Skip to content

Commit

Permalink
Merge pull request #1600 from MartinBasti/fix-clamav-fix
Browse files Browse the repository at this point in the history
fix(clamav): detection of daily DB
  • Loading branch information
arewm authored Nov 12, 2024
2 parents c8998ed + 043e593 commit 1fa9e98
Showing 1 changed file with 20 additions and 4 deletions.
24 changes: 20 additions & 4 deletions task/clamav-scan/0.1/clamav-scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -100,19 +100,34 @@ spec:
interval=20 # interval between checks in seconds
elapsed=0
until [ -f /var/lib/clamav/daily.cld ] || [ "$elapsed" -ge "$timeout" ]; do
until [ -f /var/lib/clamav/ready.txt ] || [ "$elapsed" -ge "$timeout" ]; do
if (( elapsed % 60 == 0 )) && [ $elapsed -ne 0 ]; then
echo "Waiting for database to be downloaded... Elapsed time: $((elapsed / 60)) minute(s)"
fi
sleep $interval
elapsed=$((elapsed + interval))
done
if [ ! -f /var/lib/clamav/daily.cld ]; then
echo "Error: Timed out waiting for daily.cld after $((elapsed / 60)) minute(s)."
if [ ! -f /var/lib/clamav/ready.txt ] ; then
echo "Error: Timed out waiting for database download after $((elapsed / 60)) minute(s)."
exit 1
fi
DAILY_DB_FILE=""
for DB_PATH in "/var/lib/clamav/daily.cvd" "/var/lib/clamav/daily.cld"; do
if [ -f "${DB_PATH}" ]; then
DAILY_DB_FILE="${DB_PATH}"
break
fi
done
if [ -z "${DAILY_DB_FILE}" ]; then
echo "Daily DB file not found!"
exit 1
fi
db_version=$(sigtool --info "${DAILY_DB_FILE}" | grep 'Version')
echo "Scanning image for arch $arch. This operation may take a while."
clamscan $destination -ri --max-scansize=4095M --max-filesize=4095M \
--max-scantime=0 --max-files=0 --max-recursion=1000 --max-dir-recursion=20000 --max-embeddedpe=4095M \
Expand All @@ -123,7 +138,6 @@ spec:
--alert-phishing-ssl=yes --alert-phishing-cloak=yes --alert-partition-intersection=yes \
| tee /work/logs/clamscan-result-$arch.log || true
db_version=$(sigtool --info /var/lib/clamav/daily.cld | grep 'Version')
echo "Executed-on: Scan was executed on clamscan version - $(clamscan --version) Database $db_version" | tee -a "/work/logs/clamscan-result-$arch.log"
digests_processed+=("\"$arch_sha\"")
Expand Down Expand Up @@ -231,6 +245,8 @@ spec:
#!/usr/bin/env bash
clamscan --version
cp -r /var/lib/clamav/* /tmp/clamdb
echo "DB files copied"
touch /tmp/clamdb/ready.txt
volumeMounts:
- mountPath: /tmp/clamdb
name: dbfolder
Expand Down

0 comments on commit 1fa9e98

Please sign in to comment.