Hi everyone
I have a scenario where I need to run Clamonacc to watch a filesystem
inside a Docker container, but clamd must be outside of the container on
the host. I can't find any documentation that describes that scenario,
nor anything that says it's not possible but I have seen references in
bug reports and forum posts where people discussed using clamonacc with
a TCP socket to clamd, which I assume would work for this scenario, but
how it was configured was not covered.
I've tried mapping the clam.ctl socket from the host into the container
in the location specified in clamd.conf, running the container with
--add-cap SYS_ADMIN, then running clamonacc manually inside the
container with --stream and pointing it at clamd.conf, but I can still
cat the eicar.com file in the watched directory.
LocalSocket /var/run/clamav/clamd.ctl
OnAccessMaxFileSize 5M
OnAccessPrevention true
OnAccessIncludePath /tmp
OnAccessExcludeUname clamav
Can anybody advise on whether this is achievable and point me in the
right direction?
Regards,
Adam Sweet
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
I have a scenario where I need to run Clamonacc to watch a filesystem
inside a Docker container, but clamd must be outside of the container on
the host. I can't find any documentation that describes that scenario,
nor anything that says it's not possible but I have seen references in
bug reports and forum posts where people discussed using clamonacc with
a TCP socket to clamd, which I assume would work for this scenario, but
how it was configured was not covered.
I've tried mapping the clam.ctl socket from the host into the container
in the location specified in clamd.conf, running the container with
--add-cap SYS_ADMIN, then running clamonacc manually inside the
container with --stream and pointing it at clamd.conf, but I can still
cat the eicar.com file in the watched directory.
LocalSocket /var/run/clamav/clamd.ctl
OnAccessMaxFileSize 5M
OnAccessPrevention true
OnAccessIncludePath /tmp
OnAccessExcludeUname clamav
Can anybody advise on whether this is achievable and point me in the
right direction?
Regards,
Adam Sweet
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat