAV update process started at Thu Jun  4 08:10:30 2020
clamav_1                 | LibClamAV Warning: **************************************************
clamav_1                 | LibClamAV Warning: ***  The virus database is older than 7 days!  ***
clamav_1                 | LibClamAV Warning: ***   Please update it as soon as possible.    ***
clamav_1                 | LibClamAV Warning: **************************************************
clamav_1                 | /bootstrap.sh: line 35:    15 Killed                  clamd

Do you what the issue is ?

Thank you (and nice work on the container ;) )

Var latest_exitis returned but never updated, as exitcode is updated instead.

1. I was looking through your docker compose file. I assume I don't need the legacy links tag if I put ClamAV on the same network. My question involves using it with NextCloud and NGINX. If I make the ClamAV container internal, will NGINX container provide needed network to update ClamAV if I set ClamAV as depends_on NGINX container?

2. I assume this is just for debian builds and not CentOS builds:
   #debian: image: mkodockx/docker-clamav

3. It says you have proxy support but there is no documentation anywhere that I can find on how to use this proxy support.

4. For some reason, using ClamAV container with a reverse proxy, letsencrypt, database and nextcloud prevents them from finishing their setup.

edit:

I managed to finally get this working but for some reason, I had to delete my volumes for this to happen. I am not sure the reason why. Is there any reason a NGINX, Letsencrypt, NextCloud and Mariadb server that was running can not be torn down and remade with their current volumes plus this ClamAV container on the side?

I also noticed a major problem with this image. It randomly decides to make a volume even though no where in the docker compose file tells it to make a volume. This means that whatever is using the volume for cannot be remounted since a mounted volume was never used to create the server in the first place. It also means that every time I run this container, a volume gets created.

edit2:

I see the volume is being created by this. Shouldn't you have this volume made in the docker compose file instead?

# volume provision
VOLUME ["/var/lib/clamav"]

I started clamd and freshclam in a docker container exposed over port 3310.
Is there a way to run clamdscan from a different host with this "dockerised" clamd daemon?

Thanks,
-Weisin

I noticed it updates every 10 minutes by default. It would be nice to be able to change this time.

The /store/tmp directory is filling up with clamav-*.tmp files.

Can't the container itself take care of cleaning up those files?

High risk vulnerability found in the base image.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697

I get the following error message:

^Clamd was NOT notified: Can't connect to clamd through /tmp/clamd.sock: No such file or directory

The Problem seems to be, that freshclam tries to inform (NotifyClamd /etc/clamav/clamd.conf) clamd after finishing the update of the signatures. But due to the start order in the bootstrap.py, clamd isn's running at this time. Therefore the socket /tmp/clamd.sock does not yet exist.

libclamunrar6 has been removed from jesse and wheezy.

I changed this to libclamunrar7 and was able to build succesfully.

Describe the bug
We had this container running in azure container instances supporting our virus scanning within a application. This image no longer starts and throws following error

To Reproduce
Steps to reproduce the behavior:
This is deployed to azure in a fairly standard way using container instances. Here's the azure yaml file that does the deploy:

Expected behavior
Usually the image updates the database and boots up, but at some point within last few days, after a new image pull the image won't start anymore. No configuration has changed otherwise.

Screenshots
If applicable, add screenshots to help explain your problem.

Host (please complete the following information):

• OS: Azure
• Container Instances

Image (please complete the following information):

• Tag: mkodockx/docker-clamav:latest but all tags have the same issue. Alpine, latest, alpine edge etc.
• Configuration: N/A

Additional context
Interesting thing is the image boots up just fine if we pull it down to local docker host on a VM. Throws the above error only when deployed to azure container instances

I see the daemon updates every hour. Is there a simple way to change this in the image?

