From 755ebe487a7dc4513c5b4cbeb3b61f577a8db417 Mon Sep 17 00:00:00 2001
From: Joe Haig <joseph.haig@digital.justice.gov.uk>
Date: Wed, 3 Jan 2024 15:42:50 +0000
Subject: [PATCH] Add clamav container (dev-lgfs)

---
 .k8s/live/dev-lgfs/deployment.yaml | 14 ++++++++++++++
 config/clamd.container.conf        |  2 ++
 config/initializers/clamby.rb      | 16 ++++++++++++++++
 docker/Dockerfile                  |  3 ++-
 4 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 config/clamd.container.conf
 create mode 100644 config/initializers/clamby.rb

diff --git a/.k8s/live/dev-lgfs/deployment.yaml b/.k8s/live/dev-lgfs/deployment.yaml
index e61af419d6..6da78a34f7 100644
--- a/.k8s/live/dev-lgfs/deployment.yaml
+++ b/.k8s/live/dev-lgfs/deployment.yaml
@@ -20,6 +20,20 @@ spec:
     spec:
       serviceAccountName: cccd-dev-lgfs-service
       containers:
+        - name: clamav
+          image: ghcr.io/ministryofjustice/hmpps-clamav:sha-ae9a953
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: clamav
+              containerPort: 3310
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 500m
+              memory: 3Gi
+            requests:
+              cpu: 10m
+              memory: 1Gi
         - name: cccd-app
           imagePullPolicy: Always
           image: 754256621582.dkr.ecr.eu-west-2.amazonaws.com/laa-get-paid/cccd:set-me
diff --git a/config/clamd.container.conf b/config/clamd.container.conf
new file mode 100644
index 0000000000..5727b141c4
--- /dev/null
+++ b/config/clamd.container.conf
@@ -0,0 +1,2 @@
+TCPSocket 3310
+TCPAddr localhost
diff --git a/config/initializers/clamby.rb b/config/initializers/clamby.rb
new file mode 100644
index 0000000000..b3c2aa358a
--- /dev/null
+++ b/config/initializers/clamby.rb
@@ -0,0 +1,16 @@
+Clamby.configure({
+  # check: false,
+  # daemonize: true,
+  config_file: Rails.root.join('config', 'clamd.container.conf'),
+  # error_clamscan_missing: true,
+  # error_clamscan_client_error: false,
+  # error_file_missing: true,
+  # error_file_virus: false,
+  # fdpass: false,
+  stream: true,
+  # reload: false,
+  # output_level: 'medium',
+  # executable_path_clamscan: 'clamscan',
+  # executable_path_clamdscan: 'clamdscan',
+  # executable_path_freshclam: 'freshclam',
+})
\ No newline at end of file
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 42dc7a0a68..2a5f8a5fb9 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -59,7 +59,8 @@ RUN apk --update-cache upgrade \
                    postgresql-client \
                    redis \
                    runit \
-                   ttf-freefont
+                   ttf-freefont \
+                   clamav-clamdscan
 
 RUN addgroup -g 1000 -S appgroup \
 && adduser -u 1000 -S appuser -G appgroup