Conditionally enable/disable ClamAV

dd-apps/docker/clamav/clamav.disabled.yml

@@ -0,0 +1,2 @@
+# Dummy file for a disabled ClamAV
+version: '3.7'

dd-ctl

@@ -207,6 +207,14 @@ build_compose(){
 	setconf HAPROXY_CFG "${HAPROXY_CFG}"
 	setconf HAPROXY_CFG "${HAPROXY_CFG}" .env
 
+	# Enable or disable ClamAV
+	if [ "${DISABLE_CLAMAV:-true}" = "true" ]; then
+		# Current default (might change)
+		CLAMAV_YML="clamav.disabled.yml"
+	else
+		CLAMAV_YML="clamav.yml"
+	fi
+
 	## Prepare apps environment
 	ln -sf "${CUSTOM_PATH}/.env" dd-apps/.env
 	ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/postgresql && \
@@ -246,7 +254,7 @@ build_compose(){
 			-f dd-apps/docker/redis/redis.yml \
 			-f dd-apps/docker/postgresql/postgresql.yml \
 			-f dd-apps/docker/mariadb/mariadb.yml \
-			-f dd-apps/docker/clamav/clamav.yml \
+			-f dd-apps/docker/clamav/${CLAMAV_YML} \
 			-f dd-apps/docker/network.yml \
 			config > docker-compose.yml
 }
@@ -331,12 +339,21 @@ setup_nextcloud(){
 	done
 
 	# Install and enable NextCloud apps
-	for app in bruteforcesettings polls calendar spreed bbb mail ownpad onlyoffice files_antivirus; do
+	for app in bruteforcesettings polls calendar spreed bbb mail ownpad onlyoffice; do
 		docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
 		php occ --no-warnings app:install "${app}"
 		php occ --no-warnings app:enable "${app}"
 		EOF
 	done
+
+	# Install ClamAV conditionally
+	if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then
+		docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
+		php occ --no-warnings app:install files_antivirus
+		php occ --no-warnings app:enable files_antivirus
+		EOF
+	fi
+
 	# Disable in Nextcloud
 	# shellcheck disable=SC2043  # We currently only force-disable one app
 	for app in circles; do
@@ -422,15 +439,17 @@ setup_nextcloud(){
 
 	EOF
 
-	# ClamAV
+	# Configure ClamAV conditionally
-	docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
+	if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then
-	php occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon"
+		docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
-	php occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav"
+		php occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon"
-	php occ --no-warnings config:app:set -n files_antivirus av_port --value="3310"
+		php occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav"
-	php occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log"
+		php occ --no-warnings config:app:set -n files_antivirus av_port --value="3310"
-	php occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400"
+		php occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log"
-	php occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1"
+		php occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400"
-	EOF
+		php occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1"
+		EOF
+	fi
 
 	# Allow nextcloud into other apps iframes
 	# Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN;

dd.conf.sample

@@ -202,6 +202,7 @@ POSTGRESQL_IMG=postgres:14.1-alpine3.15
 
 ## CLAMAV
 #CLAMAV_IMG=clamav/clamav:0.105.1-7
+#DISABLE_CLAMAV=true
 
 ## Network settings
 #NETWORK_MTU=1500