From d7656608a31cf7b927754d76e13820ba1f55eb49 Mon Sep 17 00:00:00 2001 From: Michael Kuron Date: Sun, 16 Apr 2017 18:29:13 +0200 Subject: [PATCH] ClamAV virus scanning --- data/Dockerfiles/clamav/Dockerfile | 3 --- data/Dockerfiles/clamav/bootstrap.sh | 4 ++-- data/conf/rspamd/local.d/antivirus.conf | 19 +++++++++++++++++++ docker-compose.yml | 17 +++++++++++++++++ 4 files changed, 38 insertions(+), 5 deletions(-) create mode 100644 data/conf/rspamd/local.d/antivirus.conf diff --git a/data/Dockerfiles/clamav/Dockerfile b/data/Dockerfiles/clamav/Dockerfile index 5fc44d9a..4ee918a5 100755 --- a/data/Dockerfiles/clamav/Dockerfile +++ b/data/Dockerfiles/clamav/Dockerfile @@ -33,9 +33,6 @@ RUN sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/clamd.conf && \ echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \ sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf -# volume provision -VOLUME ["/var/lib/clamav"] - # port provision EXPOSE 3310 diff --git a/data/Dockerfiles/clamav/bootstrap.sh b/data/Dockerfiles/clamav/bootstrap.sh index 635e93ea..2ac2f220 100755 --- a/data/Dockerfiles/clamav/bootstrap.sh +++ b/data/Dockerfiles/clamav/bootstrap.sh @@ -15,7 +15,7 @@ latest_exit=0 # define shutdown helper function shutdown() { - trap "" SUBS + trap "" EXIT for single in $pidlist; do if ! kill -0 $pidlist 2>/dev/null; then @@ -28,7 +28,7 @@ function shutdown() { } # run shutdown -trap terminate SUBS +trap terminate EXIT wait # return received result diff --git a/data/conf/rspamd/local.d/antivirus.conf b/data/conf/rspamd/local.d/antivirus.conf new file mode 100644 index 00000000..87b802f5 --- /dev/null +++ b/data/conf/rspamd/local.d/antivirus.conf @@ -0,0 +1,19 @@ +clamav { + # If set force this action if any virus is found (default unset: no action is forced) + action = "reject"; + # if `true` only messages with non-image attachments will be checked (default true) + attachments_only = true; + # If `max_size` is set, messages > n bytes in size are not scanned + #max_size = 20000000; + # symbol to add (add it to metric if you want non-zero weight) + symbol = "CLAM_VIRUS"; + # type of scanner: "clamav", "fprot", "sophos" or "savapi" + type = "clamav"; + # If set true, log message is emitted for clean messages + #log_clean = false; + # servers to query (if port is unspecified, scanner-specific default is used) + # can be specified multiple times to pool servers + # can be set to a path to a unix socket + servers = "clamav:3310"; + timeout = 5; +} diff --git a/docker-compose.yml b/docker-compose.yml index b3d18790..6ace9657 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -253,6 +253,22 @@ services: aliases: - nginx + clamav-mailcow: + image: mailcow/clamav + depends_on: + - bind9-mailcow + build: ./data/Dockerfiles/clamav + volumes: + - clamav-vol-1:/var/lib/clamav + restart: always + dns: + - 172.22.1.254 + dns_search: mailcow-network + networks: + mailcow-network: + aliases: + - clamav + networks: mailcow-network: driver: bridge @@ -269,3 +285,4 @@ volumes: rspamd-vol-1: postfix-vol-1: crypt-vol-1: + clamav-vol-1: