I used this repository to deploy an ClamAv server in Kubernetes. Now I need to connect ClamAv with Mattermost for using the Antivirus plugin. I just need to configure the host and port number from ClamAv in Mattermost, but I’m doing something wrong here I think.
I was wondering how I can expose an clamd pod the right way for Mattermost. I created an deployment file for the ClamAv server like this:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: clamav
data:
clamd.conf: |
Foreground yes
Debug no
LeaveTemporaryFiles no
LogFile /dev/stdout
LogFileMaxSize 0
LogTime yes
LogClean no
TCPSocket 3310
TCPAddr 0.0.0.0
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/host/proc/
ExcludePath ^/host/sys/
MaxDirectoryRecursion 64
FollowDirectorySymlinks no
FollowFileSymlinks no
CrossFilesystems no
AllowAllMatchScan no
HeuristicAlerts no
HeuristicScanPrecedence no
ScanELF yes
ScanPDF yes
ScanSWF yes
ScanXMLDOCS yes
ScanArchive yes
freshclam.conf: |
Foreground yes
DatabaseDirectory /var/lib/clamav
UpdateLogFile /dev/stdout
Debug no
LogFileMaxSize 0
LogTime yes
DatabaseOwner root
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
MaxAttempts 3
ScriptedUpdates yes
CompressLocalDatabase no
TestDatabases yes
SafeBrowsing no
Bytecode no
Checks 12
NotifyClamd /etc/clamav/clamd.conf
ConnectTimeout 30
ReceiveTimeout 60
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: clamd
spec:
selector:
matchLabels:
aikido: clamd
template:
metadata:
labels:
aikido: clamd
spec:
volumes:
- name: host
hostPath:
path: /
- name: clamdb
emptyDir:
- name: etc
configMap:
name: clamav
initContainers:
- name: init
image: filefrog/clamav:latest
imagePullPolicy: Always
command:
- /clamav
- seed
volumeMounts:
- name: etc
mountPath: /etc/clamav
readOnly: yes
- name: clamdb
mountPath: /var/lib/clamav
readOnly: no
containers:
- name: clamd
image: filefrog/clamav:latest
imagePullPolicy: Always
command:
- /clamav
- clamd
readinessProbe:
periodSeconds: 3
tcpSocket:
port: 3310
volumeMounts:
- name: etc
mountPath: /etc/clamav
readOnly: yes
- name: host
mountPath: /host
readOnly: yes
- name: clamdb
mountPath: /var/lib/clamav
readOnly: yes
- name: freshclam
image: filefrog/clamav:latest
imagePullPolicy: Always
command:
- /clamav
- freshclam
volumeMounts:
- name: etc
mountPath: /etc/clamav
readOnly: yes
- name: clamdb
mountPath: /var/lib/clamav
readOnly: no
To expose the pod locally I runned the command: kubectl -n ind-iv port-forward pod/clamd-2f58r 3310:3310. Afterwards I connected to localhost:3031 with telnet and scanned a file by running the command SCAN /var/lib/eicar/eicar.com.
The fake malware file was detected:
clamd Wed Nov 24 17:07:20 2021 -> /var/lib/eicar/eicar.com: Win.Test.EICAR_HDB-1 FOUND
clamd Wed Nov 24 17:07:20 2021 -> ~/var/lib/eicar/eicar.com: Win.Test.EICAR_HDB-1 FOUND
But the configuration in Mattermost for the Antivirus plugin is still not right I think, since I’m getting the error Unable to upload file fake-malware.txt. Rejected by plugin: File Scanning Server unreachable, contact your Mattermost administrator for assistance. when uploading a fake malware file. In the configuration of Mattermost I filled in localhost:3310, the same I used for telnet. It’s also not possible to reach localhost:3310 from my browser, so am I doing something wrong here?
