[ClamAV] Update to 0.101.1 (based on Debian to fix some errors)

[ClamAV] Some config values are deprecated and were replaced

data/Dockerfiles/clamd/Dockerfile

@@ -1,18 +1,32 @@
-FROM alpine:3.8
+FROM debian:stretch-slim
 
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
-# Add scripts
-COPY dl_files.sh bootstrap.sh ./
-
 # Installation
-ENV CLAMAV 0.100.2
+ENV CLAMAV 0.101.1
 
-RUN apk add --no-cache --virtual build-dependencies alpine-sdk ncurses-dev zlib-dev bzip2-dev pcre-dev linux-headers fts-dev libxml2-dev libressl-dev \
+RUN apt-get update && apt-get install -y --no-install-recommends \
-  && apk add --no-cache curl bash tini libxml2 libbz2 pcre fts libressl tzdata \
+  ca-certificates \
+  zlib1g-dev \
+  libncurses5-dev \
+  libzip-dev \
+  libpcre2-dev \
+  libxml2-dev \
+  libssl-dev \
+  build-essential \
+  libjson-c-dev \
+  curl \
+  bash \
+  wget \
+  tzdata \
+  dnsutils \
+  rsync \
+  dos2unix \
+  netcat \
+  && rm -rf /var/lib/apt/lists/* \
   && wget -O - https://www.clamav.net/downloads/production/clamav-${CLAMAV}.tar.gz | tar xfvz - \
   && cd clamav-${CLAMAV} \
-  && LIBS=-lfts ./configure \
+  && ./configure \
   --prefix=/usr \
   --libdir=/usr/lib \
   --sysconfdir=/etc/clamav \
@@ -30,18 +44,22 @@ RUN apk add --no-cache --virtual build-dependencies alpine-sdk ncurses-dev zlib-
   && make install \
   && make clean \
   && cd .. && rm -rf clamav-${CLAMAV} \
-  && apk del build-dependencies \
+  && apt-get -y --auto-remove purge build-essential \
-  && addgroup -S clamav \
+  && apt-get -y purge zlib1g-dev \
-  && adduser -S -D -h /var/lib/clamav -s /sbin/nologin -G clamav -g clamav clamav \
+  libncurses5-dev \
-  && adduser clamav tty \
+  libzip-dev \
+  libpcre2-dev \
+  libxml2-dev \
+  libssl-dev \
+  libjson-c-dev \
+  && addgroup --system --gid 700 clamav \
+  && adduser --system --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \
   && mkdir -p /run/clamav \
   && chown clamav:clamav /run/clamav \
-  && chmod +x /dl_files.sh \
+  && chmod 750 /run/clamav \
-  && set -ex; /bin/bash /dl_files.sh \
+  && rm -rf /tmp/* /var/tmp/*
-  && chmod 750 /run/clamav
 
-# Port provision
+COPY bootstrap.sh ./
-EXPOSE 3310
+COPY tini /sbin/tini
 
-# AV daemon bootstrapping
 CMD ["/sbin/tini", "-g", "--", "/bootstrap.sh"]

data/Dockerfiles/clamd/bootstrap.sh

@@ -10,7 +10,7 @@ fi
 mkdir -p /var/log/clamav
 touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log
 chown -R clamav:clamav /var/log/clamav/
-chown root:tty /dev/console
+adduser clamav tty
 chmod g+rw /dev/console
 
 # Prepare whitelist
@@ -37,6 +37,27 @@ done
 ) &
 BACKGROUND_TASKS+=($!)
 
+(
+while true; do
+  sleep 2m
+  SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"
+  for sane_mirror in ${SANE_MIRRORS}; do
+    rsync -avp --chown=clamav:clamav --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
+      --include 'blurl.ndb' \
+      --include 'junk.ndb' \
+      --include 'jurlbl.ndb' \
+      --include 'phish.ndb' \
+      --exclude='*' /var/lib/clamav/
+    if [ $? -eq 0 ]; then
+      echo RELOAD | nc localhost 3310
+      break
+    fi
+  done
+  sleep 30h
+done
+) &
+BACKGROUND_TASKS+=($!)
+
 clamd &
 BACKGROUND_TASKS+=($!)
 

data/Dockerfiles/clamd/dl_files.sh

@@ -1,32 +0,0 @@
-#!/bin/bash
-
-declare -a DB_MIRRORS=(
-  "switch.clamav.net"
-  "clamavdb.heanet.ie"
-  "clamav.iol.cz"
-  "clamav.univ-nantes.fr"
-  "clamav.easynet.fr"
-  "clamav.begi.net"
-)
-declare -a DB_MIRRORS=( $(shuf -e "${DB_MIRRORS[@]}") )
-
-DB_FILES=(
-  "bytecode.cvd"
-  "daily.cvd"
-  "main.cvd"
-)
-
-for i in "${DB_MIRRORS[@]}"; do
-  for j in "${DB_FILES[@]}"; do
-  [[ -f "/var/lib/clamav/${j}" && -s "/var/lib/clamav/${j}" ]] && continue;
-  if [[ $(curl -o /dev/null --connect-timeout 1 \
-    --max-time 1 \
-    --silent \
-    --head \
-    --write-out "%{http_code}\n" "${i}/${j}") == 200 ]]; then
-    curl "${i}/${j}" -o "/var/lib/clamav/${j}" -#
-  fi
-  done
-done
-
-chown clamav:clamav /var/lib/clamav/*.cvd

data/conf/clamav/clamd.conf

@@ -1,3 +1,4 @@
+#Debug true
 LogFile /dev/console
 LogTime yes
 LogClean yes
@@ -23,9 +24,9 @@ DetectPUA yes
 #IncludePUA Spy
 #IncludePUA Scanner
 #IncludePUA RAT
-AlgorithmicDetection yes
+HeuristicAlerts yes
 ScanOLE2 yes
-OLE2BlockMacros yes
+AlertOLE2Macros yes
 ScanPDF yes
 ScanSWF yes
 ScanXMLDOCS yes