-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Add loop to retry where antivirus fails in clamav #3677
Conversation
break | ||
else | ||
docker logs "${CONTAINER_NAME}" | ||
echo "Container not running! Retry number ${RETRY_COUNT}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you need something in here:
echo "Container not running! Retry number ${RETRY_COUNT}" | |
echo "Container not running! Retry number ${RETRY_COUNT}" | |
if [ "${RETRY_COUNT}" == "5" ]; then | |
exit 1 | |
fi |
What you want to do is exit this process on the fifth time this fails to run. Otherwise the for-loop ends and the script continues on and will fail a bit later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it correct that 5 would be a string in bash syntax?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, a little research and I see that bash variables are untyped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, for safety its best to quote everything and treat it as a string. Depending on your version of bash the number might be interpreted as a number or a string, which is not great for us.
echo | ||
echo "Mounting the project directory for scanning:" | ||
docker run -d -p 3310:3310 -v "${DIR}:${MOUNT_DIR}" --name "${CONTAINER_NAME}" "${DOCKER_IMAGE}" | ||
if ! docker inspect -f '{{.State.Running}}' "${CONTAINER_NAME}"; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Turns out this returns the string true
or false
and not an exit code. So here's an update:
if ! docker inspect -f '{{.State.Running}}' "${CONTAINER_NAME}"; then | |
if [ "$(docker inspect -f '{{.State.Running}}' "${CONTAINER_NAME}")" == "false" ] ; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kimallen - this is great work but the more I look into this the more I see some fundamental issues with the script itself. I'm going to see if I can't figure out what's going on there before I send you more comments.
Looks like the warning about "OUTDATED!" has been reported: mko-x/docker-clamav#39 The probably is upstream from the container maintainer so it may require more effort. But our virus definitions should all be up to date when this runs, which ought to mean we're ok. |
Description
Adds a retry in the antivirus script in case definitions not available on clamav. Retries 5 times before failure.
Reviewer Notes
Wondering if the loop should include more (like cleaning up containers and files). Also whether another check should be added for
docker exec -it "${CONTAINER_NAME}" chown clamav:clamav "/store/${WHITELIST}"
Setup
run antivirus locally with
make antivirus
Code Review Verification Steps
References