DEV Community

Cover image for Implement a antivirus clamav scanner with rest api in dokku
Andres 🐍 in πŸ‡¨πŸ‡¦
Andres 🐍 in πŸ‡¨πŸ‡¦

Posted on

6 1

Implement a antivirus clamav scanner with rest api in dokku

At work, I had the need of implement a virus scanner for all files uploaded to the server.

Well lets give a chance the clamav a deamon virus scanner opensource.

I found a project what implement a rest api very easy!

https://github.com/benzino77/clamav-rest-api/

I run the docker compose of the proyect and works like charm!

It use clamav in a docker container, an a api rest application to scan the file, using a network connector.

I'm not a big fan of docker, for run the docker project by hand, but dokku handle very well and can manage (deploy, maintain, etc) very well without effort.

With the good advice of the core developer from dokku. I can implement very fast the solution in dokku.

Then let's jump in....

                                                                        β”Œβ”€β”€β”€β”€β”€β”€β”
                                                                        β”‚      β”‚
     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”                 β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”       β”‚  N   β”‚
     β”‚                   β”‚   clamav-net    β”‚                    β”‚  proxyβ”‚  G   β”‚
     β”‚ Clamav (clamd)    ◄──────────────────   Rest API  :3000  │◄───────  I   β”‚
     β”‚                   β”‚                 β”‚                    β”‚       β”‚  N   β”‚
     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                 β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜       β”‚  X   β”‚
                                                                        β”‚      β”‚
                                                                        β”‚  :443β”‚
                                                                        β”‚      β”‚
                                                                        β””β”€β”€β”€β”€β”€β”€β”˜



Enter fullscreen mode Exit fullscreen mode

Basically this is implemented by dokku..

first the nginx proxy the http request to the rest api application which is listen at :3000 in the container, to do that needs to communicate with clamd the deamon which scan the file and return the result to the apirest.

Easy right ?

My first approach to solve this is creating a plugin doing that but @savant Jose Gonzales from dokku suggest better create two dokku apps using https://dokkupose.netlify.app

The I paste the docker-compose file to the dokkupose and for my surprise it give exactly all the commands needed to deploy in dokku. Feeling like this:

black magic was generated

Then the only missing here is the network link between clamd and the rest-api. I handle it by hand.

I left you the script i made to create the solution with comments:

##
# this script born about the needs of implement a virus scanner for files using a api rest.
# then using https://github.com/benzino77/clamav-rest-api/ and https://dokkupose.netlify.app
# I create this script to deploy the api rest
##
### dokku apps:destroy clamav-service && dokku apps:destroy clamav-apirest && dokku network:destroy clamav-net
# Let's create a network bridge to communicate
dokku apps:create clamav-service
dokku apps:create clamav-restapi
# network configuration
dokku network:create clamav-net
# attach the network to the cointainers
dokku network:set clamav-service attach-post-create clamav-net
dokku network:set clamav-restapi attach-post-create lamav-net
# doing this i have acces from clamav-restapi to clamav-service throught clamav-service.web
# for not expose the ports through nginx
dokku config:set --no-restart clamav-service DOKKU_DISABLE_PROXY=1
dokku git:from-image clamav-service clamav/clamav:0.104
# check if get working
sleep 5
nc -vz $(dokku network:report clamav-service --network-web-listeners | tr ':' ' ')
# then it is working now install the restapi
# clamav-restapi
dokku apps:create clamav-restapi
# configure ports of clamav-restapi
dokku config:set --no-restart clamav-restapi DOKKU_DOCKERFILE_PORTS="3000/tcp"
dokku config:set --no-restart clamav-restapi DOKKU_PROXY_PORT_MAP="http:80:3000"
dokku config:set --no-restart clamav-restapi DOKKU_LETSENCRYPT_EMAIL="myemail@email.com"
dokku config:set --no-restart clamav-restapi NODE_ENV="production"
# using the network reference
dokku config:set --no-restart clamav-restapi CLAMD_IP=clamav-service.web
dokku config:set --no-restart clamav-restapi APP_FORM_KEY="FILES"
dokku config:set --no-restart clamav-restapi APP_PORT="3000"
#show the env vars
dokku config:show clamav-restapi
# assign image to clamav-restapi
dokku git:from-image clamav-restapi benzino77/clamav-rest-api
# configure ssl for the domain
dokku letsencrypt:enable clamav-restapi
# lets rock!
curl -s $(dokku url clamav-restapi)/api/v1/version | python3 -m json.tool
# secure the application
dokku plugin:install https://github.com/dokku/dokku-http-auth.git
export RANDOM_PASSWORD=$(date | md5sum | awk '{print $1}')
dokku http-auth:enable clamav-restapi app $RANDOM_PASSWORD
curl -s -u app:$RANDOM_PASSWORD $(dokku url clamav-restapi)/api/v1/version | python3 -m json.tool
{
"success": true,
"data": {
"version": "ClamAV 0.104.3/26595/Wed Jul 6 07:53:23 2022\n"
}
}
echo "your password is $RANDOM_PASSWORD"
view raw run.bash hosted with ❀ by GitHub