Tue Oct 22 09:13:29 2019 -> ClamAV update process started at Tue Oct 22 09:13:29 2019
Tue Oct 22 09:13:29 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Tue Oct 22 09:13:29 2019 -> daily.cld is up to date (version: 25609, sigs: 1948933, f-level: 63, builder: raynman)
Tue Oct 22 09:13:29 2019 -> bytecode.cvd is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
Tue Oct 22 10:13:29 2019 -> Received signal: wake up
Tue Oct 22 10:13:29 2019 -> ClamAV update process started at Tue Oct 22 10:13:29 2019

I am using the latest docker image pushed to docker hub running with the command

docker run -d -p 3310:3310 mkodockx/docker-clamav

^Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl: No such file or directory

I ran ps -ef | grep clamd but I see that clamav is running. I see the following:

ps -ef | grep clamd

Is this something to be concerned about?

I am trying to figure out how I can use this docker image and change the file size limit for ClamAV during deployment. Any hints?

I am guessing the daemon needs considerable memory to hold the virus signatures but the container alpine-edge is using 1.3G RAM. Is this normal?

Hi , i try to access clamav in browser : localhost:3310 , but it keep returning "This page isn’t working"

i have run this
docker run -d -p 3310:3310 mk0x/docker-clamav:alpine-edge

i have check the log message. it seems like Clamd cannot be connect.

[bootstrap] Initial clam DB download.
Sat Jul 18 06:18:21 2020 -> ClamAV update process started at Sat Jul 18 06:18:21 2020
Sat Jul 18 06:18:21 2020 -> daily database available for download (remote version: 25876)
Sat Jul 18 06:18:39 2020 -> Testing database: '/store/tmp.70df0/clamav-d6228cd95d4d5ce9fa7a30df36c31fa1.tmp-daily.cvd' ...
Sat Jul 18 06:18:48 2020 -> Database test passed.
Sat Jul 18 06:18:48 2020 -> daily.cvd updated (version: 25876, sigs: 3467263, f-level: 63, builder: raynman)
Sat Jul 18 06:18:48 2020 -> main database available for download (remote version: 59)
Sat Jul 18 06:19:13 2020 -> Testing database: '/store/tmp.70df0/clamav-f96988d52853263abc2e60c402ffb19f.tmp-main.cvd' ...
Sat Jul 18 06:19:18 2020 -> Database test passed.
Sat Jul 18 06:19:18 2020 -> main.cvd updated (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Sat Jul 18 06:19:18 2020 -> bytecode database available for download (remote version: 331)
Sat Jul 18 06:19:18 2020 -> Testing database: '/store/tmp.70df0/clamav-3db0d14a91c6446fd3fe828da611ba01.tmp-bytecode.cvd' ...
Sat Jul 18 06:19:18 2020 -> Database test passed.
Sat Jul 18 06:19:18 2020 -> bytecode.cvd updated (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
