[ClamAV] Use tini, check if background procs are running, use pipe to output to stdout

master
André 2017-10-14 23:25:29 +02:00
parent f75f56aba6
commit c5dd30b058
2 changed files with 32 additions and 10 deletions

View File

@ -7,7 +7,7 @@ COPY dl_files.sh bootstrap.sh ./
# Installation # Installation
RUN apk add --update \ RUN apk add --update \
&& apk add --no-cache clamav clamav-libunrar curl bash \ && apk add --no-cache clamav clamav-libunrar curl bash tini \
&& chmod +x /dl_files.sh \ && chmod +x /dl_files.sh \
&& set -ex; /bin/bash /dl_files.sh \ && set -ex; /bin/bash /dl_files.sh \
&& mkdir /run/clamav \ && mkdir /run/clamav \
@ -15,12 +15,14 @@ RUN apk add --update \
&& chmod 750 /run/clamav \ && chmod 750 /run/clamav \
&& sed -i '/Foreground yes/s/^#//g' /etc/clamav/clamd.conf \ && sed -i '/Foreground yes/s/^#//g' /etc/clamav/clamd.conf \
&& sed -i '/TCPSocket 3310/s/^#//g' /etc/clamav/clamd.conf \ && sed -i '/TCPSocket 3310/s/^#//g' /etc/clamav/clamd.conf \
&& sed -i 's#LogFile /var/log/clamav/clamd.log#LogFile /tmp/logpipe_clamd#g' /etc/clamav/clamd.conf \
&& sed -i 's/#PhishingSignatures yes/PhishingSignatures no/g' /etc/clamav/clamd.conf \ && sed -i 's/#PhishingSignatures yes/PhishingSignatures no/g' /etc/clamav/clamd.conf \
&& sed -i 's/#PhishingScanURLs yes/PhishingScanURLs no/g' /etc/clamav/clamd.conf \ && sed -i 's/#PhishingScanURLs yes/PhishingScanURLs no/g' /etc/clamav/clamd.conf \
&& sed -i 's#UpdateLogFile /var/log/clamav/freshclam.log#UpdateLogFile /tmp/logpipe_freshclam#g' /etc/clamav/freshclam.conf \
&& sed -i '/Foreground yes/s/^#//g' /etc/clamav/freshclam.conf && sed -i '/Foreground yes/s/^#//g' /etc/clamav/freshclam.conf
# Port provision # Port provision
EXPOSE 3310 EXPOSE 3310
# AV daemon bootstrapping # AV daemon bootstrapping
CMD ["/bootstrap.sh"] CMD ["/sbin/tini", "-g", "--", "/bootstrap.sh"]

View File

@ -1,14 +1,34 @@
#!/bin/bash #!/bin/bash
touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log
chown -R clamav:clamav /var/log/clamav/
if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
echo "SKIP_CLAMD=y, skipping ClamAV..." echo "SKIP_CLAMD=y, skipping ClamAV..."
sleep 365d sleep 365d
exit 0 exit 0
fi fi
freshclam -d & # Create log pipes
clamd & touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log
mkfifo -m 600 /tmp/logpipe_clamd
mkfifo -m 600 /tmp/logpipe_freshclam
chown -R clamav:clamav /var/log/clamav/ /tmp/logpipe_*
cat <> /tmp/logpipe_clamd 1>&2 &
cat <> /tmp/logpipe_freshclam 1>&2 &
tail -f /var/log/clamav/clamd.log /var/log/clamav/freshclam.log # Prepare
BACKGROUND_TASKS=()
freshclam -d &
BACKGROUND_TASKS+=($!)
clamd &
BACKGROUND_TASKS+=($!)
while true; do
for bg_task in ${BACKGROUND_TASKS[*]}; do
if ! kill -0 ${bg_task} 1>&2; then
echo "Worker ${bg_task} died, stopping container waiting for respawn..."
kill -TERM 1
fi
sleep 10
done
done