From b0eb5989fa20d7d52877f4f1f4976aec53caf00e Mon Sep 17 00:00:00 2001 From: Yi Sheng Yap Date: Thu, 14 Feb 2019 15:11:14 +0800 Subject: [PATCH] Add more configuration options for ClamAV - Scan alerts - On Access Scanning --- Dockerfile | 22 +++++++++++++++++++++- alert.sh | 10 ++++++++++ eicar.test | 1 + scan-target/eicar.com.txt | 1 + scan-target/random.txt | 1 + 5 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 alert.sh create mode 100644 eicar.test create mode 100644 scan-target/eicar.com.txt create mode 100644 scan-target/random.txt diff --git a/Dockerfile b/Dockerfile index 4fadc82..947aac9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,11 +14,31 @@ RUN apk --no-cache add clamav clamav-libunrar \ && mkdir /run/clamav \ && chown clamav:clamav /run/clamav +# Configure clamAV to run in foreground with port 3310 RUN sed -i 's/^#Foreground .*$/Foreground true/g' /etc/clamav/clamd.conf \ && sed -i 's/^#TCPSocket .*$/TCPSocket 3310/g' /etc/clamav/clamd.conf \ && sed -i 's/^#Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf -RUN freshclam --quiet + +# Configure scan alerts +RUN touch /var/log/clamav-infected.log && chmod 0777 /var/log/clamav-infected.log +COPY ./alert.sh /opt/clamav-utils/ +RUN chmod -Rf 0755 /opt/clamav-utils/alert.sh +RUN sed -i 's:^#VirusEvent .*$:VirusEvent /opt/clamav-utils/alert.sh:g' /etc/clamd.d/scan.conf + + +# Configure ClamAV user, ScanOnAccess requires root +#RUN sed -i 's/^User .*$/User root/g' /etc/clamd.d/scan.conf + + +# ScanOnAccess configurations +RUN mkdir /scan-target +RUN sed -i 's/^#ScanOnAccess .*$/ScanOnAccess yes/g' /etc/clamav/clamd.conf \ + && sed -i 's:#OnAccessMountPath /home/user:&\r\nOnAccessMountPath /scan-target:g' /etc/clamav/clamd.conf + + +RUN freshclam -v --no-dns +# --quiet # Build go package ADD . /go/src/clamav-rest/ diff --git a/alert.sh b/alert.sh new file mode 100644 index 0000000..fa825be --- /dev/null +++ b/alert.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +echo "$(date) - $CLAM_VIRUSEVENT_VIRUSNAME > $CLAM_VIRUSEVENT_FILENAME" >> /var/log/clamav-infected.log +if [ -e "$CLAM_VIRUSEVENT_FILENAME" ] && [ ! -d "$CLAM_VIRUSEVENT_FILENAME" ]; then + echo "Virus $CLAM_VIRUSEVENT_FILENAME exist and is not a directory" + # rm $CLAM_VIRUSEVENT_FILENAME +fi + + +# curl {API} \ No newline at end of file diff --git a/eicar.test b/eicar.test new file mode 100644 index 0000000..a2463df --- /dev/null +++ b/eicar.test @@ -0,0 +1 @@ +X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* \ No newline at end of file diff --git a/scan-target/eicar.com.txt b/scan-target/eicar.com.txt new file mode 100644 index 0000000..704cac8 --- /dev/null +++ b/scan-target/eicar.com.txt @@ -0,0 +1 @@ +X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* diff --git a/scan-target/random.txt b/scan-target/random.txt new file mode 100644 index 0000000..08e00ed --- /dev/null +++ b/scan-target/random.txt @@ -0,0 +1 @@ +Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. \ No newline at end of file