ClamAV is an open-source program designed to detect viruses, malware, and other threats on Unix and Linux operating systems. Its name is an abbreviation of “Clam Antivirus.” Although it originated in the Linux environment, it is also compatible with other operating systems, including Windows and macOS.
Here are some key aspects of ClamAV:
- Scanning Engine: ClamAV uses a virus scanning engine that is regularly updated with new virus definitions. This engine can identify and remove various types of malware, including viruses, trojans, worms, and other types of malicious software.
- Open Source: ClamAV is an open-source project, meaning its source code is available for anyone to examine, modify, and distribute. This allows the user community to contribute to the development and continuous improvement of the software.
- Common Use in Mail Servers: ClamAV is known for its common use in email servers to scan attachments and messages for malware. It can integrate with mail servers to provide an additional layer of security.
- Real-Time Threat Detection: ClamAV can operate in real-time, scanning files and directories as they are created or modified. This is particularly useful for early threat detection.
- Docker Compatibility: ClamAV has been packaged into Docker containers, such as the one you mentioned (
tiredofit/clamav), making it easy to deploy in containerized environments. - Configuration and Customization: ClamAV is highly configurable and can be adapted to different scanning needs. It allows setting specific rules and configuring the frequency of virus definition updates.
It’s important to note that while ClamAV is a valuable tool for threat detection, it is not the sole security measure needed. It is recommended to use multiple layers of security, such as firewalls, regular operating system updates, and other security programs, to provide comprehensive protection against online threats.
Now, let’s learn how we can implement it using Docker Compose.
Create a file named docker-compose.yml in the directory of your choice. You can do this with your favorite text editor. Here’s a basic example:
version: '3'
services:
clamav:
image: tiredofit/clamav
restart: always
volumes:
- /path/to/your/html:/data/html:ro
# Add other volumes as needed
Make sure to change /path/to/your/html to the actual path on your server that you want to scan.
Step 2: Start the Services
Open a terminal in the same directory as your docker-compose.yml file and run the following command to start the services:
docker-compose up -d
This command will download the ClamAV image, create the container, and start it in the background.
Step 3: Access the Container
To perform a manual scan, you first need to access the container’s shell. Use the following command:
docker exec -it container_name sh
Replace container_name with the actual name of your ClamAV container.
Step 4: Run a Manual Scan
Inside the container, use the clamhtml
Copy code
Reading time: 3 minutes
scan command to manually scan. For example, to scan the /data/html directory, run:
clamscan --infected --recursive /data/html
This command will recursively scan all files in the /data/html directory and display the results in the terminal.
Step 5: Exit the Container
Once you have performed the manual scan, you can exit the container’s shell:
exit
Step 6: Stop the Services
To stop and remove the services and containers, use the following command:
docker-compose down
With these steps, you have set up ClamAV in a Docker container and performed a manual scan on a specific directory. You can adjust the configuration according to your specific needs and add more directories to scan as necessary.
You can even run the scan from outside the container like this:
docker exec clamav clamscan --infected --recursive /data/html /data/html2
Here, I’ve included 2 directories in case you have more added.
If you want to remove infected files, you can use this command:
docker exec clamav clamscan --infected --remove --recursive /data/html /data/html2
*I do not recommend using this command as it deletes files directly.
