clamav-rest

Table of Contents

• Introduction

• Prerequisites

• Installation

• Quick Start

  • Status Codes

• Configuration

  • Environment Variables
  • Networking

• Maintenance / Monitoring

  • Shell Access

• Developing

• References

Introduction

This is two in one docker image so it runs open source virus scanner ClamAV (https://www.clamav.net/), automatic virus definition updates as background process and REST API interface to interact with ClamAV process.

Updates

As of May 2024, the releases are built for multiple architectures thanks to efforts from kcirtapfromspace.

The additional endpoint /version is now available to check the clamd version and signature date. Thanks pastral.

Closed a security hole by upgrading our Dockerfile to the alpine base image version 3.19 thanks to Marsup.

Prerequisites

This container doesn't do much on it's own unless you use an additional service or communicator to talk to it!

Installation

Automated builds of the image are available on Registry and is the recommended method of installation.

docker pull hub.docker.com/ajilaag/clamav-rest:(imagetag)

The following image tags are available:

• latest - Most recent release of ClamAV with REST API
• YYYYMMDD - The day of the release
• sha-... - The git commit sha. This version ensures that the exact image is used and will be unique for each build

Quick Start

Run clamav-rest docker image:

docker run -p 9000:9000 -p 9443:9443 -itd --name clamav-rest ajilaag/clamav-rest

Test that service detects common test virus signature:

HTTP

$ curl -i -F "file=@eicar.com.txt" http://localhost:9000/scan
HTTP/1.1 100 Continue

HTTP/1.1 406 Not Acceptable
Content-Type: application/json; charset=utf-8
Date: Mon, 28 Aug 2017 20:22:34 GMT
Content-Length: 56

{ "Status": "FOUND", "Description": "Eicar-Test-Signature" }

HTTPS

$ curl -i -k -F "file=@eicar.com.txt" https://localhost:9443/scan
HTTP/1.1 100 Continue

HTTP/1.1 406 Not Acceptable
Content-Type: application/json; charset=utf-8
Date: Mon, 28 Aug 2017 20:22:34 GMT
Content-Length: 56

{ "Status": "FOUND", "Description": "Eicar-Test-Signature" }

Test that service returns 200 for clean file:

HTTP

$ curl -i -F "file=@clamrest.go" http://localhost:9000/scan

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Date: Mon, 28 Aug 2017 20:23:16 GMT
Content-Length: 33

{ "Status": "OK", "Description": "" }

HTTPS

$ curl -i -k -F "file=@clamrest.go" https://localhost:9443/scan

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Date: Mon, 28 Aug 2017 20:23:16 GMT
Content-Length: 33

{ "Status": "OK", "Description": "" }

Status Codes

• 200 - clean file = no KNOWN infections
• 400 - ClamAV returned general error for file
• 406 - INFECTED
• 412 - unable to parse file
• 501 - unknown request

Configuration

Environment Variables

Below is the complete list of available options that can be used to customize your installation.

Networking

Maintenance / Monitoring

Shell Access

For debugging and maintenance purposes you may want access the containers shell.

docker exec -it (whatever your container name is e.g. clamav-rest) /bin/sh

Prometheus

Prometheus metrics were implemented, which can be retrieved as follows

HTTP: curl http://localhost:9000/metrics

HTTPS: curl https://localhost:9443/metrics

Developing

Source Code can be found here: https://github.com/ajilach/clamav-rest

Build golang (linux) binary and docker image:

# env GOOS=linux GOARCH=amd64 go build
docker build . -t clamav-go-rest
docker run -p 9000:9000 -p 9443:9443 -itd --name clamav-rest clamav-go-rest

References

• https://www.clamav.net
• https://github.com/ajilach/clamav-rest