Skip to content

Test ClamAV solution

Jump to bottom
Allan Roger Reid edited this page May 13, 2024 · 3 revisions

Install basic packages

sudo apt update && sudo apt upgrade -y && sudo apt install curl wget vim dnsutils git iproute2 build-essential -y

Install go

wget https://go.dev/dl/go1.21.9.linux-amd64.tar.gz
sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.21.9.linux-amd64.tar.gz
cat <<EOF >> $HOME/.profile 
export PATH=$PATH:/usr/local/go/bin:~/go/bin
EOF
cat $HOME/.profile 
source $HOME/.profile
go version

Get docker

#https://docs.docker.com/engine/install/ubuntu/

# Uninstall all conflicting packages
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

# Install using the apt repository
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update -y

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

sudo docker run hello-world
docker run hello-world

# Manage Docker as a non-root user
sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker

docker run hello-world

Run ClamAV

docker network create clamav_net
docker run --name clamav -v ${PWD}/clamdata:/var/lib/clamav -d -p 3310:3310 --network clamav_net clamav/clamav:latest

Build scanner

cd ~ && mkdir -p github && cd github
git clone https://github.com/r-scheele/scanner.git
cd scanner && git checkout main

docker run -d -p 5000:5000 --restart always --name registry registry:2
docker build -t localhost:5000/scanner:latest .
docker push localhost:5000/scanner:latest
docker run -d -p 10080:8080 -e CLAMD_HOST=clamav --network clamav_net --name scanner localhost:5000/scanner:latest

Tests

0. Ping
curl -i http://localhost:10080/ping

HTTP/1.1 200 OK
Date: Mon, 13 May 2024 13:50:23 GMT
Content-Length: 3
Content-Type: text/plain; charset=utf-8

OK
1. Test offline
docker stop clamav
curl -i http://localhost:10080/ping

HTTP/1.1 500 Internal Server Error
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Mon, 13 May 2024 13:50:45 GMT
Content-Length: 21

Could not ping clamd
2. Scan uninfected stream
docker start clamav
curl -i -F "name=README.md" -F "file=@./README.md" http://localhost:10080/scan/stream

HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 13 May 2024 13:53:35 GMT
Content-Length: 89

[{"Raw":"stream: OK","Description":"","Path":"stream","Hash":"","Size":0,"Status":"OK"}]
3. Scan infected stream
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > clamav-eicar
curl -i -F "name=clamav-eicar" -F "file=@./clamav-eicar" http://localhost:10080/scan/stream

HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 13 May 2024 13:53:49 GMT
Content-Length: 89

[{"Raw":"stream: OK","Description":"","Path":"stream","Hash":"","Size":0,"Status":"OK"}]
4. Scan uninfected file
docker start clamav
curl -i -F "name=README.md" -F "file=@./README.md" http://localhost:10080/scan/stream

HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 13 May 2024 13:40:31 GMT
Content-Length: 89

[{"Raw":"stream: OK","Description":"","Path":"stream","Hash":"","Size":0,"Status":"OK"}]
6. Scan infected files
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > clamav-eicar
curl -i -F "name=clamav-eicar" -F "file=@./clamav-eicar" http://localhost:10080/scan/stream

HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 13 May 2024 13:42:02 GMT
Content-Length: 89

[{"Raw":"stream: OK","Description":"","Path":"stream","Hash":"","Size":0,"Status":"OK"}]
5. Scan uninfected bag of files
docker start clamav
curl -i -F "name=README.md" -F "file=@./README.md" http://localhost:10080/scan/stream

HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 13 May 2024 13:40:31 GMT
Content-Length: 89

[{"Raw":"stream: OK","Description":"","Path":"stream","Hash":"","Size":0,"Status":"OK"}]
5. Scan infected bag of files
docker start clamav
curl -i -F "name=README.md" -F "file=@./README.md" http://localhost:10080/scan/stream

HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 13 May 2024 13:40:31 GMT
Content-Length: 89

[{"Raw":"stream: OK","Description":"","Path":"stream","Hash":"","Size":0,"Status":"OK"}]
5. Scan mixed bag of files
docker start clamav
curl -i -F "name=README.md" -F "file=@./README.md" http://localhost:10080/scan/stream

HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 13 May 2024 13:40:31 GMT
Content-Length: 89

[{"Raw":"stream: OK","Description":"","Path":"stream","Hash":"","Size":0,"Status":"OK"}]
Clone this wiki locally