clamav-docker icon indicating copy to clipboard operation
clamav-docker copied to clipboard
verified publisher icon Cisco-Talos

Support for changing clamd settings without volume mounting full config

Open sopelt opened this issue 2 years ago • 3 comments

Hi, thanks for providing an official docker image. Before that was available we looked at third party clamav docker images and were quite happy with the concept of having multiple environment variables that allowed changing setting (e.g. scan time/size limits etc.) just by changing a container environment variable. This allows for stateless deployment/operation (no volume mount for /etc/clam...). Has there ever been demand for/discussion about such a change? As far as I understand clamd uses clamd.conf as its exclusive source for options meaning the environment variables would have to be injected (e.g. via sed) in the entrypoint before starting clamd. If you would be open to such an inclusion I could provide a draft PR/work on that.

sopelt avatar Oct 05 '23 07:10 sopelt

I believe there was a request a while back to add environment variables for every possible clamd configuration. Though to be honest I'm having trouble finding it. It sounds like a convenient feature, but a lot of work.

Sort of related, there was this PR for clamav to make sure there are command line options for every config option: https://github.com/Cisco-Talos/clamav/pull/841 I just now realized the author added commits after my initial review. I will have to go re-review it. I don't think it solves the same problem though.

val-ms avatar Nov 10 '23 00:11 val-ms

with https://github.com/mko-x/docker-clamav you can do that without specifying each env var, although this has not been documented

you can supply the env CLAMD_CONF_StreamMaxLength=3000M and it will be appended to the clamd config

see here

https://github.com/mko-x/docker-clamav/blob/136fd83e5a7bad2e63fc87497be45d11eb838e94/debian/buster/envconfig.sh#L17-L23

@micahsnyder would that be an option to implement this?

Loki-Afro avatar Jan 03 '24 10:01 Loki-Afro

@mko-x I am interested in copying your solution to specify each config option with an environment variable. Have you run into any issues with your implementation. Are you comfortable with us copypasting this code into the clamav and clamav-debian containers?

val-ms avatar Feb 02 '24 19:02 val-ms

Thanks @micahsnyder , @rsundriyal and @Loki-Afro (and the OGs @mko-x ) for looking into this!

I'll give it a try soon but looking at the PR I am positive, that it will work like a charm. When will this likely hit the images at docker hub?

Thanks again and have a nice weekend!

sopelt avatar Nov 22 '24 07:11 sopelt