From e9ae250d7d37dee5d78c06ff9410bee691a041e4 Mon Sep 17 00:00:00 2001 From: Pierre Jaury Date: Wed, 2 Mar 2016 21:26:17 +0100 Subject: [PATCH] Add a basic clamav server --- clamav/Dockerfile | 11 ++++++++ clamav/conf/clamd.conf | 56 ++++++++++++++++++++++++++++++++++++++ clamav/conf/freshclam.conf | 20 ++++++++++++++ clamav/start.sh | 4 +++ 4 files changed, 91 insertions(+) create mode 100644 clamav/Dockerfile create mode 100644 clamav/conf/clamd.conf create mode 100644 clamav/conf/freshclam.conf create mode 100755 clamav/start.sh diff --git a/clamav/Dockerfile b/clamav/Dockerfile new file mode 100644 index 00000000..61fae006 --- /dev/null +++ b/clamav/Dockerfile @@ -0,0 +1,11 @@ +FROM alpine + +RUN apk add --update \ + clamav \ + && rm -rf /var/cache/apk/* + +COPY conf /etc/clamav + +COPY start.sh /start.sh + +CMD ["/start.sh"] diff --git a/clamav/conf/clamd.conf b/clamav/conf/clamd.conf new file mode 100644 index 00000000..208258e9 --- /dev/null +++ b/clamav/conf/clamd.conf @@ -0,0 +1,56 @@ +############### +# General +############### + +DatabaseDirectory /data +LogFile /logs/clamav.log +LogTime yes +PidFile /run/clamav/clamd.pid +TCPSocket 3310 +TCPAddr 0.0.0.0 +Foreground yes + +############### +# Results +############### + +DetectPUA yes +ExcludePUA NetTool +ExcludePUA PWTool +AlgorithmicDetection yes +Bytecode yes + +############### +# Scan +############### + +ScanPE yes +DisableCertCheck yes +ScanELF yes +DetectBrokenExecutables yes +ScanOLE2 yes +ScanPDF yes +ScanSWF yes +ScanMail yes +PhishingSignatures yes +PhishingScanURLs yes +ScanHTML yes +ScanArchive yes + +############### +# Scan +############### + +MaxScanSize 150M +MaxFileSize 30M +MaxRecursion 10 +MaxFiles 15000 +MaxEmbeddedPE 10M +MaxHTMLNormalize 10M +MaxHTMLNoTags 2M +MaxScriptNormalize 5M +MaxZipTypeRcg 1M +MaxPartitions 128 +MaxIconsPE 200 +PCREMatchLimit 10000 +PCRERecMatchLimit 10000 diff --git a/clamav/conf/freshclam.conf b/clamav/conf/freshclam.conf new file mode 100644 index 00000000..3076ba93 --- /dev/null +++ b/clamav/conf/freshclam.conf @@ -0,0 +1,20 @@ +############### +# General +############### + +DatabaseDirectory /data +UpdateLogFile /logs/freshclam.log +LogTime yes +PidFile /run/clamav/freshclam.pid +DatabaseOwner root +Foreground yes + +############### +# Updates +############### + +DatabaseMirror database.clamav.net +ScriptedUpdates yes +NotifyClamd /etc/clamav/clamd.conf +SafeBrowsing yes +Bytecode yes diff --git a/clamav/start.sh b/clamav/start.sh new file mode 100755 index 00000000..97505ade --- /dev/null +++ b/clamav/start.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +freshclam +clamd