Creating an Azure AntiVirus Scanner – Part 1

Creating an Azure AntiVirus Scanner – Part 1

Getting an antivirus service in a docker container up and running locally (on windows)

The User Story: I want to be able to tell if a document uploaded to a site is free from malware or viruses.

TLDR: ClamAV + Docker + VSCode + Windows = Local File Scanner

Now, surely, I hear to say, there must be a service within Azure that can help with this problem?  Well sort of, you can spin up a VM and take advantage of Windows Defender or whatever you choose to install on it but Virtual Machines are so last decade.  For me VMs bring with them additional overheads such as patching and security that I don’t want to have to deal with (plus I could figure out a way of automating Defender with powershell).  Ideally there would be some kind of service that could be invoked on blob storage but alas this doesn’t seem like it will happen (see here)

A quick search brings you to ClamAV, this seems to be the mulitplatform OSS anti-virus solution of choice.

With ClamAV you can install it as a windows service but as with a lot of Open Source software windows doesn’t feel like the primary OS so that creates another problem.  I have dabbled in Linux in the past and have a few custom Python scripts running on a NAS but I don’t use it on a day-to-day basis so am a little rusty.

Another quick search brings you to a ready-made docker container project created by the UK Home Office.  Up until this point I had not played with docker but understand the potential, plus it what all the “cool kids” are talking about at conferences so it much be worth a look, right?

Lets get a dev machine set up, I am running this on a Windows 10 machine so we are going to need a couple of tool…

VS Code – Ordinarily I would use full-fat Visual Studio for development but you are going to be using a terminal which it has built in.  Plus the docker extension is a must.
Docker for windows – This sets up your machine so that it can run containers.  (It is important once this is installed to enable the shared drive otherwise you will run into an issue)

open vs code and press F1 to bring up the command prompt to clone the repo…

Git: Clone
https://github.com/UKHomeOffice/docker-clamav.git

then select the local folder to clone the repo to.
Once cloned you will be prompted to open the repo.
Now the first gotcha, vscode by default opens everything with CRLF line endings, docker doesn’t seem to like these so you will need to convert the following files to LF.  (The easiest way to do that in VSCode is to open the files, hit F1 and type “Change End of Line Sequence” , make sure you save the files after changing)

  • DockerFile
  • clamd.conf
  • freshclam.conf
  • readyness.sh

Right click the Dockerfile and select “Build Image” (this is from the docker vscode extension).  You will be prompted for an image name (accept the default for now).
This will run the following command. (if you are feeling adventurous you can run this manually in a terminal window)

docker build --rm -f "Dockerfile" -t docker-clamav:latest

Now open up the docker explorer (also from the vscode extension), right click your new image and select “Run”

This will run the following command

docker run --rm -d -p 3310:3310/tcp docker-clamav:latest

You should now have a running docker container, lets confirm it’s working by attaching a shell.

A terminal windows should open, type the following command into it.

./readyness.sh

you should see the following..

In the next part we will look at deploying this to a container instance in Azure.

Advertisements

One thought on “Creating an Azure AntiVirus Scanner – Part 1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.