Sat Jul 18 06:19:18 2020 -> safebrowsing database available for download (remote version: 49191)
Sat Jul 18 06:19:27 2020 -> Testing database: '/store/tmp.70df0/clamav-92d02f11d475c4e11c9f63898002f7d3.tmp-safebrowsing.cvd' ...
Sat Jul 18 06:19:30 2020 -> Database test passed.
Sat Jul 18 06:19:30 2020 -> safebrowsing.cvd updated (version: 49191, sigs: 2213119, f-level: 63, builder: google)
Sat Jul 18 06:19:30 2020 -> ^Clamd was NOT notified: Can't connect to clamd through /tmp/clamd.sock: No such file or directory
[bootstrap] Schedule freshclam DB updater.
[bootstrap] Run clamav daemon
Sat Jul 18 06:19:50 2020 -> Limits: Global time limit set to 120000 milliseconds.
Sat Jul 18 06:19:50 2020 -> Limits: Global size limit set to 314572800 bytes.
Sat Jul 18 06:19:50 2020 -> Limits: File size limit set to 104857600 bytes.
Sat Jul 18 06:19:50 2020 -> Limits: Recursion level limit set to 30.
Sat Jul 18 06:19:50 2020 -> Limits: Files limit set to 50000.
Sat Jul 18 06:19:50 2020 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Sat Jul 18 06:19:50 2020 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Sat Jul 18 06:19:50 2020 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sat Jul 18 06:19:50 2020 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Sat Jul 18 06:19:50 2020 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sat Jul 18 06:19:50 2020 -> Limits: MaxPartitions limit set to 128.
Sat Jul 18 06:19:50 2020 -> Limits: MaxIconsPE limit set to 200.
Sat Jul 18 06:19:50 2020 -> Limits: MaxRecHWP3 limit set to 16.
Sat Jul 18 06:19:50 2020 -> Limits: PCREMatchLimit limit set to 10000.
Sat Jul 18 06:19:50 2020 -> Limits: PCRERecMatchLimit limit set to 10000.
Sat Jul 18 06:19:50 2020 -> Limits: PCREMaxFileSize limit set to 26214400.
Sat Jul 18 06:19:50 2020 -> Archive support enabled.
Sat Jul 18 06:19:50 2020 -> AlertExceedsMax heuristic detection disabled.
Sat Jul 18 06:19:50 2020 -> Heuristic alerts enabled.
Sat Jul 18 06:19:50 2020 -> Portable Executable support enabled.
Sat Jul 18 06:19:50 2020 -> ELF support enabled.
Sat Jul 18 06:19:50 2020 -> Alerting on broken executables enabled.
Sat Jul 18 06:19:50 2020 -> Mail files support enabled.
Sat Jul 18 06:19:50 2020 -> OLE2 support enabled.
Sat Jul 18 06:19:50 2020 -> PDF support enabled.
Sat Jul 18 06:19:50 2020 -> SWF support enabled.
Sat Jul 18 06:19:50 2020 -> HTML support enabled.
Sat Jul 18 06:19:50 2020 -> XMLDOCS support enabled.
Sat Jul 18 06:19:50 2020 -> HWP3 support enabled.
Sat Jul 18 06:19:50 2020 -> Self checking every 600 seconds.
Sat Jul 18 06:19:50 2020 -> Set stacksize to 1048576