Question?

What about the signature updates ?
In container handle it by automatically and update daily

you don't know about dokku ?

GitHub logo dokku / dokku

A docker-powered PaaS that helps you build and manage the lifecycle of applications

Dokku

Build Status Ubuntu Package Arch Package Slack Group Documentation OpenCollective OpenCollective Patreon

Docker powered mini-Heroku. The smallest PaaS implementation you've ever seen.

Sponsors

Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]

OpenCollective Sponsor 0 OpenCollective Sponsor 1 OpenCollective Sponsor 2 OpenCollective Sponsor 3 OpenCollective Sponsor 4 OpenCollective Sponsor 5 OpenCollective Sponsor 6 OpenCollective Sponsor 7 OpenCollective Sponsor 8 OpenCollective Sponsor 9 OpenCollective Sponsor 10 OpenCollective Sponsor 11 OpenCollective Sponsor 12 OpenCollective Sponsor 13 OpenCollective Sponsor 14 OpenCollective Sponsor 15 OpenCollective Sponsor 6 OpenCollective Sponsor 17 OpenCollective Sponsor 18

Backers

Support us with a monthly donation and help us continue our activities. [Become a backer]

OpenCollective Backer 0 OpenCollective Backer 1 OpenCollective Backer 2 OpenCollective Backer 3 OpenCollective Backer 4 OpenCollective Backer 5 OpenCollective Backer 6 OpenCollective Backer 7 OpenCollective Backer 8 OpenCollective Backer 9 OpenCollective Backer 10 OpenCollective Backer 11 OpenCollective Backer 12 OpenCollective Backer 13 OpenCollective Backer 14 OpenCollective Backer 15 OpenCollective Backer 16 OpenCollective Backer 17 OpenCollective Backer 18 OpenCollective Backer 19 OpenCollective Backer 20 OpenCollective Backer 21 OpenCollective Backer 22 OpenCollective Backer 23 OpenCollective Backer 24 OpenCollective Backer 25 OpenCollective Backer 26 OpenCollective Backer 27 OpenCollective Backer 28 OpenCollective Backer 29

Requirements

A fresh VM running any of the following operating systems:

  • Ubuntu 20.04 / 22.04 / 24.04 (amd64/arm64) - Any currently supported release
  • Debian 11+ (amd64/arm64)

An SSH keypair that can be used for application deployment. If this exists before installation, it will be automatically imported into dokku. Otherwise, you will need to import the keypair manually after installation using dokku ssh-keys:add.

Installation

To install the latest stable release, run the following commands as a user who has access to sudo:

wget -NP . https://dokku.com/install/v0.35.5/bootstrap.sh
sudo DOKKU_TAG=v0.35.5 bash bootstrap.sh
Enter fullscreen mode Exit fullscreen mode

You can then proceed to configure…

It's like heroku but selfhosted.

πŸ‘‹ While you are here

Reinvent your career. Join DEV.

It takes one minute and is worth it for your career.

Get started

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

πŸ‘‹ Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Communityβ€”every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple β€œthank you” goes a long wayβ€”express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay