Merge pull request #50 from arizon-dread/scan-v2

Bugfix #23 and improvements as suggested in #48

.gitignore

@@ -3,3 +3,6 @@ src
 *.swp
 clamrest
 pyenv
+__debug*
+.vscode
+clamav-rest

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine3.19 as build
+FROM golang:alpine3.20 AS build
 
 # Update libraries
 RUN apk update && apk upgrade
@@ -8,7 +8,7 @@ WORKDIR /go/src
 
 # Build go package
 ADD . /go/src/clamav-rest/
-RUN cd /go/src/clamav-rest && go mod download github.com/dutchcoders/go-clamd@latest && go mod init clamav-rest && go mod tidy && go mod vendor && go build -v
+RUN cd /go/src/clamav-rest && go mod tidy && go build -v
 
 FROM alpine:3.21
 
@@ -31,21 +31,26 @@ ADD ./server.* /etc/ssl/clamav-rest/
 # Install ClamAV
 RUN apk --no-cache add clamav clamav-libunrar \
     && mkdir /run/clamav \
-    && chown clamav:clamav /run/clamav
+    && chown clamav:clamav /run/clamav 
+
 
 # Configure clamAV to run in foreground with port 3310
-RUN sed -i 's/^#Foreground .*$/Foreground true/g' /etc/clamav/clamd.conf \
+RUN sed -i 's/^#Foreground .*$/Foreground yes/g' /etc/clamav/clamd.conf \
     && sed -i 's/^#TCPSocket .*$/TCPSocket 3310/g' /etc/clamav/clamd.conf \
-    && sed -i 's/^#Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf
+    && sed -i 's/^#Foreground .*$/Foreground yes/g' /etc/clamav/freshclam.conf
 
 RUN freshclam --quiet --no-dns
 
 COPY entrypoint.sh /usr/bin/
 
-RUN mkdir /clamav \
-    && chown -R clamav.clamav /clamav \
-    && chown -R clamav.clamav /var/log/clamav \
-    && chown -R clamav.clamav /run/clamav
+RUN mkdir -p /clamav/etc \
+    && mkdir -p /clamav/data \
+    && mkdir -p /clamav/tmp 
+
+RUN chown -R clamav:clamav /clamav \
+    && chown -R clamav:clamav /var/log/clamav \
+    && chown -R clamav:clamav /run/clamav 
+
 
 ENV PORT=9000
 ENV SSL_PORT=9443

README.md

@@ -20,10 +20,12 @@ This is a two in one docker image which runs the open source virus scanner ClamA
 
 # Updates
 
-As of October 21 2024, freshclam notifies the correct `.clamd.conf` so that `clamd` is notified about updates and the correct version is returned now.
+2025-01-08: [PR 50](https://github.com/ajilach/clamav-rest/pull/50) integrated which now provides a new `/v2` endpoint returning more scan result information: status, description, http status and a list of scanned files. See the PR for more details. The old `/scan` endpoint is now considered deprecated. Also, a file size scan limit has been added which can be configured through the `MAX_FILE_SIZE` environment variable.
+
+2024-10-21: freshclam notifies the correct `.clamd.conf` so that `clamd` is notified about updates and the correct version is returned now.
 This is an additional fix to the latest fix from October 15 2024 which was not working. Thanks to [christianbumann](https://github.com/christianbumann) and [arizon-dread](https://github.com/arizon-dread).
 
-As of October 15 2024, ClamAV was thought to handle database updates correctly thanks to [christianbumann](https://github.com/christianbumann). It turned out that this was not the case.
+2024-10-15: ClamAV was thought to handle database updates correctly thanks to [christianbumann](https://github.com/christianbumann). It turned out that this was not the case.
 
 As of May 2024, the releases are built for multiple architectures thanks to efforts from [kcirtapfromspace](https://github.com/kcirtapfromspace) and support non-root read-only deployments thanks to [robaca](https://github.com/robaca).
 
@@ -59,37 +61,40 @@ docker run -p 9000:9000 -p 9443:9443 -itd --name clamav-rest ajilaag/clamav-rest
 
 Test that service detects common test virus signature:
 
-**HTTP**
+**HTTP:**
+
 ```bash
-$ curl -i -F "[email protected]" http://localhost:9000/scan
+$ curl -i -F "[email protected]" http://localhost:9000/v2/scan
 HTTP/1.1 100 Continue
 
 HTTP/1.1 406 Not Acceptable
 Content-Type: application/json; charset=utf-8
 Date: Mon, 28 Aug 2017 20:22:34 GMT
 Content-Length: 56
 
-{ "Status": "FOUND", "Description": "Eicar-Test-Signature" }
+[{ "Status": "FOUND", "Description": "Eicar-Test-Signature","FileName":"eicar.com.txt"}]
 ```
 
-**HTTPS**
+**HTTPS:**
+
 ```bash
-$ curl -i -k -F "[email protected]" https://localhost:9443/scan
+$ curl -i -k -F "[email protected]" https://localhost:9443/v2/scan
 HTTP/1.1 100 Continue
 
 HTTP/1.1 406 Not Acceptable
 Content-Type: application/json; charset=utf-8
 Date: Mon, 28 Aug 2017 20:22:34 GMT
 Content-Length: 56
 
-{ "Status": "FOUND", "Description": "Eicar-Test-Signature" }
+[{ "Status": "FOUND", "Description": "Eicar-Test-Signature","FileName":"eicar.com.txt"}]
 ```
 