Starting this morning, freshclam is failing to update the db's with the below errors. Doing some digging online and it seems that this might be caused by curl not being able to validate the certificate used by the mirrors.

If I add the ca-certificates package to the build, the issue goes away. I assume there is another fix to reduce footprint but it is not obvious to me at the moment.

I setup ClamAV on AKS using this image.. "mk0x/docker-clamav:alpine".
I am testing the functionality using virus file from here https://www.eicar.org/?page_id=3950.. but its reporting as CLEAN..
No logs in POD:

Fri Jun  5 16:40:13 2020 -> Database test passed.
Fri Jun  5 16:40:13 2020 -> safebrowsing.cvd updated (version: 49191, sigs: 2213119, f-level: 63, builder: google)
Fri Jun  5 16:40:13 2020 -> ^Clamd was NOT notified: Can't connect to clamd through /tmp/clamd.sock: No such file or directory
[bootstrap] Schedule freshclam DB updater.
[bootstrap] Run clamav daemon
Fri Jun  5 16:40:46 2020 -> Limits: Global time limit set to 120000 milliseconds.
Fri Jun  5 16:40:46 2020 -> Limits: Global size limit set to 314572800 bytes.
Fri Jun  5 16:40:46 2020 -> Limits: File size limit set to 104857600 bytes.
Fri Jun  5 16:40:46 2020 -> Limits: Recursion level limit set to 30.
Fri Jun  5 16:40:46 2020 -> Limits: Files limit set to 50000.
Fri Jun  5 16:40:46 2020 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Fri Jun  5 16:40:46 2020 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Fri Jun  5 16:40:46 2020 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Fri Jun  5 16:40:46 2020 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Fri Jun  5 16:40:46 2020 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Fri Jun  5 16:40:46 2020 -> Limits: MaxPartitions limit set to 128.
Fri Jun  5 16:40:46 2020 -> Limits: MaxIconsPE limit set to 200.
Fri Jun  5 16:40:46 2020 -> Limits: MaxRecHWP3 limit set to 16.
Fri Jun  5 16:40:46 2020 -> Limits: PCREMatchLimit limit set to 10000.
Fri Jun  5 16:40:46 2020 -> Limits: PCRERecMatchLimit limit set to 10000.
Fri Jun  5 16:40:46 2020 -> Limits: PCREMaxFileSize limit set to 26214400.
Fri Jun  5 16:40:46 2020 -> Archive support enabled.
Fri Jun  5 16:40:46 2020 -> AlertExceedsMax heuristic detection disabled.
Fri Jun  5 16:40:46 2020 -> Heuristic alerts enabled.
Fri Jun  5 16:40:46 2020 -> Portable Executable support enabled.
Fri Jun  5 16:40:46 2020 -> ELF support enabled.
Fri Jun  5 16:40:46 2020 -> Alerting on broken executables enabled.
Fri Jun  5 16:40:46 2020 -> Mail files support enabled.
Fri Jun  5 16:40:46 2020 -> OLE2 support enabled.
Fri Jun  5 16:40:46 2020 -> PDF support enabled.
Fri Jun  5 16:40:46 2020 -> SWF support enabled.
Fri Jun  5 16:40:46 2020 -> HTML support enabled.
Fri Jun  5 16:40:46 2020 -> XMLDOCS support enabled.
Fri Jun  5 16:40:46 2020 -> HWP3 support enabled.
Fri Jun  5 16:40:46 2020 -> Self checking every 600 seconds.
Fri Jun  5 16:40:46 2020 -> Set stacksize to 1048576

Hi I would like to bring ClamAV to the newest version because I am seeing this in the log

Local version: 0.100.3 Recommended version: 0.101.4

Building locally fails with the following error:

E: Package 'libclamunrar7' has no installation candidate

Please advise. Thank you.

I'm receiving false positives for a number (hundreds) of pdf files with the supposed infection: PUA.Pdf.Trojan.EmbeddedJavaScript-1

I'm wondering if there is a way to whitelist these files or prevent this false positive from happening.

I've searched the web and all I've found is other people having this issue with email signatures while running Mailcow or other services. It seems that they solved this by either disabling PUA detection or by creating whitelist.ign2 or local.ign2 file that included the falsely positive signatures. I'd prefer not to disable PUA detection and it would be impossible to whitelist all of the pdfs, so I'm wondering if you have any idea why this is happening or how I might fix it?

For reference:
mailcow/mailcow-dockerized#2358
https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature

Wanted to use it in my RasPi cluster and figured there is only arm linux/amd64. Any chance to get a arm (32 & 64) version?

Creating the Azure container instance using:
az container create --resource-group groupname --name containername --image mk0x/docker-clamav:alpine --dns-name-label containerdnsname --ports 80 3110

It creates successfully the but the container fails with the following logs presented:
az container logs --resource-group groupname --name containername --follow
Wed Jan 22 16:17:54 2020 -> ClamAV update process started at Wed Jan 22 16:17:54 2020
Wed Jan 22 16:17:54 2020 -> daily database available for download (remote version: 25703)
Wed Jan 22 16:18:03 2020 -> ^Mirror https://database.clamav.net is not synchronized.
Wed Jan 22 16:18:03 2020 -> !Unexpected error when attempting to update database: daily
Wed Jan 22 16:18:03 2020 -> ^fc_update_databases: fc_update_database failed: Up-to-date (1)
Wed Jan 22 16:18:03 2020 -> !Database update process failed: Up-to-date (1)
Wed Jan 22 16:18:03 2020 -> !Update failed.
WARNING: Ignoring deprecated option DetectBrokenExecutables at /etc/clamav/clamd.conf:30
LibClamAV Error: cli_loaddbdir(): No supported database files found in /store
Wed Jan 22 16:18:04 2020 -> !Can't open file or directory

I have also tried creating it with a persistent store for /store but it doesn't make a difference, still fails for same reason.

