7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
61f776173f00c064f2aa3c3cbdf35c1e32357cbe
mailcow-dockerized/data/Dockerfiles/clamd/clamd.sh

104 lines
2.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
echo "SKIP_CLAMD=y, skipping ClamAV..."
sleep 365d
exit 0
fi
# Cleaning up garbage
echo "Cleaning up tmp files..."
rm -rf /var/lib/clamav/clamav-*.tmp
# Prepare whitelist
mkdir -p /run/clamav /var/lib/clamav
if [[ -s /etc/clamav/whitelist.ign2 ]]; then
echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
fi
if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
echo "Creating /var/lib/clamav/whitelist.ign2"
cat <<EOF > /var/lib/clamav/whitelist.ign2
# Please restart ClamAV after changing signatures
Example-Signature.Ignore-1
PUA.Pdf.Trojan.EmbeddedJavaScript-1
EOF
fi
chown clamav:clamav -R /var/lib/clamav /run/clamav
chmod 755 /var/lib/clamav
chmod 644 -R /var/lib/clamav/*
chmod 750 /run/clamav
stat /var/lib/clamav/whitelist.ign2
dos2unix /var/lib/clamav/whitelist.ign2
sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2
# Copying to /etc/clamav to expose file as-is to administrator
cp -p /var/lib/clamav/whitelist.ign2 /etc/clamav/whitelist.ign2
BACKGROUND_TASKS=()
echo "Running freshclam..."
freshclam
(
while true; do
sleep 12600
freshclam
done
) &
BACKGROUND_TASKS+=($!)
(
while true; do
sleep 10m
SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"
for sane_mirror in ${SANE_MIRRORS}; do
CE=
rsync -avp --chown=clamav:clamav --chmod=Du=rwx,Dgo=rx,Fu=rw,Fog=r --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
--include 'blurl.ndb' \
--include 'junk.ndb' \
--include 'jurlbl.ndb' \
--include 'jurbla.ndb' \
--include 'phishtank.ndb' \
--include 'phish.ndb' \
--include 'spamimg.hdb' \
--include 'scam.ndb' \
--include 'rogue.hdb' \
--include 'sanesecurity.ftm' \
--include 'sigwhitelist.ign2' \
--exclude='*' /var/lib/clamav/
CE=$?
chmod 755 /var/lib/clamav/
if [ ${CE} -eq 0 ]; then
while [ ! -z "$(pidof freshclam)" ]; do
echo "Freshclam is active, waiting..."
sleep 5
done
echo RELOAD | nc clamd-mailcow 3310
break
fi
done
sleep 12h
done
) &
BACKGROUND_TASKS+=($!)
nice -n10 clamd &
BACKGROUND_TASKS+=($!)
while true; do
for bg_task in ${BACKGROUND_TASKS[*]}; do
if ! kill -0 ${bg_task} 1>&2; then
echo "Worker ${bg_task} died, stopping container waiting for respawn..."
kill -TERM 1
fi
sleep 10
done
done
Reference in New Issue View Git Blame Copy Permalink