Giter Site home page Giter Site logo

thebaconguy / docker-antivirus Goto Github PK

View Code? Open in Web Editor NEW

This project forked from rordi/docker-antivirus

1.0 2.0 0.0 44 KB

๐Ÿณ Build process for antivirus / malware scanning Docker image (antivirus as a microservice)

Home Page: https://www.linkedin.com/pulse/virus-malware-scanning-service-docker-dietrich-rordorf

License: MIT License

Shell 100.00%

docker-antivirus's Introduction

docker-antivirus

thebaconguy/docker-antivirus is a virus and malware scanner as a Docker microservice. It runs inotify as the main process that watches a pre-defined volume for file write events and calls clamscan for each new file that is written into the volume. We do not use the ClamAV daemon, which has a constant, large memory consumption.

Notes

  • The image may only be built once per hour on the same IP address due to download limitations of the ClamAV signatures
  • a running container instance consumes around 10 MB memory when idle
  • the image is maintained by Dietrich Rordorf, Ediqo
  • initially the Dockerfile was prepared for IWF
  • you can contribute to this project at https://github.com/rordi/docker-antivirus

Changes added in this fork (thebaconguy/docker-antivirus)

  • Copies files to temp scanning directory instead of moving them, allowing files to continue being used (e.g. seeding) until they are found to be malicious. Inspired by this great comment
  • This also means the '/data/av/ok' volume will be unused, as the scanned files will stay where they originally were in '/data/av/queue' unless a scan says they're dirty and moves them into quarantine.

Version 2

  • released 06.11.2017
  • use supervisord as main command, spawning inotify and cron as subprocesses
  • refactor assets folder structure to reduce number of layers in resulting Docker image

Version 1

  • released 19.01.2017
  • first stable build

Quick start

If you simply want to try out the setup, copy the docker-compose.yml file from the repository to your local file system and run:

docker-compose up -d

Introduction

Build for thebaconguy/docker-antivirus Docker image running Linux Malware Detect (LMD) with ClamAV as the scanner.

thebaconguy/docker-antivirus provides a plug-in container to e.g. scan file uploads in web applications before further processing.

The container requires three volume mounts from where to take files to scan, and to deliver back scanned files and scan reports.

The container auto-updates the LMD and ClamAV virus signatures once per hour.

Optionally, an email alert can be sent to a specified email address whenever a virus/malware is detected in a file.

Required volume mounts

Please provide the following volume mounts at runtime (e.g. in your docker-compose file). The antivirus container expects the following paths to be present when running:

    /data/av/queue         --> files to be checked
    /data/av/ok            --> checked files (ok)
    /data/av/nok           --> scan reports for infected files

Additionally, you may mount the quarantine folder and provide it to the antivirus container at the following path (this might be useful if you want to process the quarantined files from another container):

    /data/av/quarantine    --> quarantined files

Docker Pull & Run

To install the container, pull it from the Docker registry (latest tag refers to the master branch, use dev tag for dev branch):

docker pull thebaconguy/docker-antivirus:latest

To run the docker container, use the following command. If you pass an email address as the last argument, email alerts will be activated and sent to this email address whenever a virus is detected.

docker run -tid --name docker-antivirus thebaconguy/docker-antivirus [[email protected]]

Docker Build & Run

To build your own image, clone the repo and cd into the cloned repository root folder. Then, build as follows:

docker build -t docker-antivirus .

To start the built image, run the following command. Optionally pass an email address to activate email alerts when a virus/malware is detected:

docker run -tid --name docker-antivirus docker-antivirus:latest [[email protected]]

Testing

You can use the EICAR test file to test the AV setup. (Caution: create the file yourself and copy-paste the file content that can be found on the linked Wikipedia article.)

Mounting volumes with docker-compose

Here is an exmple entry that you can use in your docker-compose file to easily plug in the container into your existing network. Replace "networkid" with your actual netwerk id. Optionally turn on email alerts by uncommenting the "command". Finally, make sure the ./data/av/... folders exist on your local/host system or change the paths.

docker-av:
  image: thebaconguy/docker-antivirus
  container_name: docker-av
  # uncomment and set the email address to receive email alerts when viruses are detected
  #command:
  # - /usr/local/install_alerts.sh [email protected]
  volumes:
    - ./data/queue:/data/av/queue
    - ./data/ok:/data/av/ok
    - ./data/nok:/data/av/nok
  networks:
    - yournetworkid

docker-antivirus's People

Contributors

rordi avatar thebaconguy avatar

Stargazers

 avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.