Merge pull request #3 from bcgov/adding-clamav-container-information

Initial Clamav commit for setup
bcgov · Nov 15, 2023 · ef27186 · ef27186
2 parents d53eecf + 1d1e7e5
commit ef27186
Show file tree

Hide file tree

Showing 7 changed files with 1,227 additions and 0 deletions.
diff --git a/containers/clamav/.gitignore b/containers/clamav/.gitignore
@@ -0,0 +1,110 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# SonarQube
+.sonarqube
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# env file used by local and docker builds/runs
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# Next.js build output
+.next
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and *not* Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Apple macOS folder attributes file
+**/.DS_Store
diff --git a/containers/clamav/Dockerfile b/containers/clamav/Dockerfile
@@ -0,0 +1,39 @@
+FROM registry.access.redhat.com/ubi8/ubi
+
+LABEL name="ubi8-clamav" \
+      vendor="Red Hat" \
+      version="0.1.0" \
+      release="1" \
+      summary="UBI 8 ClamAV" \
+      description="ClamAV for UBI 8" \
+      maintainer="EPIC"
+
+RUN yum -y update \
+  && yum -y install yum-utils \
+  && rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 \
+  && yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+RUN yum install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
+RUN yum install -y wget
+
+COPY config/clamd.conf /etc/clamd.conf
+COPY config/freshclam.conf /etc/freshclam.conf
+
+RUN mkdir /opt/app-root
+RUN mkdir /opt/app-root/src
+RUN chown -R 1001:0 /opt/app-root/src
+RUN chmod -R ug+rwx /opt/app-root/src
+
+# # To fix check permissions error for clamAV
+RUN mkdir /var/log/clamav
+RUN touch /var/log/clamav/clamav.log
+RUN touch /var/log/clamav/freshclam.log
+RUN chown -R 1001:0 /var/log/clamav
+RUN chmod -R ug+rwx /var/log/clamav
+
+RUN chown -R 1001:0 /opt/app-root/src
+
+USER 1001
+
+EXPOSE 3310
+
+CMD freshclam && clamd -c /etc/clamd.conf
diff --git a/containers/clamav/README.md b/containers/clamav/README.md
@@ -0,0 +1,35 @@
+# ClamAV
+
+ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
+
+This is a repo setup for utilization in Red Hat Openshift. This solution allows you to create a pod in your openshift environment to scan any file for known virus signatures, quickly and effectively.
+
+The builds package the barebones service, and the deployment config will download latest signatures on first run.
+
+Freshclam can be run within the container at any time to update the existing signatures. Alternatively, you can re-deploy which will fetch the latest into the running container.
+
+This clamav setup is cloned from the repo: https://github.com/bcgov/clamav
+
+## Prerequisites For Deploying On OpenShift
+
+### Import Base Image for `ubi8/ubi` Used By `clamav-bc.yaml`
+
+- Fetch latest version
+
+  ```
+  oc import-image ubi8/ubi:latest --from=registry.access.redhat.com/ubi8/ubi:latest --confirm
+  ```
+
+Openshift documentation on importing images
+
+- https://catalog.redhat.com/software/containers/ubi8/ubi/5c359854d70cc534b3a3784e?tag=latest&push_date=1673532745000&architecture=amd64&container-tabs=gti&gti-tabs=unauthenticated
+
+  - See `oc import-image` command
+
+## Build/Deployment
+
+The templates in the `./openshift/templates` will build and deploy the app. Modify to suit your own environment.
+
+The build config `./openshift/templates/clamav-bc.yaml` will create your builder image (ideally in your tools project), and the deployment config `./openshift/templates/clamav-dc.yaml` will create the pod deployment.
+
+Modify the environment variables defined in both the build config and deployment config appropriately.