This is off of the alpine branch - master seems to work fine.

I'm trying run the container on Ubuntu in VirtualBox by executing following command which fails:

docker run -p 3310:3310 mk0x/docker-clamav:alpine
[bootstrap] Initial clam DB download.
Sat Jun 27 17:43:12 2020 -> ClamAV update process started at Sat Jun 27 17:43:12 2020
Sat Jun 27 17:43:12 2020 -> ^Your ClamAV installation is OUTDATED!
Sat Jun 27 17:43:12 2020 -> ^Local version: 0.102.1 Recommended version: 0.102.3
Sat Jun 27 17:43:12 2020 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Sat Jun 27 17:43:12 2020 -> daily database available for download (remote version: 25856)
Sat Jun 27 17:43:47 2020 -> ^Mirror https://database.clamav.net is not synchronized.
Sat Jun 27 17:43:47 2020 -> !Unexpected error when attempting to update database: daily
Sat Jun 27 17:43:47 2020 -> ^fc_update_databases: fc_update_database failed: Up-to-date (1)
Sat Jun 27 17:43:47 2020 -> !Database update process failed: Up-to-date (1)
Sat Jun 27 17:43:47 2020 -> !Update failed.
[bootstrap] Schedule freshclam DB updater.
[bootstrap] Run clamav daemon
LibClamAV Error: cli_loaddbdir(): No supported database files found in /store
Sat Jun 27 17:43:47 2020 -> !Can't open file or directory

Anywhere I read something about issues with the certificate. If I try to download the database outside the container, it succeeds:

wget https://database.clamav.net/daily.cvd
--2020-06-27 19:46:18--  https://database.clamav.net/daily.cvd
Auflösen des Hostnamens database.clamav.net (database.clamav.net) … 104.16.219.84, 104.16.218.84, 2606:4700::6810:db54, ...
Verbindungsaufbau zu database.clamav.net (database.clamav.net)|104.16.219.84|:443 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 200 OK
Länge: 75214857 (72M) [application/octet-stream]
Wird in »daily.cvd.1« gespeichert.

daily.cvd.1               100%[=====================================>]  71,73M  2,41MB/s    in 31s     

2020-06-27 19:46:49 (2,28 MB/s) - »daily.cvd.1« gespeichert [75214857/75214857]

Even inside the container it is successful:

docker run -ti --entrypoint /bin/bash mk0x/docker-clamav:alpine
bash-5.0# wget https://database.clamav.net/daily.cvd
--2020-06-27 17:48:41--  https://database.clamav.net/daily.cvd
Resolving database.clamav.net... 104.16.218.84, 104.16.219.84, 2606:4700::6810:db54, ...
Connecting to database.clamav.net|104.16.218.84|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 75214857 (72M) [application/octet-stream]
Saving to: 'daily.cvd'

daily.cvd                  37%[=============>                        ]  27.12M  1.33MB/s    eta 21s    ^C

How can I run the container out-of-the-box?

Expected behavior

Exit code should be 0

Actual behavior

Exit code is 137. (SIGKILL)

clamav exited with code 137

Steps to reproduce

1. Create a docker-compose.yml file.

version: '3.7'

services:
    clamav:
        image: mk0x/docker-clamav:alpine
        container_name: clamav
        ports:
            - 3310

2. docker-compose start

$ docker-compose up -d
Creating network "clamavtest_default" with the default driver
Creating clamav ... done

