diff --git a/dd-apps/docker/clamav/clamav.disabled.yml b/dd-apps/docker/clamav/clamav.disabled.yml new file mode 100644 index 0000000..58959f9 --- /dev/null +++ b/dd-apps/docker/clamav/clamav.disabled.yml @@ -0,0 +1,2 @@ +# Dummy file for a disabled ClamAV +version: '3.7' diff --git a/dd-ctl b/dd-ctl index d3cbb7b..6c9fbec 100755 --- a/dd-ctl +++ b/dd-ctl @@ -207,6 +207,14 @@ build_compose(){ setconf HAPROXY_CFG "${HAPROXY_CFG}" setconf HAPROXY_CFG "${HAPROXY_CFG}" .env + # Enable or disable ClamAV + if [ "${DISABLE_CLAMAV:-true}" = "true" ]; then + # Current default (might change) + CLAMAV_YML="clamav.disabled.yml" + else + CLAMAV_YML="clamav.yml" + fi + ## Prepare apps environment ln -sf "${CUSTOM_PATH}/.env" dd-apps/.env ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/postgresql && \ @@ -246,7 +254,7 @@ build_compose(){ -f dd-apps/docker/redis/redis.yml \ -f dd-apps/docker/postgresql/postgresql.yml \ -f dd-apps/docker/mariadb/mariadb.yml \ - -f dd-apps/docker/clamav/clamav.yml \ + -f dd-apps/docker/clamav/${CLAMAV_YML} \ -f dd-apps/docker/network.yml \ config > docker-compose.yml } @@ -331,12 +339,21 @@ setup_nextcloud(){ done # Install and enable NextCloud apps - for app in bruteforcesettings polls calendar spreed bbb mail ownpad onlyoffice files_antivirus; do + for app in bruteforcesettings polls calendar spreed bbb mail ownpad onlyoffice; do docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF php occ --no-warnings app:install "${app}" php occ --no-warnings app:enable "${app}" EOF done + + # Install ClamAV conditionally + if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then + docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF + php occ --no-warnings app:install files_antivirus + php occ --no-warnings app:enable files_antivirus + EOF + fi + # Disable in Nextcloud # shellcheck disable=SC2043 # We currently only force-disable one app for app in circles; do @@ -422,15 +439,17 @@ setup_nextcloud(){ EOF - # ClamAV - docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF - php occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon" - php occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav" - php occ --no-warnings config:app:set -n files_antivirus av_port --value="3310" - php occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log" - php occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400" - php occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1" - EOF + # Configure ClamAV conditionally + if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then + docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF + php occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon" + php occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav" + php occ --no-warnings config:app:set -n files_antivirus av_port --value="3310" + php occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log" + php occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400" + php occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1" + EOF + fi # Allow nextcloud into other apps iframes # Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN; diff --git a/dd.conf.sample b/dd.conf.sample index c805d0e..ef550ea 100644 --- a/dd.conf.sample +++ b/dd.conf.sample @@ -202,6 +202,7 @@ POSTGRESQL_IMG=postgres:14.1-alpine3.15 ## CLAMAV #CLAMAV_IMG=clamav/clamav:0.105.1-7 +#DISABLE_CLAMAV=true ## Network settings #NETWORK_MTU=1500