Move to staged build fangfish for signature updates
This commit is contained in:
tabledevil
31
Dockerfile
31
Dockerfile
@@ -1,30 +1,27 @@
|
||||
FROM python:3-alpine as builder
|
||||
RUN apk add -u --no-cache clamav clamav-dev freshclam bash clamav-libunrar
|
||||
RUN pip install fangfrisch
|
||||
RUN mkdir -m 0770 -p /var/lib/fangfrisch
|
||||
RUN chgrp clamav /var/lib/fangfrisch
|
||||
ADD fangfrisch.conf /etc/fangfrisch.conf
|
||||
USER clamav
|
||||
RUN fangfrisch --conf /etc/fangfrisch.conf initdb
|
||||
RUN fangfrisch --conf /etc/fangfrisch.conf refresh
|
||||
RUN freshclam
|
||||
|
||||
|
||||
FROM alpine
|
||||
ARG PUID=1001
|
||||
ARG PGID=1001
|
||||
|
||||
MAINTAINER tabledevil
|
||||
#install clamav
|
||||
RUN apk add -u --no-cache clamav clamav-dev freshclam bash
|
||||
#ADD unofficial signatures to freshclam
|
||||
RUN echo 'DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb' >> /etc/clamav/freshclam.conf
|
||||
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/badmacro.ndb' >> /etc/clamav/freshclam.conf
|
||||
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/blurl.ndb' >> /etc/clamav/freshclam.conf
|
||||
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/junk.ndb' >> /etc/clamav/freshclam.conf
|
||||
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbl.ndb' >> /etc/clamav/freshclam.conf
|
||||
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/lott.ndb' >> /etc/clamav/freshclam.conf
|
||||
RUN echo 'DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinclams.ldb' >> /etc/clamav/freshclam.conf
|
||||
RUN echo 'DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinwave.ign2' >> /etc/clamav/freshclam.conf
|
||||
#RUN freshclam
|
||||
RUN freshclam
|
||||
RUN apk add -u --no-cache clamav bash clamav-libunrar
|
||||
COPY --from=builder /var/lib/clamav /var/lib/clamav
|
||||
#add startscript
|
||||
ADD start.sh /start.sh
|
||||
RUN chmod +x /start.sh
|
||||
#customize clamav config
|
||||
RUN sed -ie 's/#DetectPUA yes/DetectPUA yes/p' /etc/clamav/clamd.conf
|
||||
RUN sed -ie 's/#AlertOLE2Macros yes/AlertOLE2Macros yes/p' /etc/clamav/clamd.conf
|
||||
#make freshclam suid so user can run it
|
||||
RUN chown root /usr/bin/freshclam
|
||||
RUN chmod u+s /usr/bin/freshclam
|
||||
#add user
|
||||
RUN addgroup -g ${PGID} user && \
|
||||
adduser -D -u ${PUID} -G user user
|
||||
|
||||
118
fangfrisch.conf
Normal file
118
fangfrisch.conf
Normal file
@@ -0,0 +1,118 @@
|
||||
[DEFAULT]
|
||||
cleanup = automatic
|
||||
enabled = false
|
||||
integrity_check = sha256
|
||||
log_level = INFO
|
||||
log_method = console
|
||||
max_size = 10MB
|
||||
db_url = sqlite:////var/lib/fangfrisch/db.sqlite
|
||||
local_directory = /var/lib/clamav
|
||||
on_update_timeout = 60
|
||||
|
||||
[urlhaus]
|
||||
enabled = yes
|
||||
max_size = 5MB
|
||||
|
||||
[twinwave]
|
||||
enabled = yes
|
||||
max_size = 5M
|
||||
integrity_check = disabled
|
||||
interval = 1h
|
||||
prefix = https://raw.githubusercontent.com/twinwave-security/twinclams/master/
|
||||
url_twinclams = ${prefix}twinclams.ldb
|
||||
url_twinwave_ign2 = ${prefix}twinwave.ign2
|
||||
|
||||
[sanesecurity]
|
||||
enabled = yes
|
||||
interval = 2h
|
||||
prefix = http://ftp.swin.edu.au/sanesecurity/
|
||||
!url_foxhole_all_cdb = ${prefix}foxhole_all.cdb
|
||||
!url_foxhole_all_ndb = ${prefix}foxhole_all.ndb
|
||||
!url_foxhole_mail = ${prefix}foxhole_mail.cdb
|
||||
!url_scamnailer = ${prefix}scamnailer.ndb
|
||||
!url_winnow_phish_complete = ${prefix}winnow_phish_complete.ndb
|
||||
url_badmacro = ${prefix}badmacro.ndb
|
||||
url_blurl = ${prefix}blurl.ndb
|
||||
url_bofhland_cracked_url = ${prefix}bofhland_cracked_URL.ndb
|
||||
url_bofhland_malware_attach = ${prefix}bofhland_malware_attach.hdb
|
||||
url_bofhland_malware_url = ${prefix}bofhland_malware_URL.ndb
|
||||
url_bofhland_phishing_url = ${prefix}bofhland_phishing_URL.ndb
