Skip to content

itpetey/clamav-scan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-entrypoint.sh
docker-entrypoint.sh
 
 
scan.sh
scan.sh
 
 

Repository files navigation

ClamAV Scanner Image

This repository provides a 2-stage Docker build on Alpine Linux:

  1. updater stage installs ClamAV and refreshes signatures with freshclam.
  2. scanner stage runs clamscan against a file or directory provided as an argument or via stdin.

Usage

Wrapper script:

./scan.sh --update
./scan.sh /path/to/file
./scan.sh /path/to/directory
./scan.sh --watch /path/to/directory

You can override image names if needed:

IMAGE_NAME=my-clamav UPDATER_IMAGE_NAME=my-clamav-updater ./scan.sh --update
IMAGE_NAME=my-clamav ./scan.sh /path/to/file
IMAGE_NAME=my-clamav ./scan.sh --watch /path/to/directory

Watch mode notes:

  • --watch uses ClamAV's native on-access watcher (clamonacc) inside Docker.
  • Infected files are moved to ./.quarantine (created automatically if missing).
  • --watch requires a directory path (single-file watch is not supported).
  • --watch requires a Linux host for native event watching.

Direct Docker usage:

Scan a mounted file or directory (argument mode):

docker run --rm -v /host/data:/scan clamav /scan/path/to/file-or-dir

Example matching your requested form (path inside container):

docker run clamav /path/to/file

Scan target path via stdin:

echo /scan/path/to/file-or-dir | docker run --rm -i -v /host/data:/scan clamav

Output

clamscan output is printed directly, followed by one explicit status line:

  • STATUS: CLEAN
  • STATUS: INFECTED
  • STATUS: ERROR

Container exit codes follow clamscan semantics:

  • 0: no infection found
  • 1: infection found
  • 2: error

Manual Build

Step 1 (refresh ClamAV + signatures):

TOKEN="$(date -u +%Y%m%d%H%M%S)"

docker build \
  --pull \
  --no-cache \
  --target updater \
  --build-arg CACHE_BUST="${TOKEN}" \
  -t clamav-updater .

Step 2 (build runnable scanner image from refreshed stage):

docker build \
  --pull \
  --no-cache \
  --build-arg CACHE_BUST="${TOKEN}" \
  -t clamav .

Notes:

  • CACHE_BUST intentionally breaks build cache for the updater stage so reruns always refresh packages/signatures.
  • Use the same TOKEN for both steps so the scanner image is built from the same refreshed signature snapshot.
  • This makes stage 1 safe and repeatable for cron-based refresh jobs.
  • scan.sh --update additionally builds with --pull --no-cache and the Dockerfile runs apk update && apk upgrade, so Alpine base/packages are refreshed each update run.

About

An updatable, on-demand virus scanner powered by ClamAV

Resources

Readme

License

MPL-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages