Skip to content

🐳 Build process for antivirus & antimalware Docker image running Linux Malware Detect (LMD) and ClamAV

License

Notifications You must be signed in to change notification settings

thebetterjort/docker-antivirus

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

docker-antivirus

Notes

Quick start

If you simply want to try out the setup, copy the docker-compose.yml file from the repository to your local file system and run:

docker-compose up -d

Introduction

Build for rordi/docker-antivirus Docker image running Linux Malware Detect (LMD) with ClamAV as the scanner.

rordi/docker-antivirus provides a plug-in container to e.g. scan file uploads in web applications before further processing.

The container requires three volume mounts from where to take files to scan, and to deliver back scanned files and scan reports.

The container auto-updates the LMD and ClamAV virus signatures once per hour.

Optionally, an email alert can be sent to a specified email address whenever a virus/malware is detected in a file.

Required volume mounts

Please provide the following volume mounts at runtime (e.g. in your docker-compose file). The antivirus container expects the following paths to be present when running:

    /data/av/queue         --> files to be checked
    /data/av/ok            --> checked files (ok)
    /data/av/nok           --> scan reports for infected files

Additionally, you may mount the quarantine folder and provide it to the antivirus container at the following path (this might be useful if you want to process the quarantined files from another container):

    /data/av/quarantine    --> quarantined files

Docker Pull & Run

To install the container, pull it from the Docker registry (latest tag refers to the master branch, use dev tag for dev branch):

docker pull rordi/docker-antivirus:latest

To run the docker container, use the following command. If you pass an email address as the last argument, email alerts will be activated and sent to this email address whenever a virus is detected.

docker run -tid --name docker-antivirus rordi/docker-antivirus [[email protected]]

Docker Build & Run

To build your own image, clone the repo and cd into the cloned repository root folder. Then, build as follows:

docker build -t docker-antivirus .

To start the built image, run the following command. Optionally pass an email address to activate email alerts when a virus/malware is detected:

docker run -tid --name docker-antivirus docker-antivirus:latest [[email protected]]

Testing

You can use the EICAR test file to test the AV setup.

Mounting volumes with docker-compose

Here is an exmple entry that you can use in your docker-compose file to easily plug in the container into your existing network. Replace "networkid" with your actual netwerk id. Optionally turn on email alerts by uncommenting the "command". Finally, make sure the ./data/av/... folders exist on your local/host system or change the paths.

docker-av:
  image: rordi/docker-antivirus
  container_name: docker-av
  # uncomment and set the email address to receive email alerts when viruses are detected
  #command:
  # - /usr/local/install_alerts.sh [email protected]
  volumes:
    - ./data/queue:/data/av/queue
    - ./data/ok:/data/av/ok
    - ./data/nok:/data/av/nok
  networks:
    - yournetworkid

About

🐳 Build process for antivirus & antimalware Docker image running Linux Malware Detect (LMD) and ClamAV

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 100.0%