/moj-clamav-rest

Primary LanguageShellMIT LicenseMIT

Simple ClamAV REST proxy. Builds on top of clamav-java which is a minimal Java client for ClamAV.

This is a component of the mojfile-uploader project.

This project depends on moj-clamav-daemon

Build

docker build -t clamav-rest .

Run

docker run -d -p 3310:3310 --name clamd clamav   # <-- https://github.com/ministryofjustice/moj-clamav-daemon

docker run -d -p 8080:8080 --link clamd:clamd --name clamav-rest -e HOST=clamd -e PORT=3310 clamav-rest

Test

Allow some time for the clamav-rest container to finish starting up, then;

cd test
./test.sh

Push to MoJ repository

Adjust version number, as appropriate

docker tag clamav-rest registry.service.dsd.io/ministryofjustice/clamav-rest:0.1.0

docker push registry.service.dsd.io/ministryofjustice/clamav-rest:0.1.0

What is it?

The big picture

This is an example for the deployment. You could omit the log server, it's completely optional.

Deployment example

For more general information, see also our blog post.

The technical details

This is a REST proxy server with support for basic INSTREAM scanning and PING command.

Clamd protocol is explained here: http://linux.die.net/man/8/clamd

Clamd protocol contains command such as shutdown so exposing clamd directly to external services is not a feasible option. Accessing clamd directly is fine if you are running single application and it's on the localhost.

An example to build on

This is is mainly an example, not a serious production ready server. You can customize this for your specific needs. Or rewrite it using something other than Spring Boot if you wish.

Usage

You have two options. You can use Docker and run a Docker image to test it. The Docker image is based on the supplied Dockerfile specification.

Or you can build the JAR. This creates a stand-alone JAR with embedded Jetty serlet container.

  mvn package

Starting the REST service is quite straightforward.

  java -jar clamav-rest-1.0.0.jar --server.port=8765 --clamd.host=myprecious.clamd.serv.er --clamd.port=3310

Setting up local clamd virtual server

By default clamd is assumed to respond in a local virtual machine. Setting it up is explained in ClamAV client repository. Or you can use a clamd Docker image.

Testing the REST service

You can use curl as it's REST. Here's an example test session:

curl localhost:8080
Clamd responding: true

curl -F "name=blabla" -F "file=@./eicar.txt" localhost:8080/scan
Everything ok : false

EICAR is a test file which is recognized as a virus by scanners even though it's not really a virus. Read more EICAR information here.

License

Copyright © 2014 Solita

Distributed under the GNU Lesser General Public License, either version 2.1 of the License, or (at your option) any later version.