Simple ClamAV REST proxy. Builds on top of clamav-java which is a minimal Java client for ClamAV.
This is a component of the mojfile-uploader project.
This project depends on moj-clamav-daemon
docker build -t clamav-rest .
docker run -d -p 3310:3310 --name clamd clamav # <-- https://github.com/ministryofjustice/moj-clamav-daemon
docker run -d -p 8080:8080 --link clamd:clamd --name clamav-rest -e HOST=clamd -e PORT=3310 clamav-rest
Allow some time for the clamav-rest container to finish starting up, then;
cd test
./test.sh
Adjust version number, as appropriate
docker tag clamav-rest registry.service.dsd.io/ministryofjustice/clamav-rest:0.1.0
docker push registry.service.dsd.io/ministryofjustice/clamav-rest:0.1.0
This is an example for the deployment. You could omit the log server, it's completely optional.
For more general information, see also our blog post.
This is a REST proxy server with support for basic INSTREAM scanning and PING command.
Clamd protocol is explained here: http://linux.die.net/man/8/clamd
Clamd protocol contains command such as shutdown so exposing clamd directly to external services is not a feasible option. Accessing clamd directly is fine if you are running single application and it's on the localhost.
This is is mainly an example, not a serious production ready server. You can customize this for your specific needs. Or rewrite it using something other than Spring Boot if you wish.
You have two options. You can use Docker and run a Docker image to test it. The Docker image is based on the supplied Dockerfile specification.
Or you can build the JAR. This creates a stand-alone JAR with embedded Jetty serlet container.
mvn package
Starting the REST service is quite straightforward.
java -jar clamav-rest-1.0.0.jar --server.port=8765 --clamd.host=myprecious.clamd.serv.er --clamd.port=3310
By default clamd is assumed to respond in a local virtual machine. Setting it up is explained in ClamAV client repository. Or you can use a clamd Docker image.
You can use curl as it's REST. Here's an example test session:
curl localhost:8080
Clamd responding: true
curl -F "name=blabla" -F "file=@./eicar.txt" localhost:8080/scan
Everything ok : false
EICAR is a test file which is recognized as a virus by scanners even though it's not really a virus. Read more EICAR information here.
Copyright © 2014 Solita
Distributed under the GNU Lesser General Public License, either version 2.1 of the License, or (at your option) any later version.