3. Wait until database downloaded.

$ docker-compose logs -f
Attaching to clamav
clamav    | Fri Mar 13 01:41:39 2020 -> ClamAV update process started at Fri Mar 13 01:41:39 2020
clamav    | Fri Mar 13 01:41:39 2020 -> ^Your ClamAV installation is OUTDATED!
clamav    | Fri Mar 13 01:41:39 2020 -> ^Local version: 0.102.1 Recommended version: 0.102.2
...
clamav    | Fri Mar 13 01:42:36 2020 -> safebrowsing database available for download (remote version: 49191)
clamav    | Fri Mar 13 01:42:46 2020 -> Testing database: '/store/tmp/clamav-4273e742031d07490f6700526f5b77a7.tmp-safebrowsing.cvd' ...
clamav    | Fri Mar 13 01:42:49 2020 -> Database test passed.
clamav    | Fri Mar 13 01:42:49 2020 -> safebrowsing.cvd updated (version: 49191, sigs: 2213119, f-level: 63, builder: google)
...
clamav    | Fri Mar 13 01:43:15 2020 -> HWP3 support enabled.
clamav    | Fri Mar 13 01:43:15 2020 -> Self checking every 600 seconds.
clamav    | Fri Mar 13 01:43:15 2020 -> Set stacksize to 1048576

4. docker-compose stop

$ docker-compose stop
Stopping clamav ... done

# logs from "docker-compose logs -f"

clamav    | Fri Mar 13 01:43:15 2020 -> Self checking every 600 seconds.
clamav    | Fri Mar 13 01:43:15 2020 -> Set stacksize to 1048576
clamav exited with code 137

Workaround

I create a customized image and use my own bootstrap.sh instead of bootstrap.py.
I appreciate a fix in the official docker image.

$ cat bootstrap.sh
#!/bin/bash

set -e

MAIN_FILE="/store/main.cvd"

if [ ! -f ${MAIN_FILE} ]; then
    echo "[bootstrap] Initial clam DB download."

    /usr/bin/freshclam
    while [ $? -ne 0 ]; do
        echo "[bootstrap] Failed to freshclam. exit code: $?"
        echo "[bootstrap] Sleep 30s to retry"
        sleep 30
        /usr/bin/freshclam
    done
fi

echo "[bootstrap] Schedule freshclam DB updater."
/usr/bin/freshclam -d -c 6

echo "[bootstrap] Run clamav daemon"
exec /usr/sbin/clamd

I see this: https://github.com/mko-x/docker-clamav/blob/master/envconfig.sh

I want to pass in a custom freshclam.conf file... not sure how i specify that as an environment variable...?

Hi,

there is a bug in the bootstrap.sh. Here is a fix:

--- bootstrap.sh.orig   2017-07-04 15:54:54.000000000 +0200
+++ bootstrap.sh        2017-07-05 10:29:14.749407999 +0200
@@ -15,7 +15,7 @@

 # define shutdown helper
 function shutdown() {
-    trap "" SUBS
+    trap "" SIGINT

     for single in $pidlist; do
         if ! kill -0 $pidlist 2>/dev/null; then
@@ -28,7 +28,7 @@
 }

 # run shutdown
-trap terminate SUBS
+trap shutdown SIGINT
 wait

 # return received result

I have spun up your container image and have tried to connect to it through a TCP socket but keep having a connection refused error in my socket client:
Connection refused [::ffff:172.21.0.2]:3310

Am I missing something in the configuration? I am just using the image alpine as it comes from Docker hub.

Thanks in advance

When I run this container, it is killed after a few hours. Irregurarily, without a clear reason. Logs:

Sat Jun 22 08:58:31 2019 -> ^Your ClamAV installation is OUTDATED!
Sat Jun 22 08:58:31 2019 -> ^Local version: 0.100.3 Recommended version: 0.101.2
Sat Jun 22 08:58:31 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Sat Jun 22 08:58:31 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Jun 22 08:58:31 2019 -> Downloading daily-25488.cdiff [100%]
/bootstrap.sh: line 32:     6 Killed                  clamd

Do you have a clue what might be causing this?

Docker 17.09.1-ce.

In https://github.com/mko-x/docker-clamav/blob/alpine/check.sh, the permissions are not set to allow execution of the script, therefore on starting this container, it will get suck in the "starting" state.

As soon as I exec into the running container and change the permissions with chmod a+x check.sh, it comes to life.

It seems as if the only way to send custom variables via OS Env vars (provided by envconfig.sh) is using the debian version.

Would it be possible to push new images including the newer features?