hub.docker.com/r/matau/clamav

Introduction

Dockerfile to build an Clam Antivirus container image to scan files or most commonly, mail messages.

This Container uses a customized Alpine base which includes s6 overlay enabled for PID 1 Init capabilities, zabbix-agent for individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier management.

This version differs from tiredofit in the configuration where DetectPUA (Potential Unwanted Applications) is desactivated to allows some Excel files with protected cells.

Changelog

Authors

Dave Conroy

Introduction
- Changelog
Prerequisites
Installation
Quick Start
Configuration
- Data Volumes
- Environment Variables
Maintenance
- Shell Access
- References

Prerequisites

This container doesn't do much on it's own unless you use an additional service or communicator to talk to it!

Installation

Automated builds of the image are available on Registry and is the recommended method of installation.

docker pull hub.docker.com/tiredofit/clamav:(imagetag)

The following image tags are available:

latest - Most recent release of ClamAV w/Alpine Linux 3.6

Quick Start

The quickest way to get started is using docker-compose. See the examples folder for a working docker-compose.yml that can be modified for development or production use.
Set various environment variables to understand the capabilities of this image.
Map persistent storage for access to configuration and data files for backup.

Configuration

Data-Volumes

The container will look for definition files upon startup in /data and if not found, download them. 6 times a day it will also check for updated definitions.

The following directories are used for configuration and can be mapped for persistent storage.

Directory	Description
`/data`	Database Directory
`/var/log/clamav`	Log Files

Environment Variables

Along with the Environment Variables from the Base image, below is the complete list of available options that can be used to customize your installation.

Parameter	Description
`MAX_SCAN_SIZE`	Amount of data scanned for each file - Default `150M`
`MAX_FILE_SIZE`	Don't scan files larger than this size - Default `30M`
`MAX_RECURSION`	How many nested archives to scan - Default `10`
`MAX_FILES`	Number of files to scan withn archive - Default `15000`
`MAX_EMBEDDEDPE`	Maximum file size for embedded PE - Default `10M`
`MAX_HTMLNORMALIZE`	Maximum size of HTML to normalize - Default `10M`
`MAX_HTMLNOTAGS`	Maximum size of Normlized HTML File to scan- Default `2M`
`MAX_SCRIPTNORMALIZE`	Maximum size of a Script to normalize - Default `5M`
`MAX_ZIPTYPERCG`	Maximum size of ZIP to reanalyze type recognition - Default `1M`
`MAX_PARTITIONS`	How many partitions per Raw disk to scan - Default `128`
`MAX_ICONSPE`	How many Icons in PE to scan - Default `200`
`PCRE_MATCHLIMIT`	Maximum PCRE Match Calls - Default `10000`
`PCRE_RECMATCHLIMIT`	Maximum Recursive Match Calls to PCRE - Default `10000`

Networking

Port	Description
`3310`	ClamD Listening Port

Maintenance

Shell Access

For debugging and maintenance purposes you may want access the containers shell.

docker exec -it (whatever your container name is e.g. clamav) bash

References

https://www.clamav.net

maatinito / docker-clamav