 Test that service returns 200 for clean file:
 
-**HTTP**
+**HTTP:**
+
 ```bash
-$ curl -i -F "[email protected]" http://localhost:9000/scan
+$ curl -i -F "[email protected]" http://localhost:9000/v2/scan
 
 HTTP/1.1 100 Continue
 
@@ -98,11 +103,12 @@ Content-Type: application/json; charset=utf-8
 Date: Mon, 28 Aug 2017 20:23:16 GMT
 Content-Length: 33
 
-{ "Status": "OK", "Description": "" }
+[{ "Status": "OK", "Description": "","FileName":"clamrest.go"}]
 ```
-**HTTPS**
+**HTTPS:**
+
 ```bash
-$ curl -i -k -F "[email protected]" https://localhost:9443/scan
+$ curl -i -k -F "[email protected]" https://localhost:9443/v2/scan
 
 HTTP/1.1 100 Continue
 
@@ -111,14 +117,16 @@ Content-Type: application/json; charset=utf-8
 Date: Mon, 28 Aug 2017 20:23:16 GMT
 Content-Length: 33
 
-{ "Status": "OK", "Description": "" }
+[{ "Status": "OK", "Description": "","FileName":"clamrest.go"}]
 ```
 
 ## Status Codes
 - 200 - clean file = no KNOWN infections
 - 400 - ClamAV returned general error for file
 - 406 - INFECTED
 - 412 - unable to parse file
+- 413 - request entity too large, the file exceeds the scannable limit. Set MAX_FILE_SIZE to scan larger files
+- 422 - filename is missing in MimePart
 - 501 - unknown request
 
 # Configuration
@@ -172,24 +180,28 @@ clamscan --database=/clamav/data --version
 
 [Prometheus metrics](https://prometheus.io/docs/guides/go-application/) were implemented, which can be retrieved as follows
 
-**HTTP**:
+**HTTP:**
 curl http://localhost:9000/metrics
 
 **HTTPS:**
 curl https://localhost:9443/metrics
 
-# Developing
+# Development
 
-Source Code can be found here: https://github.com/ajilach/clamav-rest
+Source code can be found here: https://github.com/ajilach/clamav-rest
 
 Build golang (linux) binary and docker image:
 
 ```bash
 # env GOOS=linux GOARCH=amd64 go build
-docker build . -t clamav-go-rest
-docker run -p 9000:9000 -p 9443:9443 -itd --name clamav-rest clamav-go-rest
+docker build . -t clamav-rest
+docker run -p 9000:9000 -p 9443:9443 -itd --name clamav-rest clamav-rest
 ```
 
+# History
+
+This work is based on the awesome work done by [o20ne/clamav-rest](https://github.com/o20ne/clamav-rest) which is based on [niilo/clamav-rest](https://github.com/niilo/clamav-rest) which is based on the original code from [osterzel/clamav-rest](https://github.com/osterzel/clamav-rest).
+
 # References
 
 * https://www.clamav.net

centos.Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/centos/centos:stream8 as build
+FROM quay.io/centos/centos:stream9 as build
 
 # Set timezone to Europe/Zurich
 ENV TZ=Europe/Zurich
@@ -16,17 +16,17 @@ ENV GOPATH=/go \
 
 # Build go package
 ADD . /go/src/clamav-rest/
-RUN cd /go/src/clamav-rest && go mod download github.com/dutchcoders/go-clamd@latest && go mod init clamav-rest && go mod tidy && go mod vendor && go build -v
+RUN cd /go/src/clamav-rest && go mod tidy && go build -v
 
-FROM quay.io/centos/centos:stream8
+FROM quay.io/centos/centos:stream9
 
 # Copy compiled clamav-rest binary from build container to production container
 COPY --from=build /go/src/clamav-rest/clamav-rest /usr/bin/
 
 # Install ClamAV
 RUN dnf -y update \
     && dnf install -y epel-release \
-    && dnf install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd \
+    && dnf install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd nc \
     && mkdir /run/clamav \
     && chown clamscan:clamscan /run/clamav \
 # Clean
@@ -44,7 +44,15 @@ RUN freshclam --quiet --no-dns
 ADD ./server.* /etc/ssl/clamav-rest/
 
 COPY entrypoint.sh /usr/bin/
-RUN mkdir /etc/clamav/ && ln -s /etc/clamd.d/scan.conf /etc/clamav/clamd.conf
+
+# Create folders for clamav so it matches what happens in entrypoint.sh
+RUN install -d -m 0775 -oclamupdate -groot /var/log/clamav /etc/clamav /clamav /clamav/etc /clamav/data /clamav/tmp \
+    && cp /etc/clamd.d/scan.conf /etc/clamav/clamd.conf \
+    && cp /etc/freshclam.conf /etc/clamav/freshclam.conf \
+    && chown clamupdate:root /etc/clamav/freshclam.conf
+
+# On CentOS, clamupdate is the user.
+USER clamupdate
 
 EXPOSE 9000
 EXPOSE 9443