Skip to content

Commit

Permalink
use socket to reach clamd (#287)
Browse files Browse the repository at this point in the history
* use socket to reach clamd

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>

* check if the file is opened for read

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>

* bitwise operation

Signed-off-by: Amir Malka <amirm@armosec.io>

* reverting image for tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* updated docker image of clamav

Signed-off-by: Amir Malka <amirm@armosec.io>

* add malware detection test

Signed-off-by: Amir Malka <amirm@armosec.io>

---------

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
Signed-off-by: Amir Malka <amirm@armosec.io>
Co-authored-by: Amir Malka <amirm@armosec.io>
  • Loading branch information
matthyx and amirmalka authored May 20, 2024
1 parent 5cccc88 commit 1c5de46
Show file tree
Hide file tree
Showing 18 changed files with 519 additions and 255 deletions.
1 change: 1 addition & 0 deletions .github/workflows/component-tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ jobs:
Test_06_KillProcessInTheMiddle,
Test_07_RuleBindingApplyTest,
Test_08_ApplicationProfilePatching,
Test_10_MalwareDetectionTest,
# Test_10_DemoTest
# Test_11_DuplicationTest
]
Expand Down
16 changes: 16 additions & 0 deletions clamav/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
ARG CLAMAV_VERSION

FROM ubuntu:23.10 as builder
ARG SOCKS_PROXY
ENV SOCKS_PROXY=$SOCKS_PROXY
RUN apt-get update && apt-get install -y python3 python3-pip clamav
COPY create-filtered-clam-db.sh /
RUN /create-filtered-clam-db.sh

FROM clamav/clamav-debian:${CLAMAV_VERSION}
RUN apt-get update && apt-get install -y netcat
COPY ./init.sh /init
RUN mkdir -p /var/lib/clamav || true
COPY --from=builder main.cud /var/lib/clamav/main.cud
RUN chmod +x /init && chown clamav:clamav /var/lib/clamav
ENV CLAMAV_NO_FRESHCLAMD=true
10 changes: 10 additions & 0 deletions clamav/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
DOCKERFILE_PATH=./Dockerfile
BINARY_NAME=klamav

IMAGE?=quay.io/kubescape/$(BINARY_NAME)
TAG?=1.2.0-6_base

docker-build:
docker buildx build --build-arg CLAMAV_VERSION=$(TAG) --platform linux/amd64 -t $(IMAGE):$(TAG) -f $(DOCKERFILE_PATH) .
docker-push:
docker push $(IMAGE):$(TAG)
1 change: 1 addition & 0 deletions clamav/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# ClamAV
88 changes: 88 additions & 0 deletions clamav/create-filtered-clam-db.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
#!/bin/bash
set -x

# Create a temporary directory:
mkdir -p tmp

# Get into it
pushd tmp

# Check if main.cvd exists
if [ -f ~/.cvdupdate/database/main.cvd ]
then
echo "main.cvd already exists"
cp ~/.cvdupdate/database/main.cvd .
else
echo "main.cvd does not exist, downloading it"
rm -rf ~/.cvdupdate
python3 -m pip install --user cvdupdate --break-system-packages
python3 -m cvdupdate update -V
return_code=$?
if [ $return_code -ne 0 ]
then
echo "Failed to download main.cvd (http code: $return_code)"
exit 1
fi
cp ~/.cvdupdate/database/main.cvd .
fi


# unpack the main.cvd
sigtool --unpack main.cvd
if [ $? -ne 0 ]
then
echo "Failed to unpack main.cvd"
exit 1
fi
rm main.cvd

# Loop over all the files in the tmp directory
for file in *
do
# If the file has one line, skip
if [ $(wc -l < $file) -eq 1 ]
then
echo "Skipping $file"
continue
fi

# If the file is the COPYING or main.cvd file, skip
if [ $(basename $file) == "main.cvd" ]
then
echo "Skipping $file"
continue
fi
if [ $(basename $file) == "COPYING" ]
then
echo "Skipping $file"
continue
fi

