From 10c731fea01a55dc56b9b11c812e83a6a1826031 Mon Sep 17 00:00:00 2001
From: Jan-Philipp Litza <jplitza@users.noreply.github.com>
Date: Sun, 28 Apr 2024 12:11:10 +0200
Subject: [PATCH] fix(clamav): Switch to official clamav image (#456)

Co-authored-by: Jan-Philipp Litza <Jan-Philipp.Litza@dataport.de>
---
 charts/clamav/Chart.yaml                 |  4 ++--
 charts/clamav/templates/_helpers.tpl     |  9 +++++++++
 charts/clamav/templates/statefulset.yaml |  4 +++-
 charts/clamav/values.yaml                | 10 ++++------
 4 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/charts/clamav/Chart.yaml b/charts/clamav/Chart.yaml
index 867e8ba7..7166858c 100644
--- a/charts/clamav/Chart.yaml
+++ b/charts/clamav/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 description: An Open-Source antivirus engine for detecting trojans, viruses, malware & other malicious threats. Using Mailu docker image.
 name: clamav
-version: 2.8.3
-appVersion: "1.9.50"
+version: 3.0.0
+appVersion: "1.3.0"
 home: https://www.clamav.net
 icon: https://www.clamav.net/assets/clamav-trademark.png
 sources:
diff --git a/charts/clamav/templates/_helpers.tpl b/charts/clamav/templates/_helpers.tpl
index cd8764ec..32d8fc00 100644
--- a/charts/clamav/templates/_helpers.tpl
+++ b/charts/clamav/templates/_helpers.tpl
@@ -63,3 +63,12 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- end -}}
 
+{{- define "clamav.entrypoint" -}}
+{{- if .Values.entrypoint -}}
+{{ .Values.entrypoint }}
+{{- else if eq (default 0 .Values.podSecurityContext.runAsUser | int) 0 -}}
+/init
+{{- else -}}
+/init-unprivileged
+{{- end -}}
+{{- end -}}
diff --git a/charts/clamav/templates/statefulset.yaml b/charts/clamav/templates/statefulset.yaml
index 555a4741..c367f0ec 100644
--- a/charts/clamav/templates/statefulset.yaml
+++ b/charts/clamav/templates/statefulset.yaml
@@ -35,7 +35,9 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "%s_base" .Chart.AppVersion) }}"
+          command:
+            - {{ include "clamav.entrypoint" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
diff --git a/charts/clamav/values.yaml b/charts/clamav/values.yaml
index 2c1e3a16..ec0e8027 100644
--- a/charts/clamav/values.yaml
+++ b/charts/clamav/values.yaml
@@ -5,8 +5,7 @@
 replicaCount: 1
 
 image:
-  # TODO: Switch to clamav/clamav container
-  repository: ghcr.io/mailu/clamav
+  repository: clamav/clamav
   tag: ""  # If not defined, uses appVersion
   pullPolicy: IfNotPresent
 
@@ -23,8 +22,9 @@ fullnameOverride: ""
 
 podSecurityContext:
   runAsNonRoot: true
-  runAsUser: 2000
-  runAsGroup: 2000
+  runAsUser: 100
+  runAsGroup: 101
+  fsGroup: 101
 
 securityContext:
   allowPrivilegeEscalation: false
@@ -73,8 +73,6 @@ clamdConfig: |
   # CUSTOM: Use pid file in tmp
   PidFile /tmp/clamd.pid
   LocalSocket /tmp/clamd.sock
-  # CUSTOM: Set local socket group to defined group id
-  LocalSocketGroup 2000
   TCPSocket 3310
   Foreground yes