From 60a2270d1e7d0985901378bea83295b3df6bf127 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Tue, 28 Jan 2025 14:25:56 +0100 Subject: [PATCH 1/3] clamd: update to 1.4.2 + build from source instead using alpine packages --- data/Dockerfiles/clamd/Dockerfile | 104 ++++++++++++++++++++++++++++-- data/Dockerfiles/clamd/clamd.sh | 1 + docker-compose.yml | 2 +- 3 files changed, 99 insertions(+), 8 deletions(-) diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile index 1850d4bed..4392c84e5 100644 --- a/data/Dockerfiles/clamd/Dockerfile +++ b/data/Dockerfiles/clamd/Dockerfile @@ -1,14 +1,104 @@ -FROM alpine:3.20 +FROM alpine:3.21 AS builder -LABEL maintainer = "The Infrastructure Company GmbH " +WORKDIR /src +ENV CLAMD_VERSION=1.4.2 RUN apk upgrade --no-cache \ && apk add --update --no-cache \ - rsync \ - clamav \ - bind-tools \ - bash \ - tini + g++ \ + gcc \ + gdb \ + make \ + cmake \ + py3-pytest \ + python3 \ + valgrind \ + bzip2-dev \ + check-dev \ + curl-dev \ + json-c-dev \ + libmilter-dev \ + libxml2-dev \ + linux-headers \ + ncurses-dev \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + cargo \ + rust + +RUN mkdir -p /src \ + && wget -P /src https://www.clamav.net/downloads/production/clamav-${CLAMD_VERSION}.tar.gz \ + && tar xzfv /src/clamav-${CLAMD_VERSION}.tar.gz \ + && cd /src/clamav-${CLAMD_VERSION} \ + && mkdir build \ + && cmake . \ + -D CMAKE_BUILD_TYPE="Release" \ + -D CMAKE_INSTALL_PREFIX="/usr" \ + -D CMAKE_INSTALL_LIBDIR="/usr/lib" \ + -D APP_CONFIG_DIRECTORY="/etc/clamav" \ + -D DATABASE_DIRECTORY="/var/lib/clamav" \ + -D ENABLE_CLAMONACC=OFF \ + -D ENABLE_EXAMPLES=OFF \ + -D ENABLE_MILTER=ON \ + -D ENABLE_MAN_PAGES=OFF \ + -D ENABLE_STATIC_LIB=OFF \ + -D ENABLE_JSON_SHARED=ON \ + && cmake --build . \ + && make DESTDIR="/clamav" -j$(($(nproc) - 1)) install \ + && rm -r "/clamav/usr/lib/pkgconfig/" \ + && sed -e "s|^\(Example\)|\# \1|" \ + -e "s|.*\(LocalSocket\) .*|\1 /tmp/clamd.sock|" \ + -e "s|.*\(TCPSocket\) .*|\1 3310|" \ + -e "s|.*\(TCPAddr\) .*|#\1 0.0.0.0|" \ + -e "s|.*\(User\) .*|\1 clamav|" \ + -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/clamd.log|" \ + -e "s|^\#\(LogTime\).*|\1 yes|" \ + "/clamav/etc/clamav/clamd.conf.sample" > "/clamav/etc/clamav/clamd.conf" \ + && sed -e "s|^\(Example\)|\# \1|" \ + -e "s|.*\(DatabaseOwner\) .*|\1 clamav|" \ + -e "s|^\#\(UpdateLogFile\) .*|\1 /var/log/clamav/freshclam.log|" \ + -e "s|^\#\(NotifyClamd\).*|\1 /etc/clamav/clamd.conf|" \ + -e "s|^\#\(ScriptedUpdates\).*|\1 yes|" \ + "/clamav/etc/clamav/freshclam.conf.sample" > "/clamav/etc/clamav/freshclam.conf" \ + && sed -e "s|^\(Example\)|\# \1|" \ + -e "s|.*\(MilterSocket\) .*|\1 inet:7357|" \ + -e "s|.*\(User\) .*|\1 clamav|" \ + -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/milter.log|" \ + -e "s|^\#\(LogTime\).