Please don't hijack a thread to report a bug or request an improvement. A new thread for new discussion topic is always great. 

Please also be careful in your phrasing. ClamAV's docker support was 99% the work of a kind-hearted community member. Mocking the current design isn't helpful. I do see what you're talking about. I'm sure there is room for improvement.

If you know there is a bug, please report the issue https://github.com/Cisco-Talos/clamav/issues/new/choose
If you have a proposed solution for the issue, it's still good to make the issue and submit your solution in a pull-request.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
From: Marc <Marc@f1-outsourcing.eu>
Sent: Sunday, February 13, 2022 5:02 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Micah Snyder (micasnyd) <micasnyd@cisco.com>; Sandhu, Jaspal (HQP) <jaspal.sandhu@roberthalf.com>
Subject: RE: CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities for Busy Box
 
> My team is new to maintaining images on Docker Hub. We hadn't yet
> identified the best practices for how to publish an image for the same
> ClamAV version with a new base image. After a little investigation, I
> settled on this on this scheme.
>
I can see ;)

This is of course crap.

# Wait forever (or until canceled)
        exec tail -f "/dev/null"

The goal of the entrypoint.sh exec is that if it terminates the OC can take proper action, eg restart the task. In your case clamd can crash and no action will be taken, because the OC monitors a useless tail?????