irt/docker_clamav
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Move to staged build fangfish for signature updates

Browse Source
This commit is contained in:
tabledevil
2024-02-01 13:47:32 +01:00
parent e7fafb7802
commit c4081cd5fd
3 changed files with 138 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
Dockerfile
View File

@@ -1,30 +1,27 @@
FROM python:3-alpine as builder
RUN apk add -u --no-cache clamav clamav-dev freshclam bash clamav-libunrar
RUN pip install fangfrisch
RUN mkdir -m 0770 -p /var/lib/fangfrisch
RUN chgrp clamav /var/lib/fangfrisch
ADD fangfrisch.conf /etc/fangfrisch.conf
USER clamav
RUN fangfrisch --conf /etc/fangfrisch.conf initdb
RUN fangfrisch --conf /etc/fangfrisch.conf refresh
RUN freshclam
FROM alpine FROM alpine
ARG PUID=1001 ARG PUID=1001
ARG PGID=1001 ARG PGID=1001
MAINTAINER tabledevil MAINTAINER tabledevil
#install clamav RUN apk add -u --no-cache clamav bash clamav-libunrar
RUN apk add -u --no-cache clamav clamav-dev freshclam bash COPY --from=builder /var/lib/clamav /var/lib/clamav
#ADD unofficial signatures to freshclam
RUN echo 'DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb' >> /etc/clamav/freshclam.conf
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/badmacro.ndb' >> /etc/clamav/freshclam.conf
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/blurl.ndb' >> /etc/clamav/freshclam.conf
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/junk.ndb' >> /etc/clamav/freshclam.conf
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbl.ndb' >> /etc/clamav/freshclam.conf
RUN echo 'DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/lott.ndb' >> /etc/clamav/freshclam.conf
RUN echo 'DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinclams.ldb' >> /etc/clamav/freshclam.conf
RUN echo 'DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinwave.ign2' >> /etc/clamav/freshclam.conf
#RUN freshclam
RUN freshclam
#add startscript #add startscript
ADD start.sh /start.sh ADD start.sh /start.sh
RUN chmod +x /start.sh RUN chmod +x /start.sh
#customize clamav config #customize clamav config
RUN sed -ie 's/#DetectPUA yes/DetectPUA yes/p' /etc/clamav/clamd.conf RUN sed -ie 's/#DetectPUA yes/DetectPUA yes/p' /etc/clamav/clamd.conf
RUN sed -ie 's/#AlertOLE2Macros yes/AlertOLE2Macros yes/p' /etc/clamav/clamd.conf RUN sed -ie 's/#AlertOLE2Macros yes/AlertOLE2Macros yes/p' /etc/clamav/clamd.conf
#make freshclam suid so user can run it
RUN chown root /usr/bin/freshclam
RUN chmod u+s /usr/bin/freshclam
#add user #add user
RUN addgroup -g ${PGID} user && \ RUN addgroup -g ${PGID} user && \
adduser -D -u ${PUID} -G user user adduser -D -u ${PUID} -G user user

