From 66dc0bc7d62588653d5c7fd28a5974d903038f08 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 9 Jul 2024 15:01:27 +0200 Subject: [PATCH] clamav - adjust max filesize conditionally Signed-off-by: Simon L. --- Containers/clamav/Dockerfile | 11 ++++++----- Containers/clamav/clamav.conf | 7 ++++--- Containers/clamav/start.sh | 11 +++++++++++ Containers/nextcloud/entrypoint.sh | 4 ++-- php/containers.json | 2 ++ 5 files changed, 25 insertions(+), 10 deletions(-) create mode 100644 Containers/clamav/start.sh diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index f70864ec..8a05cb1a 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,14 +1,13 @@ # syntax=docker/dockerfile:latest -# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile +# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile FROM clamav/clamav:1.3.1-59 -COPY clamav.conf /tmp/clamav.conf +COPY clamav.conf /clamav.conf +COPY --chmod=775 start.sh /start.sh RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache tzdata; \ - cat /tmp/clamav.conf >> /etc/clamav/clamd.conf; \ - rm /tmp/clamav.conf; \ + apk add --no-cache tzdata bash; \ mkdir -p /var/run/clamav /run/lock; \ chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \ chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp @@ -18,3 +17,5 @@ VOLUME /var/lib/clamav USER clamav LABEL com.centurylinklabs.watchtower.enable="false" + +ENTRYPOINT ["/start.sh"] diff --git a/Containers/clamav/clamav.conf b/Containers/clamav/clamav.conf index 1de35086..0b781bd3 100644 --- a/Containers/clamav/clamav.conf +++ b/Containers/clamav/clamav.conf @@ -1,4 +1,5 @@ +# AIO settings MaxDirectoryRecursion 30 -MaxFileSize 100M -PCREMaxFileSize 100M -StreamMaxLength 100M +MaxFileSize 10G +PCREMaxFileSize 10G +StreamMaxLength 10G diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh new file mode 100644 index 00000000..416ecd06 --- /dev/null +++ b/Containers/clamav/start.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# Adjust settings +cat /etc/clamav/clamd.conf > /tmp/clamd.conf +CLAMAV_FILE="$(sed "s|10G|$MAX_SIZE|" /clamav.conf)" +echo "$CLAMAV_FILE" >> /tmp/clamd.conf + +# Call initial init +exec /init --config-file="/tmp/clamd.conf" + +exec "$@" diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 3912734d..8f564241 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -733,8 +733,8 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon" php /var/www/html/occ config:app:set files_antivirus av_port --value="3310" php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST" - php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600" - php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="104857600" + php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE" + php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE" php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log" fi else diff --git a/php/containers.json b/php/containers.json index ffead0d8..b18e18d0 100644 --- a/php/containers.json +++ b/php/containers.json @@ -204,6 +204,7 @@ "TALK_PORT=%TALK_PORT%", "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%", "IMAGINARY_HOST=nextcloud-aio-imaginary", + "CLAMAV_MAX_SIZE=%APACHE_MAX_SIZE%", "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%", "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%", "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%", @@ -575,6 +576,7 @@ "internal_port": "3310", "environment": [ "TZ=%TIMEZONE%", + "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%", "CLAMD_STARTUP_TIMEOUT=90" ], "volumes": [