Merge pull request #50 from UKHomeOffice/102_1

Update ClamAV version to 0.102.1
UKHomeOffice · Feb 13, 2020 · 0564fa5 · 0564fa5
2 parents d298d2c + a28d6f7
commit 0564fa5
Show file tree

Hide file tree

Showing 9 changed files with 27 additions and 107 deletions.
diff --git a/.travis.yml b/.travis.yml
diff --git a/Dockerfile b/Dockerfile
@@ -1,52 +1,32 @@
-FROM quay.io/ukhomeofficedigital/centos-base:latest
+FROM alpine:3.11
 
-ENV CLAM_VERSION=0.101.3
+ENV CLAM_VERSION=0.102.1-r0
 
-RUN yum update -y -q && \
-    yum install -y -q gcc-c++ openssl-devel wget make
-
-COPY talos.pub /tmp/talos.pub
-
-RUN wget -nv https://www.clamav.net/downloads/production/clamav-${CLAM_VERSION}.tar.gz && \
-    wget -nv https://www.clamav.net/downloads/production/clamav-${CLAM_VERSION}.tar.gz.sig &&  \
-    gpg --import /tmp/talos.pub && \
-    gpg --decrypt clamav-${CLAM_VERSION}.tar.gz.sig && \
-    tar xzf clamav-${CLAM_VERSION}.tar.gz && \
-    cd clamav-${CLAM_VERSION} && \
-    ./configure && \
-    make && make install && \
-    rm -rf /clamav-${CLAM_VERSION} && \
-    rm -rf /tmp/talos.pub && \
-    yum remove -y -q wget make gcc-c++ openssl-devel kernel-headers && \
-    yum clean all
+RUN apk add --no-cache clamav=$CLAM_VERSION clamav-libunrar=$CLAM_VERSION
 
 # Add clamav user
-RUN groupadd -r clamav && \
-    useradd -r -g clamav -u 1000 clamav -d /var/lib/clamav && \
+RUN adduser -S -G clamav -u 1000 clamav_user -h /var/lib/clamav && \
     mkdir -p /var/lib/clamav && \
     mkdir /usr/local/share/clamav && \
-    chown -R clamav:clamav /var/lib/clamav /usr/local/share/clamav
+    chown -R clamav_user:clamav /var/lib/clamav /usr/local/share/clamav /etc/clamav
 
 # Configure Clam AV...
-RUN chown clamav:clamav -R /usr/local/etc/
-COPY --chown=clamav:clamav ./*.conf /usr/local/etc/
-COPY --chown=clamav:clamav eicar.com /
-COPY --chown=clamav:clamav ./readyness.sh /
-
-# initial update of av databases
-RUN freshclam && \
-    chown clamav:clamav /var/lib/clamav/*.cvd
+COPY --chown=clamav_user:clamav ./*.conf /etc/clamav/
+COPY --chown=clamav_user:clamav eicar.com /
+COPY --chown=clamav_user:clamav ./readyness.sh /
 
 # permissions
 RUN mkdir /var/run/clamav && \
-    chown clamav:clamav /var/run/clamav && \
+    chown clamav_user:clamav /var/run/clamav && \
     chmod 750 /var/run/clamav
 
 USER 1000
 
-VOLUME /var/lib/clamav
+# initial update of av databases
+RUN freshclam
 
-COPY --chown=clamav:clamav docker-entrypoint.sh /
+VOLUME /var/lib/clamav
+COPY --chown=clamav_user:clamav docker-entrypoint.sh /
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 

diff --git a/README.md b/README.md
@@ -1,7 +1,5 @@
 # Docker ClamAV
 
-[![Build Status](https://travis-ci.org/UKHomeOffice/docker-clamav.svg?branch=master)](https://travis-ci.org/UKHomeOffice/docker-clamav)
-
 Docker container for starting a [ClamAV](http://www.clamav.net/) daemon.
 
 ## Getting Started

diff --git a/ci-build.sh b/ci-build.sh
@@ -18,8 +18,8 @@ function tear_down() {
 }
 
 function wait_until_started() {
-    max_retries=20
-    wait_time=${WAIT_TIME:-5}
+    max_retries=10
+    wait_time=${WAIT_TIME:-30}
     retries=0
     cmd="$*"
     if [[ $cmd == WARNING* ]]; then
@@ -91,7 +91,7 @@ echo "=========="
 echo "TESTING FRESHCLAM PROCESS..."
 echo "=========="
 
-RUN_FRESHCLAM_TEST='docker exec -t clamav bash -c "freshclam" | grep -q "bytecode.cvd is up to date"'
+RUN_FRESHCLAM_TEST='docker exec -t clamav sh -c "freshclam" | grep -q "bytecode.cvd already up-to-date"'
 if ! wait_until_started "${RUN_FRESHCLAM_TEST}"; then
     echo "Error, not started in time..."
     docker logs clamav
@@ -102,7 +102,7 @@ echo "=========="
 echo "TESTING CLAMD PROCESS..."
 echo "=========="
 
-RUN_CLAMD_TEST='docker exec -t clamav bash -c "clamdscan /eicar.com" | grep -q "Infected files: 1"'
+RUN_CLAMD_TEST='docker exec -t clamav sh -c "clamdscan /eicar.com" | grep -q "Infected files: 1"'
 if ! wait_until_started "${RUN_CLAMD_TEST}"; then
     echo "Error, not started in time..."
     docker logs clamav

diff --git a/clamav-rest/Dockerfile b/clamav-rest/Dockerfile
@@ -1,9 +1,9 @@
-FROM openjdk:14-alpine as builder
+FROM openjdk:15-alpine as builder
 COPY . .
 RUN apk add maven && mvn install -DskipTests
 RUN find / | grep clamav-rest-.*.jar
 
-FROM openjdk:14-alpine
+FROM openjdk:15-alpine
 
 RUN apk -U upgrade && apk -U add curl
 

diff --git a/clamav-rest/pom.xml b/clamav-rest/pom.xml
@@ -8,7 +8,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>2.1.7.RELEASE</version>
+    <version>2.1.12.RELEASE</version>
   </parent>
 
   <groupId>fi.solita.clamav</groupId>
@@ -73,7 +73,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>2.9.9.3</version>
+      <version>2.9.10.2</version>
     </dependency>
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
@@ -129,7 +129,7 @@
       <plugin>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-maven-plugin</artifactId>
-        <version>2.1.7.RELEASE</version>
+        <version>2.1.12.RELEASE</version>
       </plugin>
     </plugins>
   </build>

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 # bootstrap clam av service and clam av database updater
 set -m
 
@@ -24,9 +24,9 @@ function process_file() {
     fi
 }
 
-process_file "${CLAMD_SETTINGS_CSV}" /usr/local/etc/clamd.conf
-process_file "${FRESHCLAM_SETTINGS_CSV}" /usr/local/etc/freshclam.conf
+process_file "${CLAMD_SETTINGS_CSV}" /etc/clamav/clamd.conf
+process_file "${FRESHCLAM_SETTINGS_CSV}" /etc/clamav/freshclam.conf
 
 # start in background
 freshclam -d &
-clamd 
+clamd
diff --git a/freshclam.conf b/freshclam.conf
@@ -13,7 +13,7 @@ DatabaseDirectory /var/lib/clamav
 
 # Path to the log file (make sure it has proper permissions)
 # Default: disabled
-#UpdateLogFile /dev/stdout
+# UpdateLogFile /dev/stdout
 
 # Maximum size of the log file.
 # Value of 0 disables the limit.

diff --git a/talos.pub b/talos.pub