ClamAV virus scanner: Release 0.102.2
ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
This container is focused on using 'clamscan' client of the ClamAV to make general purpose scans available.
It should be noted, that virus database is not updated when running the scan. Database can be updated by rebuilding image or by manually updating from the container.
Any file or directory.
Supported tags and respective
Method 1. Clone the repository and build by yourself
git clone https://gitlab.com/CinCan/tools cd tools/clamav docker build . -t cincan/clamav
Method 2. Pull the docker image from Docker Hub
docker pull cincan/clamav
Method 3. use 'cincan' tool
Follow 'cincan' tool installation steps. If this tool is used, no need to install 'ClamAV' separately.
Method 1. Run the docker container
Scan all files in a folder:
docker run --rm -v /samples:/samples cincan/clamav -r /samples/
Scan all files, list only infected ones:
docker run --rm -v /samples:/samples cincan/clamav -r -i /samples/
Or get all possible arguments for the clamscan client:
docker run -v /samples:/samples cincan/clamav --help
Method 2. Run with 'cincan' tool:
Analyse a provided some sample. Expecting that samples directory is in the current directory:
cincan run cincan/clamav samples/clamav_sample.exe
Get help for specifically this tool:
cincan run cincan/clamav --help
Database can be updated with
Just connect to shell of the container:
docker run -it --entrypoint "/bin/sh" cincan/clamav
freshclam and commit the changes into base image!
docker commit --change='ENTRYPOINT ["clamscan"]' <CONTAINER_ID> cincan/clamav
Note, that entrypoint should be speficied, it was overwritten previously with RUN command.
Few tests are included for testing the functionality of the container. These contains at least:
- Test entrypoint and help command
- Test scanning for sample file, and partially check produced JSON
Sample file is the same one than tool ILSpy is using.
Tox can be used for testing this tool (run from root of this repository):
pip install tox tox clamav
Image is based on Alpine Linux in attempt to minimize its size.
ClamAV is built from the source, and it is using aports configuration as upstream.
json-c-dev dependency and
--enable-libjson is not used in building phase: reason for self-building. Maybe should make an attempt for pull request.
Configuration files can be packed with:
tar -c buildconf -f buildconf.tar.gz
Which are passed into the building phase.
ClamAV itself is distributed under GPLv2. All of the extra code here is distributed under MIT licence.