Add clamav container (dev-lgfs)

ministryofjustice · Jan 4, 2024 · 3922716 · 3922716
1 parent 4ddeff2
commit 3922716
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 1 deletion.
diff --git a/.k8s/live/dev-lgfs/deployment.yaml b/.k8s/live/dev-lgfs/deployment.yaml
@@ -20,6 +20,20 @@ spec:
     spec:
       serviceAccountName: cccd-dev-lgfs-service
       containers:
+        - name: clamav
+          image: ghcr.io/ministryofjustice/hmpps-clamav:sha-ae9a953
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: clamav
+              containerPort: 3310
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 500m
+              memory: 3Gi
+            requests:
+              cpu: 10m
+              memory: 1Gi
         - name: cccd-app
           imagePullPolicy: Always
           image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/laa-get-paid/cccd:set-me

diff --git a/config/clamd.container.conf b/config/clamd.container.conf
@@ -0,0 +1,3 @@
+TCPSocket 3310
+TCPAddr localhost
+LogFile /usr/src/app/tmp/clamd.log
diff --git a/config/initializers/clamby.rb b/config/initializers/clamby.rb
@@ -0,0 +1,16 @@
+Clamby.configure({
+  # check: false,
+  # daemonize: true,
+  config_file: Rails.root.join('config', 'clamd.container.conf'),
+  # error_clamscan_missing: true,
+  # error_clamscan_client_error: false,
+  # error_file_missing: true,
+  # error_file_virus: false,
+  # fdpass: false,
+  stream: true,
+  # reload: false,
+  # output_level: 'medium',
+  # executable_path_clamscan: 'clamscan',
+  # executable_path_clamdscan: 'clamdscan',
+  # executable_path_freshclam: 'freshclam',
+})
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -59,14 +59,24 @@ RUN apk --update-cache upgrade \
                    postgresql-client \
                    redis \
                    runit \
-                   ttf-freefont
+                   ttf-freefont \
+                   clamav-clamdscan \
+                   nmap \
+                   iputils \
+                   busybox-extras
 
 RUN addgroup -g 1000 -S appgroup \
 && adduser -u 1000 -S appuser -G appgroup
 
 COPY --from=builder /usr/local/bundle/ /usr/local/bundle/
 COPY --from=builder --chown=appuser:appgroup $APP_HOME $APP_HOME
 
+RUN mkdir /etc/clamav
+RUN echo TCPSocket 3310 >> /etc/clamav/clamd.conf
+RUN echo TCPAddr localhost >> /etc/clamav/clamd.conf
+RUN echo LogFile /var/log/clamd.log >> /etc/clamav/clamd.conf
+RUN touch /var/log/clamd.log
+
 ARG VERSION_NUMBER
 ARG COMMIT_ID
 ARG BUILD_DATE