- Both stages on alpine:3.23 (was python:3-alpine + alpine:latest).
Major.minor pin gives security patches without breaking on rebase.
- fangfrisch installed in /opt/fangfrisch venv (PEP 668 blocks
system pip on modern Alpine).
- Drop deprecated MAINTAINER instruction in favour of LABEL.
- test_smoke.sh: image present + version + sig count + EICAR.
Validated end-to-end on amd64 Linux: ClamAV 1.4.4, 3.85M sigs.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
clamscan single-threaded scans were the LS26 bottleneck. Daemon mode
parallelises across MaxThreads=8 and only loads signatures once.
- Add clamav-daemon + clamav-clamdscan packages.
- start.sh::start_clamd waits up to 60s for /tmp/clamd.sock.
- New clamd.conf: MaxThreads 8, DetectPUA, AlertOLE2Macros,
ExcludePath ^/data/(proc|sys|dev|run)/, log to /tmp/clamd.log.
- Drop final USER user so clamd can own its socket as clamav.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
tobias