Add clamav container (dev-lgfs)

ministryofjustice · Jan 4, 2024 · 755ebe4 · 755ebe4
1 parent 4ddeff2
commit 755ebe4
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 1 deletion.
diff --git a/.k8s/live/dev-lgfs/deployment.yaml b/.k8s/live/dev-lgfs/deployment.yaml
@@ -20,6 +20,20 @@ spec:
     spec:
       serviceAccountName: cccd-dev-lgfs-service
       containers:
+        - name: clamav
+          image: ghcr.io/ministryofjustice/hmpps-clamav:sha-ae9a953
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: clamav
+              containerPort: 3310
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 500m
+              memory: 3Gi
+            requests:
+              cpu: 10m
+              memory: 1Gi
         - name: cccd-app
           imagePullPolicy: Always
           image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/laa-get-paid/cccd:set-me

diff --git a/config/clamd.container.conf b/config/clamd.container.conf
@@ -0,0 +1,2 @@
+TCPSocket 3310
+TCPAddr localhost
diff --git a/config/initializers/clamby.rb b/config/initializers/clamby.rb
@@ -0,0 +1,16 @@
+Clamby.configure({
+  # check: false,
+  # daemonize: true,
+  config_file: Rails.root.join('config', 'clamd.container.conf'),
+  # error_clamscan_missing: true,
+  # error_clamscan_client_error: false,
+  # error_file_missing: true,
+  # error_file_virus: false,
+  # fdpass: false,
+  stream: true,
+  # reload: false,
+  # output_level: 'medium',
+  # executable_path_clamscan: 'clamscan',
+  # executable_path_clamdscan: 'clamdscan',
+  # executable_path_freshclam: 'freshclam',
+})
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -59,7 +59,8 @@ RUN apk --update-cache upgrade \
                    postgresql-client \
                    redis \
                    runit \
-                   ttf-freefont
+                   ttf-freefont \
+                   clamav-clamdscan
 
 RUN addgroup -g 1000 -S appgroup \
 && adduser -u 1000 -S appuser -G appgroup