clamav icon indicating copy to clipboard operation
clamav copied to clipboard

Published 20 hours ago verified publisher icon Cisco-Talos

Feature request: Configuration via environment variables for docker

Open erhan- opened this issue 2 years ago • 1 comments

Dear clamav team,

how about the idea making the configuration of clamd and clam possible via environment variables in the docker image?

Thanks for your help.

erhan- avatar May 30 '22 07:05 erhan-

Hey team, it would be nice if you could implement environment variables in the docker image

ValeruS avatar Jul 15 '22 10:07 ValeruS

It would be a great addition in the direction of more cloud compliance.

Creating mount point via docker and updating configuration file can be done but add complexity. Firt run can be more complicated (run, edit file, restart); "docker run" | "compose up" is not sufficient and you've got to manage filesystem and ACL. For automatisation you've have to déploy clavamv container and configuration file. Rebase image can be done but for security and confidance it's better to keep with base image.

With environment variables, clamav container can live standalone, you can confgure it for exemple in a PaaS environnement via simple variables.

Personnaly i'am first interested in StreamMaxLength, as this limit may vary beetwen Clamav instances. A more general approch with all variables supported by Clamd and Fresclam would would be great, for exemple in he same way this is done by mko-x docker image : https://github.com/mko-x/docker-clamav/blob/master/alpine/main/envconfig.sh

airone-x1 avatar Oct 17 '22 10:10 airone-x1

My usecase is also StreamMaxLength by the way. I had to create a new image.

erhan- avatar Oct 17 '22 19:10 erhan-

Hello clamav team ;)

What's your opinion about this request ? Can we do something to help ?

Kind regards

airone-x1 avatar Oct 27 '22 09:10 airone-x1

Hello clamav team ;)

What's your opinion about this request ? Can we do something to help ?

Kind regards

This is very interesting. I'm not opposed. We'll talk about it after the release. If we can do it entirely from within Dockerfile scripts rather than having to make changes to clamd, that would be ideal.

I can't promise our team will work on this any time soon.

micahsnyder avatar Nov 02 '22 22:11 micahsnyder

@micahsnyder I just found this issue, in the meantime, it would be great if the documentation clearly said it is not supported. Because I just spent an hour searching the internet and found contradictory information. Though they mainly come from 3rd party projects, e.g. https://github.com/tiredofit/docker-clamav/tree/main#environment-variables

I can use AWS EFS to attach a volume to the Fargate container with the config file. The question is, can I do the same for clam_db? Are there any limits or anything I should know if the volume is a network mount? Though EFS is reasonably fast most of the time for the scale of our solutions. Thank you

1oglop1 avatar Apr 07 '23 13:04 1oglop1

it would be great if the documentation clearly said it is not supported. Because I just spent an hour searching the internet and found contradictory information.

@1oglop1 I don't think it's reasonable for us to document features that don't exist. That's a precedent I don't care to set. It is interesting to see there is a third party docker container with this feature though.

I can use AWS EFS to attach a volume to the Fargate container with the config file. The question is, can I do the same for clam_db?

Yes, you can do this. Here is an example with plain docker, overriding the /etc/clamav directory: https://docs.clamav.net/manual/Installing/Docker.html#controlling-the-container

micahsnyder avatar Apr 07 '23 19:04 micahsnyder