updated

bcgov · Jun 17, 2024 · 15afc2f · 15afc2f
1 parent 39f7c51
commit 15afc2f
Show file tree

Hide file tree

Showing 5 changed files with 112 additions and 0 deletions.
diff --git a/sources/Makefile b/sources/Makefile
@@ -10,6 +10,7 @@ export QUEUE_CONSUMERS_PORT := $(or $(QUEUE_CONSUMERS_PORT), 3001)
 export LOAD_TEST_API_PORT := $(or $(LOAD_TEST_API_PORT), 3005)
 export APP_PORT := $(or $(APP_PORT), 8080)
 export WORKERS_PORT := $(or $(WORKERS_PORT), 3020)
+export CLAMAV_PORT := $(or $(CLAMAV_PORT), 3310)
 # Database
 export POSTGRES_PORT := $(or $(POSTGRES_PORT), 5432)
 export POSTGRES_USER := $(or $(POSTGRES_USER), admin)
@@ -205,6 +206,12 @@ queue-consumers:
 	@docker-compose -f docker-compose.yml build queue-consumers
 	@docker-compose -f docker-compose.yml up -d queue-consumers
 
+# Runs clamav
+clamav:
+	@echo "+\n++ Make: Clamav only"
+	@docker-compose -f docker-compose.yml build clamav
+	@docker-compose -f docker-compose.yml up -d clamav
+
 # Runs load test gateway application
 load-test-gateway:
 	@echo "+\n++ Make: Load test gateway only"

diff --git a/sources/docker-compose.yml b/sources/docker-compose.yml
@@ -68,6 +68,7 @@ services:
     depends_on:
       - postgres
       - redis
+      - clamav
   # - API
   # Workers
   workers:
@@ -205,6 +206,29 @@ services:
     depends_on:
       - postgres
   # - Load test gateway
+  # - ClamAV
+  clamav:
+    container_name: clamav
+    build:
+      context: ./packages/
+      dockerfile: clamav/Dockerfile.dev
+    restart: always
+    stdin_open: true
+    environment:
+      - CLAMAV_NO_CLAMD="false"
+      - CLAMAV_NO_FRESHCLAMD="false"
+      - CLAMAV_NO_MILTERD="true"
+      - CLAMD_STARTUP_TIMEOUT=1800
+      - FRESHCLAM_CHECKS=1
+      - CLAMAV_PORT=${CLAMAV_PORT}
+    ports:
+      - ${CLAMAV_PORT}:${CLAMAV_PORT}
+    healthcheck:
+      test: [CMD-SHELL, /usr/local/bin/clamdcheck.sh]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+  # - ClamAV
   # Web
   web:
     image: web-${PROJECT_NAME}:${BUILD_REF}-${BUILD_ID}

diff --git a/sources/packages/clamav/Dockerfile b/sources/packages/clamav/Dockerfile
@@ -0,0 +1,4 @@
+FROM artifacts.developer.gov.bc.ca/docker-remote/clamav:1.2
+RUN freshclam
+COPY "clamav/scripts/docker-entrypoint-unprivileged.sh" "/init"
+RUN chmod +x /init
diff --git a/sources/packages/clamav/Dockerfile.dev b/sources/packages/clamav/Dockerfile.dev
@@ -0,0 +1,4 @@
+FROM clamav/clamav:1.2
+RUN freshclam
+COPY "clamav/scripts/docker-entrypoint-unprivileged.sh" "/init"
+RUN chmod +x /init
diff --git a/sources/packages/clamav/scripts/docker-entrypoint-unprivileged.sh b/sources/packages/clamav/scripts/docker-entrypoint-unprivileged.sh
@@ -0,0 +1,73 @@
+#!/sbin/tini /bin/sh
+# shellcheck shell=sh
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# Copyright (C) 2021 Olliver Schinagl <[email protected]>
+# Copyright (C) 2021-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
+#
+# A beginning user should be able to docker run image bash (or sh) without
+# needing to learn about --entrypoint
+# https://github.com/docker-library/official-images#consistency
+
+set -eu
+
+# run command if it is not starting with a "-" and is an executable in PATH
+if [ "${#}" -gt 0 ] &&
+    [ "${1#-}" = "${1}" ] &&
+    command -v "${1}" >"/dev/null" 2>&1; then
+    # Ensure healthcheck always passes
+    CLAMAV_NO_CLAMD="true" exec "${@}"
+else
+    if [ "${#}" -ge 1 ] &&
+        [ "${1#-}" != "${1}" ]; then
+        # If an argument starts with "-" pass it to clamd specifically
+        exec clamd "${@}"
+    fi
+    # else default to running clamav's servers
+
+    # Ensure we have some virus data, otherwise clamd refuses to start
+    if [ ! -f "/var/lib/clamav/main.cvd" ]; then
+        echo "Updating initial database"
+        freshclam --foreground --stdout
+    fi
+
+    if [ "${CLAMAV_NO_FRESHCLAMD:-false}" != "true" ]; then
+        echo "Starting Freshclamd"
+        freshclam \
+            --checks="${FRESHCLAM_CHECKS:-1}" \
+            --daemon \
+            --foreground \
+            --stdout \
+            --user="clamav" \
+            &
+    fi
+
+    if [ "${CLAMAV_NO_CLAMD:-false}" != "true" ]; then
+        echo "Starting ClamAV"
+        if [ -S "/tmp/clamd.sock" ]; then
+            unlink "/tmp/clamd.sock"
+        fi
+        clamd --foreground &
+        while [ ! -S "/tmp/clamd.sock" ]; do
+            if [ "${_timeout:=0}" -gt "${CLAMD_STARTUP_TIMEOUT:=1800}" ]; then
+                echo
+                echo "Failed to start clamd"
+                exit 1
+            fi
+            printf "\r%s" "Socket for clamd not found yet, retrying (${_timeout}/${CLAMD_STARTUP_TIMEOUT}) ..."
+            sleep 1
+            _timeout="$((_timeout + 1))"
+        done
+        echo "socket found, clamd started."
+    fi
+
+    if [ "${CLAMAV_NO_MILTERD:-true}" != "true" ]; then
+        echo "Starting clamav milterd"
+        clamav-milter &
+    fi
+
+    # Wait forever (or until canceled)
+    exec tail -f "/dev/null"
+fi
+
+exit 0