[Clamd] use python bootstrapper to start CLAMD container

data/Dockerfiles/clamd/Dockerfile

@@ -41,7 +41,7 @@ RUN wget -P /src https://www.clamav.net/downloads/production/clamav-${CLAMD_VERS
   -D ENABLE_MILTER=ON                                                                 \
   -D ENABLE_MAN_PAGES=OFF                                                             \
   -D ENABLE_STATIC_LIB=OFF                                                            \
-  -D ENABLE_JSON_SHARED=ON                                                            \ 
+  -D ENABLE_JSON_SHARED=ON                                                            \
   && cmake --build . \
   && make DESTDIR="/clamav" -j$(($(nproc) - 1)) install \
   && rm -r "/clamav/usr/lib/pkgconfig/" \
@@ -88,23 +88,34 @@ RUN apk upgrade --no-cache \
     pcre2 \
     zlib \
     libgcc \
+    py3-pip \
   && addgroup -S "clamav" && \
     adduser -D -G "clamav" -h "/var/lib/clamav" -s "/bin/false" -S "clamav" && \
     install -d -m 755 -g "clamav" -o "clamav" "/var/log/clamav" && \
     chown -R clamav:clamav /var/lib/clamav
 
+RUN pip install  --break-system-packages \
+  mysql-connector-python \
+  jinja2 \
+  redis \
+  dnspython
+
+
 COPY --from=builder "/clamav" "/"
 
-# init
-COPY clamd.sh /clamd.sh
-RUN chmod +x /sbin/tini
 
-# healthcheck
-COPY healthcheck.sh /healthcheck.sh
-COPY clamdcheck.sh /usr/local/bin
-RUN chmod +x /healthcheck.sh
-RUN chmod +x /usr/local/bin/clamdcheck.sh
+COPY data/Dockerfiles/bootstrap /bootstrap
+COPY data/Dockerfiles/clamd/docker-entrypoint.sh /docker-entrypoint.sh
+COPY data/Dockerfiles/clamd/clamd.sh /clamd.sh
+COPY data/Dockerfiles/clamd/healthcheck.sh /healthcheck.sh
+COPY data/Dockerfiles/clamd/clamdcheck.sh /usr/local/bin
 HEALTHCHECK --start-period=6m CMD "/healthcheck.sh"
 
-ENTRYPOINT []
+RUN chmod +x /docker-entrypoint.sh \
+  /clamd.sh \
+  /healthcheck.sh \
+  /usr/local/bin/clamdcheck.sh \
+  /sbin/tini
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["/sbin/tini", "-g", "--", "/clamd.sh"]

data/Dockerfiles/clamd/clamd.sh

@@ -1,48 +1,5 @@
 #!/bin/bash
 
-if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-  echo "SKIP_CLAMD=y, skipping ClamAV..."
-  sleep 365d
-  exit 0
-fi
-
-# Cleaning up garbage
-echo "Cleaning up tmp files..."
-rm -rf /var/lib/clamav/clamav-*.tmp
-
-# Prepare whitelist
-
-mkdir -p /run/clamav /var/lib/clamav
-
-if [[ -s /etc/clamav/whitelist.ign2 ]]; then
-  echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
-  cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
-fi
-
-if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
-  echo "Creating /var/lib/clamav/whitelist.ign2"
-  cat <<EOF > /var/lib/clamav/whitelist.ign2
-# Please restart ClamAV after changing signatures
-Example-Signature.Ignore-1
-PUA.Win.Trojan.EmbeddedPDF-1
-PUA.Pdf.Trojan.EmbeddedJavaScript-1
-PUA.Pdf.Trojan.OpenActionObjectwithJavascript-1
-EOF
-fi
-
-chown clamav:clamav -R /var/lib/clamav /run/clamav
-
-chmod 755 /var/lib/clamav
-chmod 644 -R /var/lib/clamav/*
-chmod 750 /run/clamav
-
-stat /var/lib/clamav/whitelist.ign2
-dos2unix /var/lib/clamav/whitelist.ign2
-sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2
-# Copying to /etc/clamav to expose file as-is to administrator
-cp -p /var/lib/clamav/whitelist.ign2 /etc/clamav/whitelist.ign2
-
-
 BACKGROUND_TASKS=()
 
 echo "Running freshclam..."

data/Dockerfiles/clamd/docker-entrypoint.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Run hooks
+for file in /hooks/*; do
+  if [ -x "${file}" ]; then
+    echo "Running hook ${file}"
+    "${file}"
+  fi
+done
+
+python3 -u /bootstrap/main.py
+BOOTSTRAP_EXIT_CODE=$?
+
+if [ $BOOTSTRAP_EXIT_CODE -ne 0 ]; then
+  echo "Bootstrap failed with exit code $BOOTSTRAP_EXIT_CODE. Not starting Clamd."
+  exit $BOOTSTRAP_EXIT_CODE
+fi
+
+echo "Bootstrap succeeded. Starting Clamd..."
+exec "$@"