[clamav-users] Possible to use clamdscan to scan a file on the clamd host?
Kris Deugau
kdeugau at vianet.ca
Fri Sep 10 18:02:51 UTC 2021
Choate, Nathan via clamav-users wrote:
> Hello,
>
> I’ve recently been experimenting with using the recently built ClamAV
> Docker image in a Kubernetes deployment.
>
> We want to utilize the ClamAV container in our deployment alongside a
> basic server application running in a separate pod.
>
> We think the ideal pattern would be to have the ClamAV container running
> clamd in its own pod with its client running in a separate pod. The idea
> would be to
>
> 1. Mount a volume for scanning into both the ClamAV container and the
> client container
> 2. Package clamdscan in the Docker image for the client pod
> 3. Whenever a file is uploaded to the client pod:
> 1. Move that file to the mounted volume (which is mounted in both
> the ClamAV container and the client container)
> 2. Use clamdscan from the client container to remotely tell clamd
> in the ClamAV container to scan the new file in the shared volume
>
> At the moment, it seems that whenever I try to use clamdscan to tell
> clamd to scan the volume contents from its container, clamdscan simply
> defaults to streaming the file contents from the client container to the
> ClamAV container.
>
> I would assume that if no mode is specified, clamdscan will default to
> streaming the file contents to the TCP port if it’s on a remote “host”
> (in this case, a separate pod).
>
> Preferably, we would like to use clamdscan to tell clamd to scan the
> mounted volume contents from its container, not through a stream from
> the client. Is that possible?
clamdscan can either pass a file descriptor to clamd (in which case
clamdscan must be "local" to clamd), or it can stream the file over a
socket.
There's no mechanism I've ever seen a hint of to tell a remote clamd to
scan some arbitrary file on its local filesystem.
Since you're using containers instead of full VMs there may be some dark
art to allow passing a file descriptor across containers, but IMO at
first thought that seems to defeat the whole point of using them.
-kgd
More information about the clamav-users
mailing list