search

bcgov / clamav

Clamav service for openshift, providing virus scanning functionality.
Apache License 2.0
7 stars 17 forks source link
antivirus clamav clamav-service openshift

readme

Image of ClamAV

ClamAV License Lifecycle:Stable

ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

This is a repo setup for utilization in Red Hat Openshift. This solution allows you to create a pod in your openshift environment to scan any file for known virus signatures, quickly and effectively.

The builds package the barebones service, and the deployment config will download latest signatures on first run.

Freshclam can be run within the container at any time to update the existing signatures. Alternatively, you can re-deploy which will fetch the latest into the running container.

Deployment

The templates in the openshift/templates will build and deploy the app. Modify to suit your own environment. openshift/templates/clamav-bc.conf will create your builder image (ideally in your tools project), and openshift/templates/clamav-dc.conf will create the pod deployment. Modify the environment variables defined in both the build config and deployment config appropriately.

Deploy with Helm

The Helm chart deploys a standard StatefulSet. This deployment should work on OpenShift Local, kind or even Docker Desktop

OpenShift or OpenShift Local

  1. Optional: if running on openshift local, create a namespace 
    oc new-project clamav-demo
  2. Import the build config template and create the build config
oc apply -f openshift/clamav-bc.conf -n clamav-demo
oc new-app --template=clamav

  1. Start a build

    oc start-build clamav-build

  2. When the build is complete, new image stream tag should be avilable, clamav with a single image stream tag clamav:latest

  3. Deploy, if running locally be sure to set the clamav.freshclam.mirrors to something your instance can reach. By default the mirrors are configured for internal BC Gov mirror.

cd charts
helm install clamav clamav --set clamav.image=image-registry.openshift-image-registry.svc:5000/clamav-demo/clamav --set clamav.freshclam.mirrors[0]=https://db.us.clamav.net

Kind

Below are the steps required to deploy to kind. When the container starts up it will need to pull the latest virus defintions. It can take a little while before the pods are ready.

docker build -f Dockerfile . -t clamav:latest

kind create cluster
kind load docker-image clamav:latest
cd charts
helm install clamav clamav --set clamav.image=docker.io/library/clamav --set clamav.imagePullPolicy=Never

The commands are:

  1. Build the docker image, tagging it as latest
  2. Create a kind cluster
  3. Load the build image into the cluster node(s)
  4. Chages into the charts subdirectory
  5. Install the helm chart changing the docker image to the loaded image and changing the pull policy so it uses the loaded image.

To clean up everything,

docker rmi clamav:latest
kind delete cluster

Getting Help or Reporting an Issue

To report bugs/issues/feature requests, please file an issue.