diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index bcae7dd7..db70933d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -108,3 +108,12 @@ updates:
labels:
- 3. to review
- dependencies
+- package-ecosystem: "docker"
+ directory: "/Containers/clamav"
+ schedule:
+ interval: "daily"
+ time: "12:00"
+ open-pull-requests-limit: 10
+ labels:
+ - 3. to review
+ - dependencies
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
new file mode 100644
index 00000000..80dac7d5
--- /dev/null
+++ b/Containers/clamav/Dockerfile
@@ -0,0 +1,9 @@
+# Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
+FROM clamav/clamav:0.104.2-2
+
+RUN echo -e '\n\
+MaxDirectoryRecursion 30\n\
+MaxFileSize 100M\n\
+PCREMaxFileSize 100M\n\
+StreamMaxLength 100M\
+' >> /clamav/etc/clamav/clamd.conf
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index c9d4f3b9..1353106b 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -304,5 +304,26 @@ php /var/www/html/occ config:app:set spreed stun_servers --value="$STUN_SERVERS"
php /var/www/html/occ config:app:set spreed turn_servers --value="$TURN_SERVERS" --output json
php /var/www/html/occ config:app:set spreed signaling_servers --value="$SIGNALING_SERVERS" --output json
+# Clamav
+if [ "$CLAMAV_ENABLED" = 'yes' ]; then
+ if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
+ php /var/www/html/occ app:install files_antivirus
+ elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
+ php /var/www/html/occ app:enable files_antivirus
+ else
+ php /var/www/html/occ app:update files_antivirus
+ fi
+ php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
+ php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
+ php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
+ php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600"
+ php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
+ php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
+else
+ if [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
+ php /var/www/html/occ app:remove files_antivirus
+ fi
+fi
+
# Remove the update skip file always
rm -f /mnt/ncdata/skip.update
diff --git a/php/containers.json b/php/containers.json
index 91b9ccea..c5a6ef6c 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -4,7 +4,8 @@
"dependsOn": [
"nextcloud-aio-nextcloud",
"nextcloud-aio-collabora",
- "nextcloud-aio-talk"
+ "nextcloud-aio-talk",
+ "nextcloud-aio-clamav"
],
"identifier": "nextcloud-aio-apache",
"displayName": "Apache",
@@ -123,7 +124,9 @@
"TURN_SECRET=%TURN_SECRET%",
"SIGNALING_SECRET=%SIGNALING_SECRET%",
"AIO_URL=%AIO_URL%",
- "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%"
+ "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
+ "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
+ "CLAMAV_HOST=nextcloud-aio-clamav"
],
"maxShutdownTime": 10,
"restartPolicy": "unless-stopped"
@@ -292,6 +295,21 @@
],
"maxShutdownTime": 1,
"restartPolicy": ""
+ },
+ {
+ "dependsOn": [],
+ "identifier": "nextcloud-aio-clamav",
+ "displayName": "ClamAV",
+ "containerName": "nextcloud/aio-clamav",
+ "ports": [],
+ "internalPorts": [
+ "3310"
+ ],
+ "environmentVariables": [],
+ "volumes": [],
+ "secrets": [],
+ "maxShutdownTime": 10,
+ "restartPolicy": "unless-stopped"
}
]
}
diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml
index 05c5a4e7..f0469f61 100644
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -18,17 +18,19 @@
$args
-
+
$request->getParsedBody()['borg_backup_host_location']
$request->getParsedBody()['domain']
+ $request->getParsedBody()['clamav']
$request->getParsedBody()['borg_backup_host_location']
$request->getParsedBody()['domain']
-
+
$request->getParsedBody()['borg_backup_host_location']
$request->getParsedBody()['domain']
+ $request->getParsedBody()['clamav']
diff --git a/php/public/disable-clamav.js b/php/public/disable-clamav.js
new file mode 100644
index 00000000..f0c0f11c
--- /dev/null
+++ b/php/public/disable-clamav.js
@@ -0,0 +1,4 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+ // Clamav
+ document.getElementById("clamav").disabled = true;
+});
\ No newline at end of file
diff --git a/php/public/index.php b/php/public/index.php
index 163fb634..97bc0eb1 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -85,6 +85,8 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
'last_backup_time' => $configurationManager->GetLastBackupTime(),
'backup_times' => $configurationManager->GetBackupTimes(),
'current_channel' => $dockerActionManger->GetCurrentChannel(),
+ 'is_x64_platform' => $configurationManager->isx64Platform(),
+ 'is_clamav_enabled' => $configurationManager->isClamavEnabled(),
