[clamav-users] CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities for Busy Box

Thu Feb 17 19:51:29 UTC 2022

Please don't hijack a thread to report a bug or request an improvement. A new thread for new discussion topic is always great.

Please also be careful in your phrasing. ClamAV's docker support was 99% the work of a kind-hearted community member. Mocking the current design isn't helpful. I do see what you're talking about. I'm sure there is room for improvement.

If you know there is a bug, please report the issue https://github.com/Cisco-Talos/clamav/issues/new/choose<https://github.com/Cisco-Talos/clamav/issues/new?assignees=&labels=&template=bug_report.md&title=>
If you have a proposed solution for the issue, it's still good to make the issue and submit your solution in a pull-request.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: Marc <Marc at f1-outsourcing.eu>
Sent: Sunday, February 13, 2022 5:02 AM
To: ClamAV users ML <clamav-users at lists.clamav.net>
Cc: Micah Snyder (micasnyd) <micasnyd at cisco.com>; Sandhu, Jaspal (HQP) <jaspal.sandhu at roberthalf.com>
Subject: RE: CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities for Busy Box

> My team is new to maintaining images on Docker Hub. We hadn't yet
> identified the best practices for how to publish an image for the same
> ClamAV version with a new base image. After a little investigation, I
> settled on this on this scheme.
>
I can see ;)

This is of course crap.

# Wait forever (or until canceled)
        exec tail -f "/dev/null"

The goal of the entrypoint.sh exec is that if it terminates the OC can take proper action, eg restart the task. In your case clamd can crash and no action will be taken, because the OC monitors a useless tail?????

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220217/1a6cfdc9/attachment.htm>