Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proxy support #9

Open
tenjaa opened this issue Dec 20, 2022 · 5 comments
Open

Proxy support #9

tenjaa opened this issue Dec 20, 2022 · 5 comments

Comments

@tenjaa
Copy link

tenjaa commented Dec 20, 2022

Hi,
especially in corporate environments there is sometimes the requirement to run all internet traffic through a proxy.

Currently we manually check for an env variable in the bootstrap script and then add something to the freshclam.conf
But using an official image would be the better solution in my opinion than maintaining our own.

Is there a way to contribute?

Similar to:

if ! [ -z $HTTPProxyServer ]; then echo "HTTPProxyServer $HTTPProxyServer" >> /etc/clamav/freshclam.conf; fi && \
if ! [ -z $HTTPProxyPort   ]; then echo "HTTPProxyPort $HTTPProxyPort" >> /etc/clamav/freshclam.conf; fi && \
if ! [ -z $HTTPProxyUsername   ]; then echo "HTTPProxyUsername $HTTPProxyUsername" >> /etc/clamav/freshclam.conf; fi && \
if ! [ -z $HTTPProxyPassword   ]; then echo "HTTPProxyPassword $HTTPProxyPassword" >> /etc/clamav/freshclam.conf; fi && \
@JonBendtsen
Copy link
Contributor

Maybe you can contribute by making a little change to this script or the corresponding alpine version, but probably preferably both and probably preferably an identical change

https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/unstable/debian/scripts/docker-entrypoint.sh

@tenjaa
Copy link
Author

tenjaa commented Jan 4, 2023

Thanks for the hint!
Are you a Cisco employee giving me the ok to do that? Or is that just a general guidance?

I don't really want to put any effor into it as there isn't even a CONTRIBUTION.md or anything similar :/

@JonBendtsen
Copy link
Contributor

Thanks for the hint! Are you a Cisco employee giving me the ok to do that? Or is that just a general guidance?

I don't really want to put any effor into it as there isn't even a CONTRIBUTION.md or anything similar :/

Hi @tenjaa. No I am not a Cisco employee, it is just general guidance.

Besides that, what would happen when you edit that file is that github would create your own fork with a branch. Then github alerts you to create a Pull Request towards the main project and branch that was forked earlier. If you choose to do a Pull Request the maintainers of clamav-docker will get an alert and then can see, comment and either Approve or Reject (Close) the Pull Request.

The maintainers can also choose to comment and then you can make a few changes, and once that is resolved they can approve the Pull Request.

I made 2 Pull Requests yesterday, one #11 was already Approved and Merged into the project. The other one #10 has a comment, but is not (yet) merged.

You only need to edit the Alpine file https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/unstable/alpine/scripts/docker-entrypoint.sh because a comment in #5 tells me that they currently only publish the Alpine version.

If I were to further pinpoint where to add the proxy stuff it would be in between these 2 lines:

	if [ "${CLAMAV_NO_FRESHCLAMD:-false}" != "true" ]; then
		echo "Starting Freshclamd"

I would preferably make a function call internally in this script or secondary call an external script which sole purpose is to update the proxy configuration in /etc/clamav/freshclam.conf - IF you make an external script, test that it exists before calling it.

Your contribution will show in the git log once the Pull Request is approved and merged into the mainline, but if I have to be frank, then I do not think that such a small contribution would warrant a mentioning in contribution.md. If it is not approved there will still be a history on github under the projects closed Pull Requests.

@JonBendtsen
Copy link
Contributor

WAIT, your contribution actually have to be inserted a little higher above.

	# Ensure we have some virus data, otherwise clamd refuses to start
	if [ ! -f "/var/lib/clamav/main.cvd" ]; then
		echo "Updating initial database"
		freshclam --foreground --stdout
	fi

	if [ "${CLAMAV_NO_FRESHCLAMD:-false}" != "true" ]; then
		echo "Starting Freshclamd"

It will be impossible to Ensure we have some virus data, otherwise clamd refuses to start when freshclam is not working because the proxy settings is not yet updated.

I would probably still make a function call to a function internally in this script to isolate handling of the proxy settings and to make the script more readable.

@micahsnyder
Copy link
Collaborator

Hey @tenjaa sorry about the long delay on this PR.

I don't really want to put any effor into it as there isn't even a CONTRIBUTION.md or anything similar :/

You're right we need a CONTRIBUTING.md file and a better README.md for this repo.

If you're up for submitting a pull request as @JonBendtsen has done, that will definitely help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JonBendtsen @tenjaa @micahsnyder