Conditionally enable/disable ClamAV

GON-3874-DD-moodle
Roger Garcia 2022-11-24 16:04:08 +01:00 committed by Evilham
parent 07913ff7f8
commit 4de82fc041
No known key found for this signature in database
GPG Key ID: AE3EE30D970886BF
3 changed files with 33 additions and 11 deletions

View File

@ -0,0 +1,2 @@
# Dummy file for a disabled ClamAV
version: '3.7'

41
dd-ctl
View File

@ -207,6 +207,14 @@ build_compose(){
setconf HAPROXY_CFG "${HAPROXY_CFG}"
setconf HAPROXY_CFG "${HAPROXY_CFG}" .env
# Enable or disable ClamAV
if [ "${DISABLE_CLAMAV:-true}" = "true" ]; then
# Current default (might change)
CLAMAV_YML="clamav.disabled.yml"
else
CLAMAV_YML="clamav.yml"
fi
## Prepare apps environment
ln -sf "${CUSTOM_PATH}/.env" dd-apps/.env
ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/postgresql && \
@ -246,7 +254,7 @@ build_compose(){
-f dd-apps/docker/redis/redis.yml \
-f dd-apps/docker/postgresql/postgresql.yml \
-f dd-apps/docker/mariadb/mariadb.yml \
-f dd-apps/docker/clamav/clamav.yml \
-f dd-apps/docker/clamav/${CLAMAV_YML} \
-f dd-apps/docker/network.yml \
config > docker-compose.yml
}
@ -331,12 +339,21 @@ setup_nextcloud(){
done
# Install and enable NextCloud apps
for app in bruteforcesettings polls calendar spreed bbb mail ownpad onlyoffice files_antivirus; do
for app in bruteforcesettings polls calendar spreed bbb mail ownpad onlyoffice; do
docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
php occ --no-warnings app:install "${app}"
php occ --no-warnings app:enable "${app}"
EOF
done
# Install ClamAV conditionally
if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then
docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
php occ --no-warnings app:install files_antivirus
php occ --no-warnings app:enable files_antivirus
EOF
fi
# Disable in Nextcloud
# shellcheck disable=SC2043 # We currently only force-disable one app
for app in circles; do
@ -422,15 +439,17 @@ setup_nextcloud(){
EOF
# ClamAV
docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
php occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon"
php occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav"
php occ --no-warnings config:app:set -n files_antivirus av_port --value="3310"
php occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log"
php occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400"
php occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1"
EOF
# Configure ClamAV conditionally
if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then
docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF
php occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon"
php occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav"
php occ --no-warnings config:app:set -n files_antivirus av_port --value="3310"
php occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log"
php occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400"
php occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1"
EOF
fi
# Allow nextcloud into other apps iframes
# Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN;

View File

@ -202,6 +202,7 @@ POSTGRESQL_IMG=postgres:14.1-alpine3.15
## CLAMAV
#CLAMAV_IMG=clamav/clamav:0.105.1-7
#DISABLE_CLAMAV=true
## Network settings
#NETWORK_MTU=1500