Kubernetes ClamAV container
Contributed by Google employees.
This example provides a Clam antivirus Docker image that performs regularly scheduled scans.
This example is designed to be run on Container-Optimized OS, but it should work with most other Docker servers.
ClamAV is an open source antivirus engine for detecting trojans, viruses, malware, and other malicious threats.
- Build your Docker image.
- Deploy that image to your Kubernetes cluster.
- Use Daemonsets to configure the new workload to run one scanner pod per node.
- Ensure that scan-required paths within other pods are mounted as named volumes so they will be included in the scan of the node.
For more information, see Installing antivirus and file integrity monitoring on Container-Optimized OS.
Use the following to create the container, replacing
[DOCKER_APP_CONFIG_PATH] with the value for your environment:
IMAGE=clamav CONTAINER=clamav APP=clamav BASEDIR=/[DOCKER_APP_CONFIG_PATH]/$APP docker create --name=$APP \ -v /share:/host-fs:ro \ -v $BASEDIR/logs:/logs \ -v $BASEDIR/conf:/etc/clamav \ --health-cmd "/health.sh" \ $IMAGE
The first time you start the container, default configuration files will be deployed into the
conf/ subfolder. You can customize the configuration
files, and they will be deployed the next time you start the container.
Be sure to tune the
MaxThreads value in
clamd.conf to work well with the other workloads.