118
fangfrisch.conf Normal file
View File

@@ -0,0 +1,118 @@
[DEFAULT]
cleanup = automatic
enabled = false
integrity_check = sha256
log_level = INFO
log_method = console
max_size = 10MB
db_url = sqlite:////var/lib/fangfrisch/db.sqlite
local_directory = /var/lib/clamav
on_update_timeout = 60
[urlhaus]
enabled = yes
max_size = 5MB
[twinwave]
enabled = yes
max_size = 5M
integrity_check = disabled
interval = 1h
prefix = https://raw.githubusercontent.com/twinwave-security/twinclams/master/
url_twinclams = ${prefix}twinclams.ldb
url_twinwave_ign2 = ${prefix}twinwave.ign2
[sanesecurity]
enabled = yes
interval = 2h
prefix = http://ftp.swin.edu.au/sanesecurity/
!url_foxhole_all_cdb = ${prefix}foxhole_all.cdb
!url_foxhole_all_ndb = ${prefix}foxhole_all.ndb
!url_foxhole_mail = ${prefix}foxhole_mail.cdb
!url_scamnailer = ${prefix}scamnailer.ndb
!url_winnow_phish_complete = ${prefix}winnow_phish_complete.ndb
url_badmacro = ${prefix}badmacro.ndb
url_blurl = ${prefix}blurl.ndb
url_bofhland_cracked_url = ${prefix}bofhland_cracked_URL.ndb
url_bofhland_malware_attach = ${prefix}bofhland_malware_attach.hdb
url_bofhland_malware_url = ${prefix}bofhland_malware_URL.ndb
url_bofhland_phishing_url = ${prefix}bofhland_phishing_URL.ndb
url_foxhole_filename = ${prefix}foxhole_filename.cdb
url_foxhole_generic = ${prefix}foxhole_generic.cdb
url_foxhole_js_cdb = ${prefix}foxhole_js.cdb
url_foxhole_js_ndb = ${prefix}foxhole_js.ndb
url_hackingteam = ${prefix}hackingteam.hsb
url_junk = ${prefix}junk.ndb
url_jurlbl = ${prefix}jurlbl.ndb
url_jurlbla = ${prefix}jurlbla.ndb
url_lott = ${prefix}lott.ndb
url_malwareexpert_fp = ${prefix}malware.expert.fp
url_malwareexpert_hdb = ${prefix}malware.expert.hdb
url_malwareexpert_ldb = ${prefix}malware.expert.ldb
url_malwareexpert_ndb = ${prefix}malware.expert.ndb
url_malwarehash = ${prefix}malwarehash.hsb
url_phish = ${prefix}phish.ndb
url_phishtank = ${prefix}phishtank.ndb
url_porcupine = ${prefix}porcupine.ndb
url_rogue = ${prefix}rogue.hdb
url_scam = ${prefix}scam.ndb
url_shelter = ${prefix}shelter.ldb
url_spamattach = ${prefix}spamattach.hdb
url_spamimg = ${prefix}spamimg.hdb
url_spear = ${prefix}spear.ndb
url_spearl = ${prefix}spearl.ndb
url_winnow_attachments = ${prefix}winnow.attachments.hdb
url_winnow_bad_cw = ${prefix}winnow_bad_cw.hdb
url_winnow_extended_malware = ${prefix}winnow_extended_malware.hdb
url_winnow_extended_malware_links = ${prefix}winnow_extended_malware_links.ndb
url_winnow_malware = ${prefix}winnow_malware.hdb
url_winnow_malware_links = ${prefix}winnow_malware_links.ndb
url_winnow_phish_complete_url = ${prefix}winnow_phish_complete_url.ndb
url_winnow_spam_complete = ${prefix}winnow_spam_complete.ndb
[malwarepatrol]
enabled=yes
interval = 1d
integrity_check = disabled
product = 8
receipt = you_forgot_to_configure_receipt
prefix = https://lists.malwarepatrol.net/cgi/getfile?product=${product}&receipt=${receipt}&list=
url_clamav_basic = ${prefix}clamav_basic
filename_clamav_basic = malwarepatrol.db
[clampunch]
enabled = yes
max_size = 2M
integrity_check = disabled
interval = 24h
prefix = https://raw.githubusercontent.com/wmetcalf/clam-punch/master/
url_miscreantpunch099low = ${prefix}MiscreantPunch099-Low.ldb
url_exexor99 = ${prefix}exexor99.ldb
url_miscreantpuchhdb = ${prefix}miscreantpunch.hdb
[rfxn]
enabled = yes
interval= 4h
integrity_check = disabled
prefix = https://www.rfxn.com/downloads/
url_rfxn_ndb = ${prefix}rfxn.ndb
url_rfxn_hdb = ${prefix}rfxn.hdb
url_rfxn_yara = ${prefix}rfxn.yara
[interserver]
enabled = yes
interval = 1d
integrity_check = disabled
prefix = https://sigs.interserver.net/
url_interserver_sha256 = ${prefix}interserver256.hdb
url_interserver_topline = ${prefix}interservertopline.db
url_interserver_shell = ${prefix}shell.ldb
url_interserver_whitelist = ${prefix}whitelist.fp
[ditekshen]
enabled = yes
interval = 1d
integrity_check = disabled
prefix = https://raw.githubusercontent.com/ditekshen/detection/master/clamav/
url_ditekshen_ldb = ${prefix}clamav.ldb
filename_ditekshen_ldb = ditekshen.ldb

6
start.sh
View File

@@ -4,6 +4,12 @@ case "${1}" in
echo "stage: ${1}" echo "stage: ${1}"
clamscan --version clamscan --version
clamconf | sed -ne '/Database information/,/^$/p' clamconf | sed -ne '/Database information/,/^$/p'
for file in /var/lib/clamav/* ;
do
(clamscan -d $file /proc/cmdline > /dev/null 2>&1) && echo "+ ${file}" || echo "Bad Signaturefile ${file}"
done
echo "$(sigtool --list-sigs | wc -l) Signatures loaded"
;; ;;
scan ) scan )
echo "stage: ${1}" echo "stage: ${1}"