|
||||
url_foxhole_filename = ${prefix}foxhole_filename.cdb
|
||||
url_foxhole_generic = ${prefix}foxhole_generic.cdb
|
||||
url_foxhole_js_cdb = ${prefix}foxhole_js.cdb
|
||||
url_foxhole_js_ndb = ${prefix}foxhole_js.ndb
|
||||
url_hackingteam = ${prefix}hackingteam.hsb
|
||||
url_junk = ${prefix}junk.ndb
|
||||
url_jurlbl = ${prefix}jurlbl.ndb
|
||||
url_jurlbla = ${prefix}jurlbla.ndb
|
||||
url_lott = ${prefix}lott.ndb
|
||||
url_malwareexpert_fp = ${prefix}malware.expert.fp
|
||||
url_malwareexpert_hdb = ${prefix}malware.expert.hdb
|
||||
url_malwareexpert_ldb = ${prefix}malware.expert.ldb
|
||||
url_malwareexpert_ndb = ${prefix}malware.expert.ndb
|
||||
url_malwarehash = ${prefix}malwarehash.hsb
|
||||
url_phish = ${prefix}phish.ndb
|
||||
url_phishtank = ${prefix}phishtank.ndb
|
||||
url_porcupine = ${prefix}porcupine.ndb
|
||||
url_rogue = ${prefix}rogue.hdb
|
||||
url_scam = ${prefix}scam.ndb
|
||||
url_shelter = ${prefix}shelter.ldb
|
||||
url_spamattach = ${prefix}spamattach.hdb
|
||||
url_spamimg = ${prefix}spamimg.hdb
|
||||
url_spear = ${prefix}spear.ndb
|
||||
url_spearl = ${prefix}spearl.ndb
|
||||
url_winnow_attachments = ${prefix}winnow.attachments.hdb
|
||||
url_winnow_bad_cw = ${prefix}winnow_bad_cw.hdb
|
||||
url_winnow_extended_malware = ${prefix}winnow_extended_malware.hdb
|
||||
url_winnow_extended_malware_links = ${prefix}winnow_extended_malware_links.ndb
|
||||
url_winnow_malware = ${prefix}winnow_malware.hdb
|
||||
url_winnow_malware_links = ${prefix}winnow_malware_links.ndb
|
||||
url_winnow_phish_complete_url = ${prefix}winnow_phish_complete_url.ndb
|
||||
url_winnow_spam_complete = ${prefix}winnow_spam_complete.ndb
|
||||
|
||||
[malwarepatrol]
|
||||
enabled=yes
|
||||
interval = 1d
|
||||
integrity_check = disabled
|
||||
product = 8
|
||||
receipt = you_forgot_to_configure_receipt
|
||||
prefix = https://lists.malwarepatrol.net/cgi/getfile?product=${product}&receipt=${receipt}&list=
|
||||
url_clamav_basic = ${prefix}clamav_basic
|
||||
filename_clamav_basic = malwarepatrol.db
|
||||
|
||||
[clampunch]
|
||||
enabled = yes
|
||||
max_size = 2M
|
||||
integrity_check = disabled
|
||||
interval = 24h
|
||||
prefix = https://raw.githubusercontent.com/wmetcalf/clam-punch/master/
|
||||
url_miscreantpunch099low = ${prefix}MiscreantPunch099-Low.ldb
|
||||
url_exexor99 = ${prefix}exexor99.ldb
|
||||
url_miscreantpuchhdb = ${prefix}miscreantpunch.hdb
|
||||
|
||||
[rfxn]
|
||||
enabled = yes
|
||||
interval= 4h
|
||||
integrity_check = disabled
|
||||
prefix = https://www.rfxn.com/downloads/
|
||||
url_rfxn_ndb = ${prefix}rfxn.ndb
|
||||
url_rfxn_hdb = ${prefix}rfxn.hdb
|
||||
url_rfxn_yara = ${prefix}rfxn.yara
|
||||
|
||||
[interserver]
|
||||
enabled = yes
|
||||
interval = 1d
|
||||
integrity_check = disabled
|
||||
prefix = https://sigs.interserver.net/
|
||||
url_interserver_sha256 = ${prefix}interserver256.hdb
|
||||
url_interserver_topline = ${prefix}interservertopline.db
|
||||
url_interserver_shell = ${prefix}shell.ldb
|
||||
url_interserver_whitelist = ${prefix}whitelist.fp
|
||||
|
||||
[ditekshen]
|
||||
enabled = yes
|
||||
interval = 1d
|
||||
integrity_check = disabled
|
||||
prefix = https://raw.githubusercontent.com/ditekshen/detection/master/clamav/
|
||||
url_ditekshen_ldb = ${prefix}clamav.ldb
|
||||
filename_ditekshen_ldb = ditekshen.ldb
|
||||
6
start.sh
6
start.sh
@@ -4,6 +4,12 @@ case "${1}" in
|
||||
echo "stage: ${1}"
|
||||
clamscan --version
|
||||
clamconf | sed -ne '/Database information/,/^$/p'
|
||||
for file in /var/lib/clamav/* ;
|
||||
do
|
||||
(clamscan -d $file /proc/cmdline > /dev/null 2>&1) && echo "+ ${file}" || echo "Bad Signaturefile ${file}"
|
||||
done
|
||||
echo "$(sigtool --list-sigs | wc -l) Signatures loaded"
|
||||
|
||||
;;
|
||||
scan )
|
||||
echo "stage: ${1}"
|
||||
|
||||
Reference in New Issue
Block a user