-
Notifications
You must be signed in to change notification settings - Fork 42
Expand file tree
/
Copy pathcentos.Dockerfile
More file actions
76 lines (60 loc) · 2.27 KB
/
centos.Dockerfile
File metadata and controls
76 lines (60 loc) · 2.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
FROM quay.io/centos/centos:stream9 as build
# Set timezone to Europe/Zurich
ENV TZ=Europe/Zurich
# Install golang
RUN mkdir -p /go && chmod -R 777 /go \
&& dnf -y update \
&& dnf -y group install "Development Tools" \
&& dnf install -y epel-release \
&& dnf -y install golang \
&& dnf clean all
ENV GOPATH=/go \
PATH="$GOPATH/bin:/usr/local/go/bin:$PATH"
# Build go package
ADD . /go/src/clamav-rest/
RUN cd /go/src/clamav-rest && go mod tidy && go build -v
FROM quay.io/centos/centos:stream9
# Copy compiled clamav-rest binary from build container to production container
COPY --from=build /go/src/clamav-rest/clamav-rest /usr/bin/
# Install ClamAV
RUN dnf -y update \
&& dnf install -y epel-release \
&& dnf install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd nc \
&& mkdir /run/clamav \
&& chown clamscan:clamscan /run/clamav \
# Clean
&& dnf clean -y all --enablerepo='*' \
&& rm -Rf /tmp/*
# Configure clamAV to run in foreground with port 3310
RUN sed -i 's/^Example$/# Example/g' /etc/clamd.d/scan.conf \
&& sed -i 's/^#Foreground .*$/Foreground true/g' /etc/clamd.d/scan.conf \
&& sed -i 's/^#TCPSocket .*$/TCPSocket 3310/g' /etc/clamd.d/scan.conf \
&& sed -i 's/^#Foreground .*$/Foreground true/g' /etc/freshclam.conf
RUN freshclam --quiet --no-dns
ADD ./server.* /etc/ssl/clamav-rest/
COPY entrypoint.sh /usr/bin/
# Create folders for clamav so it matches what happens in entrypoint.sh
RUN install -d -m 0775 -oclamupdate -groot /var/log/clamav /etc/clamav /clamav /clamav/etc /clamav/data /clamav/tmp \
&& cp /etc/clamd.d/scan.conf /etc/clamav/clamd.conf \
&& cp /etc/freshclam.conf /etc/clamav/freshclam.conf \
&& chown clamupdate:root /etc/clamav/freshclam.conf
# On CentOS, clamupdate is the user.
USER clamupdate
EXPOSE 9000
EXPOSE 9443
ENV MAX_SCAN_SIZE=100M
ENV MAX_FILE_SIZE=25M
ENV MAX_RECURSION=16
ENV MAX_FILES=10000
ENV MAX_EMBEDDEDPE=10M
ENV MAX_HTMLNORMALIZE=10M
ENV MAX_HTMLNOTAGS=2M
ENV MAX_SCRIPTNORMALIZE=5M
ENV MAX_ZIPTYPERCG=1M
ENV MAX_PARTITIONS=50
ENV MAX_ICONSPE=100
ENV MAX_RECONNECT_TIME=30
ENV PCRE_MATCHLIMIT=100000
ENV PCRE_RECMATCHLIMIT=2000
ENV SIGNATURE_CHECKS=24
ENTRYPOINT [ "entrypoint.sh" ]