Running clamav in Docker under Linux

security

Update 2023.10.20: there is a newer version on Github [3]

I’m running ClamAV [1] on an Ubuntu 18.04 server in Docker and wanted to document, for posteriority and my own dementia, the setup process and considerations.

Thankfully there is an official (?), well-maintained ClamAV image on Docker hub. ClamAV can run stand-alone or as a tandem of CLI tool and daemon – I prefer the latter because it defers signature updating from the time of scanning and supports multi-threading, which the stand-alone version doesn’t.

The run-clamd.sh script which runs the ClamAV daemon in a container. The container auto-restarts and mounts a socket file, which speeds up communication between the client and the daemon. A weekly cron job runs the script, just to make sure the signature database is updated. You must adjust the “base” variable, unless your user name is george.

run-daemon.sh

#!/bin/sh
base=/home/george/clamav
dirtoscan=/

cd "$base"
echo pulling new clamav image
docker pull clamav/clamav:stable || exit 1 

mkdir "$base/sockets"
mkdir "$base/signaturedb"


chmod -R a+rwx "$base/sockets"
chmod -R a+rwx "$base/signaturedb"

echo removing old clamd container
docker stop clamd || echo no container running 
docker rm clamd || echo no clamd container found
docker run \
    --name "clamd" \
    --volume /home/george/clamav/signaturedb:/var/lib/clamav \
    --volume "$dirtoscan":/scandir:ro \
    --mount type=bind,source=$base/sockets/,target=/tmp/ \
    -d \
    --restart always \
    clamav/clamav:stable

And the run-scan.sh script which starts the ClamAV scan tool. A monthly cron job runs the script on the entire server.

#!/bin/sh

base=/home/george/clamav

docker stop clamscan || echo clamscan container not running
docker rm clamscan || echo clamscan container not found
echo running clamscan

docker run -it --rm \
    --name "clamscan" \
    --volume /:/scandir:ro \
    --mount type=bind,source=$base/sockets/,target=/tmp/ \
    --user root \
    clamav/clamav:stable_base \
    clamdscan /scandir

Make sure clamd started properly before running the scan.

Resources

[1] ClamAV project page
https://www.clamav.net/

[2] ClamAV on Docker hub
https://hub.docker.com/r/clamav/clamav

[3] Clamav docker on Github
https://github.com/ggeorgovassilis/linuxscripts/tree/master/clamav

Published

2 thoughts on “Running clamav in Docker under Linux

  1. Hi George,
    Hope you are doing good!

    While following your document, I am getting below error.

    ERROR: Could not connect to clamd on LocalSocket /tmp/clamd.sock: No such file or directory

    Kindly comment here the soultion if possible

    Like

    Reply

    1. Hello Vinod. Please wait for clamd to start – on my laptop that takes about half a minute. You can look at the logs with “docker logs -f clamd” and wait for a “clamd started” message. I refactored the code a bit and updated the description.

      Like

      Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.