]);
})->setName('profile');
$app->get('/login', function ($request, $response, $args) use ($container) {
diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js
new file mode 100644
index 00000000..f09e71cf
--- /dev/null
+++ b/php/public/options-form-submit.js
@@ -0,0 +1,14 @@
+function makeOptionsFormSubmitVisible() {
+ var optionsFormSubmit = document.getElementById("options-form-submit");
+ optionsFormSubmit.style.display = 'block';
+}
+
+document.addEventListener("DOMContentLoaded", function(event) {
+ // handle submit button for options form
+ var optionsFormSubmit = document.getElementById("options-form-submit");
+ optionsFormSubmit.style.display = 'none';
+
+ // Clamav
+ var clamav = document.getElementById("clamav");
+ clamav.addEventListener('change', makeOptionsFormSubmitVisible);
+});
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 6658d7d1..32e1d8ba 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -49,6 +49,12 @@ class ContainerDefinitionFetcher
$containers = [];
foreach ($data['production'] as $entry) {
+ if ($entry['identifier'] === 'nextcloud-aio-clamav') {
+ if (!$this->configurationManager->isClamavEnabled()) {
+ continue;
+ }
+ }
+
$ports = new ContainerPorts();
foreach ($entry['ports'] as $port) {
if($port === '%APACHE_PORT%/tcp') {
@@ -99,6 +105,16 @@ class ContainerDefinitionFetcher
);
}
+ $dependsOn = [];
+ foreach ($entry['dependsOn'] as $value) {
+ if ($value === 'nextcloud-aio-clamav') {
+ if (!$this->configurationManager->isClamavEnabled()) {
+ continue;
+ }
+ }
+ $dependsOn[] = $value;
+ }
+
$variables = new ContainerEnvironmentVariables();
foreach ($entry['environmentVariables'] as $value) {
$variables->AddVariable($value);
@@ -114,7 +130,7 @@ class ContainerDefinitionFetcher
$internalPorts,
$volumes,
$variables,
- $entry['dependsOn'],
+ $dependsOn,
$entry['secrets'],
$this->container->get(DockerActionManager::class)
);
diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php
index e43a380f..cfd2070f 100644
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -35,6 +35,17 @@ class ConfigurationController
$this->configurationManager->SetBorgBackupHostLocation($request->getParsedBody()['borg_backup_host_location']);
}
+ if (isset($request->getParsedBody()['clamav'])) {
+ $value = $request->getParsedBody()['clamav'];
+ if ($value === 'on') {
+ $this->configurationManager->SetClamavEnabledState(1);
+ } elseif ($value === 'off') {
+ $this->configurationManager->SetClamavEnabledState(0);
+ } else {
+ error_log('It seems like clamav was changed but not to on or off.');
+ }
+ }
+
return $response->withStatus(201)->withHeader('Location', '/');
} catch (InvalidSettingConfigurationException $ex) {
$response->getBody()->write($ex->getMessage());
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 0316743a..434c572d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -116,6 +116,29 @@ class ConfigurationManager
}
}
+ public function isx64Platform() : bool {
+ if (php_uname('m') === 'x86_64') {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ public function isClamavEnabled() : bool {
+ $config = $this->GetConfig();
+ if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ public function SetClamavEnabledState(int $value) : void {
+ $config = $this->GetConfig();
+ $config['isClamavEnabled'] = $value;
+ $this->WriteConfig($config);
+ }
+
/**
* @throws InvalidSettingConfigurationException
*/
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 92cf9436..342dd544 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -241,6 +241,12 @@ class DockerActionManager
$replacements[1] = $this->configurationManager->GetApachePort();
} elseif ($out[1] === 'NEXTCLOUD_MOUNT') {
$replacements[1] = $this->configurationManager->GetNextcloudMount();
+ } elseif ($out[1] === 'CLAMAV_ENABLED') {
+ if ($this->configurationManager->isClamavEnabled()) {
+ $replacements[1] = 'yes';
+ } else {
+ $replacements[1] = '';
+ }
} else {
$replacements[1] = $this->configurationManager->GetSecret($out[1]);
}
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index e5ca4db0..c32862ff 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -286,10 +286,24 @@
{% endif %}
{% endif %}
{% endif %}
- Optional
- In this section, you will find optional addons in the future.
- It will disable the ability to change them when any containers are running and allow to change them when they are stopped.
- Also, it will display possible sections for optional addons. (which itself will be displayed when enabled and running).
+ {% if isBackupContainerRunning == false %}
+ Optional
+ In this section, you can find optional addons.