*|\1 yes|" \ + -e "s|.*\(\ClamdSocket\) .*|\1 unix:/tmp/clamd.sock|" \ + "/clamav/etc/clamav/clamav-milter.conf.sample" > "/clamav/etc/clamav/clamav-milter.conf" || exit 1 + + +FROM alpine:3.21 + +LABEL maintainer = "The Infrastructure Company GmbH " + +EXPOSE 3310 +EXPOSE 7357 + +RUN apk upgrade --no-cache \ + && apk add --update --no-cache \ + tzdata \ + rsync \ + bind-tools \ + bash \ + tini \ + json-c \ + libbz2 \ + libcurl \ + libmilter \ + libxml2 \ + ncurses-libs \ + pcre2 \ + zlib \ + libgcc \ + && addgroup -S "clamav" && \ + adduser -D -G "clamav" -h "/var/lib/clamav" -s "/bin/false" -S "clamav" && \ + install -d -m 755 -g "clamav" -o "clamav" "/var/log/clamav" && \ + chown -R clamav:clamav /var/lib/clamav + +COPY --from=builder "/clamav" "/" # init COPY clamd.sh /clamd.sh diff --git a/data/Dockerfiles/clamd/clamd.sh b/data/Dockerfiles/clamd/clamd.sh index 10df8072b..2c6e75dc6 100755 --- a/data/Dockerfiles/clamd/clamd.sh +++ b/data/Dockerfiles/clamd/clamd.sh @@ -91,6 +91,7 @@ done ) & BACKGROUND_TASKS+=($!) +echo "$(clamd -V) is starting... please wait a moment." nice -n10 clamd & BACKGROUND_TASKS+=($!) diff --git a/docker-compose.yml b/docker-compose.yml index cd85304b4..706a02309 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -64,7 +64,7 @@ services: - redis clamd-mailcow: - image: mailcow/clamd:1.66 + image: mailcow/clamd:1.70 restart: always depends_on: unbound-mailcow: From 65bc581fab5331fbb35b92f775d2c6a3f31f1bcd Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Tue, 28 Jan 2025 14:36:43 +0100 Subject: [PATCH 2/3] clamd: remove exposed ports from buildfile --- data/Dockerfiles/clamd/Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile index 4392c84e5..12158160d 100644 --- a/data/Dockerfiles/clamd/Dockerfile +++ b/data/Dockerfiles/clamd/Dockerfile @@ -74,9 +74,6 @@ FROM alpine:3.21 LABEL maintainer = "The Infrastructure Company GmbH " -EXPOSE 3310 -EXPOSE 7357 - RUN apk upgrade --no-cache \ && apk add --update --no-cache \ tzdata \ From 1a087bb2c8a1f5866f698629f070e8f895e61ec2 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Tue, 28 Jan 2025 14:49:11 +0100 Subject: [PATCH 3/3] clamd: cleanup dockerfile --- data/Dockerfiles/clamd/Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile index 12158160d..e60e7eef1 100644 --- a/data/Dockerfiles/clamd/Dockerfile +++ b/data/Dockerfiles/clamd/Dockerfile @@ -27,11 +27,9 @@ RUN apk upgrade --no-cache \ cargo \ rust -RUN mkdir -p /src \ - && wget -P /src https://www.clamav.net/downloads/production/clamav-${CLAMD_VERSION}.tar.gz \ +RUN wget -P /src https://www.clamav.net/downloads/production/clamav-${CLAMD_VERSION}.tar.gz \ && tar xzfv /src/clamav-${CLAMD_VERSION}.tar.gz \ && cd /src/clamav-${CLAMD_VERSION} \ - && mkdir build \ && cmake . \ -D CMAKE_BUILD_TYPE="Release" \ -D CMAKE_INSTALL_PREFIX="/usr" \