Running clamav in Docker under Linux

I’m running ClamAV [1] on an Ubuntu 18.04 server in Docker and wanted to document, for posteriority and my own dementia, the setup process and considerations.

Thankfully there is an official (?), well-maintained ClamAV image on Docker hub. ClamAV can run stand-alone or as a tandem of CLI tool and daemon – I prefer the latter because it defers signature updating from the time of scanning and supports multi-threading, which the stand-alone version doesn’t.

The run-clamd.sh script which runs the ClamAV daemon in a container. The container auto-restarts and mounts a socket file, which speeds up communication between the client and the daemon. A weekly cron job runs the script, just to make sure the signature database is updated.

#!/bin/sh
base=/home/george/clamav
cd "$base"
echo pulling new clamav image
docker pull clamav/clamav:stable || exit 1 
chmod -R a+rwx "$base/sockets"
chmod -R a+rwx "$base/signaturedb"

echo removing old clamd container
docker stop clamd || echo no container running 
docker rm clamd || echo no clamd container found
docker run \
    --name "clamd" \
    --volume /home/george/clamav/signaturedb:/var/lib/clamav \
    --volume /:/scandir:ro \
    --mount type=bind,source=/home/george/clamav/sockets/,target=/run/clamav/ \
    -d \
    --restart always \
    clamav/clamav:stable

And the run-scan.sh script which starts the ClamAV scan tool. A monthly cron job runs the script on the entire server.

#!/bin/sh

base=/home/george/clamav

docker stop clamscan || echo clamscan container not running
docker rm clamscan || echo clamscan container not found
echo running clamscan

docker run -it --rm \
    --name "clamscan" \
    --volume /:/scandir:ro \
    --mount type=bind,source=$base/sockets/,target=/run/clamav/ \
    --user root \
    clamav/clamav:stable_base \
    clamdscan /scandir

Resources

[1] ClamAV project page
https://www.clamav.net/

[2] ClamAV on Docker hub
https://hub.docker.com/r/clamav/clamav

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.