Edit on GitHub
Report issue
Page history

Kubernetes ClamAV container

Author(s): @ianmaddox ,   Published: 2019-03-21

Ian Maddox | Solutions Architect | Google

Contributed by Google employees.

This example provides a Clam antivirus Docker image that performs regularly scheduled scans.

This example is designed to be run on Container-Optimized OS, but it should work with most other Docker servers.

ClamAV is an open source antivirus engine for detecting trojans, viruses, malware, and other malicious threats.

Basic usage

  1. Build your Docker image.
  2. Deploy that image to your Kubernetes cluster.
  3. Use Daemonsets to configure the new workload to run one scanner pod per node.
  4. Ensure that scan-required paths within other pods are mounted as named volumes so they will be included in the scan of the node.

For more information, see Installing antivirus and file integrity monitoring on Container-Optimized OS.

Use the following to create the container, replacing [DOCKER_APP_CONFIG_PATH] with the value for your environment:

IMAGE=clamav
CONTAINER=clamav
APP=clamav
BASEDIR=/[DOCKER_APP_CONFIG_PATH]/$APP

docker create --name=$APP \
   -v /share:/host-fs:ro \
   -v $BASEDIR/logs:/logs \
   -v $BASEDIR/conf:/etc/clamav \
   --health-cmd "/health.sh" \
   $IMAGE

The first time you start the container, default configuration files will be deployed into the conf/ subfolder. You can customize the configuration files, and they will be deployed the next time you start the container.

Be sure to tune the MaxThreads value in clamd.conf to work well with the other workloads.

Submit a tutorial

Share step-by-step guides

Submit a tutorial

Request a tutorial

Ask for community help

Submit a request

View tutorials

Search Google Cloud tutorials

View tutorials

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.