# Filter out the lines that does not contain the word "Unix" or "Multios"
grep -v -E "Win\.|Osx\." $file > $file.tmp
mv $file.tmp $file
# If the file is empty, delete it
if [ $(wc -l < $file) -eq 0 ]
then
echo "Deleting $file"
rm $file
fi
done


sigtool --version
printf "slashben\n" | sigtool --build=main.cud --unsigned
if [ $? -ne 0 ]
then
echo "Failed to build main.cud"
exit 1
fi


# Get back
popd

cp tmp/main.cud main.cud

# Clean up
rm -rf tmp
89 changes: 89 additions & 0 deletions clamav/init.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
#!/usr/bin/env sh
# SPDX-License-Identifier: GPL-2.0-or-later
#
# Copyright (C) 2021 Olliver Schinagl <oliver@schinagl.nl>
# Copyright (C) 2021-2023 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
#
# A beginning user should be able to docker run image bash (or sh) without
# needing to learn about --entrypoint
# https://github.com/docker-library/official-images#consistency

set -eu

if [ ! -d "/run/clamav" ]; then
install -d -g "clamav" -m 775 -o "clamav" "/run/clamav"
fi

# Assign ownership to the database directory, just in case it is a mounted volume
chown -R clamav:clamav /var/lib/clamav

# run command if it is not starting with a "-" and is an executable in PATH
if [ "${#}" -gt 0 ] && \
[ "${1#-}" = "${1}" ] && \
command -v "${1}" > "/dev/null" 2>&1; then
# Ensure healthcheck always passes
CLAMAV_NO_CLAMD="true" exec "${@}"
else
if [ "${#}" -ge 1 ] && \
[ "${1#-}" != "${1}" ]; then
# If an argument starts with "-" pass it to clamd specifically
exec clamd "${@}"
fi
# else default to running clamav's servers

# Help tiny-init a little
mkdir -p "/run/lock"
ln -f -s "/run/lock" "/var/lock"

# Ensure we have some virus data, otherwise clamd refuses to start
if [ "${CLAMAV_NO_FRESHCLAMD:-false}" != "true" ]; then
if [ ! -f "/var/lib/clamav/main.cvd" ]; then
echo "Updating initial database"
freshclam --foreground --stdout
fi
fi

# Start freshclamd if not disabled
if [ "${CLAMAV_NO_FRESHCLAMD:-false}" != "true" ]; then
echo "Starting Freshclamd"
freshclam \
--checks="${FRESHCLAM_CHECKS:-1}" \
--daemon \
--foreground \
--stdout \
--user="clamav" \
&
fi

if [ "${CLAMAV_NO_CLAMD:-false}" != "true" ]; then
echo "Starting ClamAV"
if [ -S "/run/clamav/clamd.sock" ]; then
unlink "/run/clamav/clamd.sock"
fi
if [ -S "/tmp/clamd.sock" ]; then
unlink "/tmp/clamd.sock"
fi
clamd --foreground &
while [ ! -S "/run/clamav/clamd.sock" ] && [ ! -S "/tmp/clamd.sock" ]; do
if [ "${_timeout:=0}" -gt "${CLAMD_STARTUP_TIMEOUT:=1800}" ]; then
echo
echo "Failed to start clamd"
exit 1
fi
printf "\r%s" "Socket for clamd not found yet, retrying (${_timeout}/${CLAMD_STARTUP_TIMEOUT}) ..."
sleep 1
_timeout="$((_timeout + 1))"
done
echo "socket found, clamd started."
fi

if [ "${CLAMAV_NO_MILTERD:-true}" != "true" ]; then
echo "Starting clamav milterd"
clamav-milter &
fi

# Wait forever (or until canceled)
exec tail -f "/dev/null"
fi

exit 0
Loading

0 comments on commit 1c5de46

Please sign in to comment.