ClamAV is an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats. It is used in a variety of situations including file scanning, email scanning, web scanning and end point security.
This feature is installed on all nais clusters. clamAV runs in its own pod with a separate pod running the REST api applications use. There is a service set up so all applications will be able to talk to the REST api using http://clamav.nais-system.svc.nais.local/scan. The REST api supports PUT or POST and can be tested using curl as well:
ClamAV has a REST API applications can use for scanning files and urls.
The REST API has one endpoint
/scan that supports PUT or POST with form-data. It can be tested using curl as well:
# Example curl -v -X POST -H "Content-Type: multipart/form-data" -F "file1=@/tmp/file_to_test" http://clamav.nais-system.svc.cluster.local/scan curl -v -X PUT --data-binary @/tmp/file_to_test http://clamav.nais-system.svc.nais.local/scan curl -v http://clamav.nais-system.svc.cluster.local/scan?url=url_to_file
See ClamAV documentation and ClamAV REST API for more information.
When using ClamAV on GCP, remember to add an outbound access policy:
apiVersion: "nais.io/v1alpha1" kind: "Application" metadata: name: myapp ... spec: ... accessPolicy: outbound: rules: - application: clamav namespace: nais-system
If you have any questions about clamAV please contact the nais team on the #nais slack channel or contact @Sten.Ivar.Røkke.
Code example can be found here: foreldrepenger-api pale-2