From f5df55fedc4d6b02ecd3b7dd9b87a0f8eba3702a Mon Sep 17 00:00:00 2001 From: dkarv Date: Thu, 30 Oct 2025 22:46:25 +0100 Subject: [PATCH 1/3] add compose file and documentation how to use it --- README.md | 20 ++++++++++++++++++++ antivirus/clamav.yml | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 antivirus/clamav.yml diff --git a/README.md b/README.md index 71b23c2..3fabf96 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ OpenCloud Compose offers a modular approach to deploying OpenCloud with several - **Full text search** with Apache Tika for content extraction and metadata analysis - **Monitoring** with metrics endpoints for observability and performance monitoring - **Radicale** integration for Calendar and Contacts +- **ClamAV** antivirus scanning with ClamAV ## Quick Start Guide @@ -240,6 +241,25 @@ This exposes the necessary ports: If you're using **Nginx Proxy Manager (NPM)**, you **should NOT** activate **"Block Common Exploits"** for the Proxy Host. Otherwise, the desktop app authentication will return **error 403 Forbidden**. +### ClamAV anti-virus + +Enable anti-virus scans for uploaded files. + +Using `-f` flags: +```bash +docker compose -f docker-compose.yml -f antivirus/clamav.yml -f traefik/opencloud.yml up -d +``` + +Or by setting in `.env`: +``` +COMPOSE_FILE=docker-compose.yml:antivirus/clamav.yml:traefik/opencloud.yml +``` + +**Important:** adjust the variable in `.env` to start the antivirus service. Add additional services separated by comma, e.g. `notifications,antivirus`: +``` +START_ADDITIONAL_SERVICES="antivirus" +``` + ## SSL Certificate Support diff --git a/antivirus/clamav.yml b/antivirus/clamav.yml new file mode 100644 index 0000000..5ed756a --- /dev/null +++ b/antivirus/clamav.yml @@ -0,0 +1,43 @@ +--- +services: + opencloud: + environment: + POSTPROCESSING_STEPS: "virusscan" + STORAGE_USERS_DATA_GATEWAY_URL: "http://opencloud:9200/data" + ANTIVIRUS_MAX_SCAN_SIZE: ${ANTIVIRUS_MAX_SCAN_SIZE:-100MB} + ANTIVIRUS_INFECTED_FILE_HANDLING: abort + ANTIVIRUS_MAX_SCAN_SIZE_MODE: ${ANTIVIRUS_MAX_SCAN_SIZE_MODE:-partial} + ANTIVIRUS_WORKERS: 1 + ANTIVIRUS_CLAMAV_SOCKET: /var/run/clamav/clamd.sock + ANTIVIRUS_SCANNER_TYPE: clamav + volumes: + - clamav-socket:/var/run/clamav + clamav: + image: clamav/clamav:${CLAMAV_DOCKER_TAG:-latest} + networks: + opencloud-net: + volumes: + - clamav-socket:/tmp + - clamav-db:/var/lib/clamav + logging: + driver: ${LOG_DRIVER:-local} + restart: always +volumes: + clamav-db: + clamav-socket: + + + + + + + + + + + + + + + + From 6f71feff30b4530e871233b6c04d79df2ba592eb Mon Sep 17 00:00:00 2001 From: David Date: Fri, 31 Oct 2025 14:37:50 +0100 Subject: [PATCH 2/3] Remove blank lines in clamav.yml --- antivirus/clamav.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/antivirus/clamav.yml b/antivirus/clamav.yml index 5ed756a..bab93ba 100644 --- a/antivirus/clamav.yml +++ b/antivirus/clamav.yml @@ -25,19 +25,3 @@ services: volumes: clamav-db: clamav-socket: - - - - - - - - - - - - - - - - From 6d0454d7a25148a8a0237997f1f3336827c4913d Mon Sep 17 00:00:00 2001 From: dkarv Date: Sat, 1 Nov 2025 12:34:29 +0100 Subject: [PATCH 3/3] document the clamav max stream setting --- .env.example | 3 ++- antivirus/clamav.yml | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.env.example b/.env.example index 2e4c5ca..2821471 100644 --- a/.env.example +++ b/.env.example @@ -209,7 +209,8 @@ COLLABORA_SSL_VERIFICATION=false ### Virusscanner Settings ### # IMPORTANT: If you enable antivirus, you also MUST configure the START_ADDITIONAL_SERVICES # envvar in the OpenCloud Settings above by adding 'antivirus' to the list. -# The maximum scan size the virus scanner can handle, needs adjustment in the scanner config as well. +# The maximum scan size the virus scanner can handle, needs adjustment in the scanner config as well: +# For ClamAV, set CLAMD_CONF_StreamMaxLength in antivirus/clamav.yml to the same or a higher value. # Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB. # Defaults to "100MB" #ANTIVIRUS_MAX_SCAN_SIZE= diff --git a/antivirus/clamav.yml b/antivirus/clamav.yml index bab93ba..3878fec 100644 --- a/antivirus/clamav.yml +++ b/antivirus/clamav.yml @@ -14,6 +14,10 @@ services: - clamav-socket:/var/run/clamav clamav: image: clamav/clamav:${CLAMAV_DOCKER_TAG:-latest} + environment: + # Accepts a number with optional K, M or G suffix. Must be greater or equal to ANTIVIRUS_MAX_SCAN_SIZE above. + # K = KiB (1024), M = MiB (1024 * 1024), G = GiB (1024 * 1024 * 1024) + CLAMD_CONF_StreamMaxLength: 100M networks: opencloud-net: volumes: