add clamav-icap service

2026-06-03 17:14:08 +02:00 · 2022-03-21 22:33:21 +01:00 · 2022-03-21 22:33:21 +01:00 · 255f11899d
commit 255f11899d
parent 8cf5d273c2
4 changed files with 97 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -48,6 +48,7 @@ Additionally, you can use the following options when starting an instance:
 - `smb`: setup a samba server for external storage use
 - `kaspersky`: setup a kaspersky scan engine server in http mode. (Requires [manually setting up the image](https://github.com/icewind1991/kaspersky-docker))
 - `kaspersky-icap`: setup a kaspersky scan engine server in ICAP mode.
+ - `clamav-icap`: setup a clam av scanner in ICAP mode.

 #### Run tests in a new instance

--- a/src/service.rs
+++ b/src/service.rs
@ -1,3 +1,4 @@
+mod clam;
 mod kaspersky;
 mod ldap;
 mod objectstore;
@ -6,6 +7,7 @@ mod push;
 mod smb;

 use crate::config::HazeConfig;
+pub use crate::service::clam::ClamIcap;
 use crate::service::kaspersky::{Kaspersky, KasperskyIcap};
 pub use crate::service::ldap::{LDAPAdmin, LDAP};
 pub use crate::service::objectstore::ObjectStore;
@ -76,6 +78,7 @@ pub enum Service {
    Smb(Smb),
    Kaspersky(Kaspersky),
    KasperskyIcap(KasperskyIcap),
+    ClamIcap(ClamIcap),
 }

 impl Service {
@ -89,6 +92,7 @@ impl Service {
            "smb" => Some(&[Service::Smb(Smb)]),
            "kaspersky" => Some(&[Service::Kaspersky(Kaspersky)]),
            "kaspersky-icap" => Some(&[Service::KasperskyIcap(KasperskyIcap)]),
+            "clamav-icap" => Some(&[Service::ClamIcap(ClamIcap)]),
            _ => None,
        }
    }
--- a/src/service/clam.rs
+++ b/src/service/clam.rs
@ -0,0 +1,91 @@
+use crate::config::HazeConfig;
+use crate::image::pull_image;
+use crate::service::ServiceTrait;
+use crate::Result;
+use bollard::container::{Config, CreateContainerOptions, NetworkingConfig};
+use bollard::models::{EndpointSettings, HostConfig};
+use bollard::Docker;
+use maplit::hashmap;
+use miette::IntoDiagnostic;
+
+#[derive(Debug, Clone, Eq, PartialEq)]
+pub struct ClamIcap;
+
+#[async_trait::async_trait]
+impl ServiceTrait for ClamIcap {
+    fn name(&self) -> &str {
+        "clamav-icap"
+    }
+
+    fn env(&self) -> &[&str] {
+        &[
+            "ICAP_HOST=clamav-icap",
+            "ICAP_PORT=1344",
+            "ICAP_REQUEST=avscan",
+            "ICAP_HEADER=X-Infection-Found",
+        ]
+    }
+
+    async fn spawn(
+        &self,
+        docker: &Docker,
+        cloud_id: &str,
+        network: &str,
+        _config: &HazeConfig,
+    ) -> Result<String> {
+        let image = "deepdiver/icap-clamav-service";
+        pull_image(docker, image).await?;
+        let options = Some(CreateContainerOptions {
+            name: self.container_name(cloud_id),
+        });
+        let config = Config {
+            image: Some(image),
+            host_config: Some(HostConfig {
+                network_mode: Some(network.to_string()),
+                ..Default::default()
+            }),
+            labels: Some(hashmap! {
+                "haze-type" => self.name(),
+                "haze-cloud-id" => cloud_id
+            }),
+            networking_config: Some(NetworkingConfig {
+                endpoints_config: hashmap! {
+                    network => EndpointSettings {
+                        aliases: Some(vec![self.name().to_string()]),
+                        ..Default::default()
+                    }
+                },
+            }),
+            ..Default::default()
+        };
+        let id = docker
+            .create_container(options, config)
+            .await
+            .into_diagnostic()?
+            .id;
+        docker
+            .start_container::<String>(&id, None)
+            .await
+            .into_diagnostic()?;
+        Ok(id)
+    }
+
+    fn container_name(&self, cloud_id: &str) -> String {
+        format!("{}-clamav-icap", cloud_id)
+    }
+
+    fn apps(&self) -> &'static [&'static str] {
+        &["files_antivirus"]
+    }
+
+    async fn post_setup(&self, _docker: &Docker, _cloud_id: &str) -> Result<Vec<String>> {
+        Ok(vec![
+            "occ config:app:set files_antivirus av_mode --value=icap".into(),
+            "occ config:app:set files_antivirus av_host --value=clamav-icap".into(),
+            "occ config:app:set files_antivirus av_port --value=1344".into(),
+            "occ config:app:set files_antivirus av_icap_request_service --value=avscan".into(),
+            "occ config:app:set files_antivirus av_icap_response_header --value=X-Infection-Found"
+                .into(),
+        ])
+    }
+}
--- a/src/service/kaspersky.rs
+++ b/src/service/kaspersky.rs
@ -192,8 +192,7 @@ impl ServiceTrait for KasperskyIcap {
            "occ config:app:set files_antivirus av_host --value=kaspersky-icap".into(),
            "occ config:app:set files_antivirus av_port --value=1344".into(),
            "occ config:app:set files_antivirus av_icap_request_service --value=req".into(),
-            "occ config:app:set files_antivirus av_icap_response_header --value=X-Infection-Found"
-                .into(),
+            "occ config:app:set files_antivirus av_icap_response_header --value=X-Virus-ID".into(),
        ])
    }
 }