truenas · stavros-k · May 9, 2023 · Apr 18, 2023 · Apr 18, 2023 · Apr 18, 2023
diff --git a/library/ix-dev/community/clamav/Chart.lock b/library/ix-dev/community/clamav/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../../../common
+  version: 1.0.6
+digest: sha256:2f1f31c15fb7f92db141a66adbb8d23a8598727730050a3883a211763a4e5472
+generated: "2023-04-28T16:05:12.034666174+03:00"
diff --git a/library/ix-dev/community/clamav/Chart.yaml b/library/ix-dev/community/clamav/Chart.yaml
@@ -0,0 +1,26 @@
+name: clamav
+description: ClamAV is an open source (GPLv2) anti-virus toolkit.
+annotations:
+  title: Clam AV
+type: application
+version: 1.0.0
+apiVersion: v2
+appVersion: '1.0.1'
+kubeVersion: '>=1.16.0-0'
+maintainers:
+  - name: truenas
+    url: https://www.truenas.com/
+    email: [email protected]
+dependencies:
+  - name: common
+    repository: file://../../../common
+    version: 1.0.6
+home: https://www.clamav.net/
+icon: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png
+sources:
+  - https://docs.clamav.net/
+  - https://github.com/truenas/charts/tree/master/community/clamav
+  - https://www.clamav.net/
+keywords:
+  - anti-virus
+  - clamav
diff --git a/library/ix-dev/community/clamav/README.md b/library/ix-dev/community/clamav/README.md
@@ -0,0 +1,5 @@
+# ClamAV
+
+[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
+
+- App runs as `root` user
diff --git a/library/ix-dev/community/clamav/app-readme.md b/library/ix-dev/community/clamav/app-readme.md
@@ -0,0 +1,5 @@
+# ClamAV
+
+[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
+
+- App runs as `root` user
diff --git a/library/ix-dev/community/clamav/charts/common-1.0.6.tgz b/library/ix-dev/community/clamav/charts/common-1.0.6.tgz
diff --git a/library/ix-dev/community/clamav/ci/basic-values.yaml b/library/ix-dev/community/clamav/ci/basic-values.yaml
@@ -0,0 +1,7 @@
+clamavStorage:
+  sigdb:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/sig-db
+  scandir:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/scan-dir
diff --git a/library/ix-dev/community/clamav/ci/milterd-values.yaml b/library/ix-dev/community/clamav/ci/milterd-values.yaml
@@ -0,0 +1,10 @@
+clamavStorage:
+  sigdb:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/sig-db
+  scandir:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/scan-dir
+
+clamavConfig:
+  disableMilterd: false
diff --git a/library/ix-dev/community/clamav/ci/no-clamd-values.yaml b/library/ix-dev/community/clamav/ci/no-clamd-values.yaml
@@ -0,0 +1,10 @@
+clamavStorage:
+  sigdb:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/sig-db
+  scandir:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/scan-dir
+
+clamavConfig:
+  disableClamd: true
diff --git a/library/ix-dev/community/clamav/ci/no-freshclamd-values.yaml b/library/ix-dev/community/clamav/ci/no-freshclamd-values.yaml
@@ -0,0 +1,10 @@
+clamavStorage:
+  sigdb:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/sig-db
+  scandir:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/scan-dir
+
+clamavConfig:
+  disableFreshClamd: true
diff --git a/library/ix-dev/community/clamav/item.yaml b/library/ix-dev/community/clamav/item.yaml
@@ -0,0 +1,4 @@
+icon_url: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png
+categories:
+  - anti-virus
+  - clamav
diff --git a/library/ix-dev/community/clamav/metadata.yaml b/library/ix-dev/community/clamav/metadata.yaml
@@ -0,0 +1,18 @@
+runAsContext:
+  - userName: root
+    groupName: root
+    gid: 0
+    uid: 0
+    description: ClamAV runs as root user.
+capabilities:
+  - name: CHOWN
+    description: ClamAV is able to chown files.
+  - name: FOWNER
+    description: ClamAV is able bypass permission checks for it's sub-processes.
+  - name: DAC_OVERRIDE
+    description: ClamAV is able to bypass permission checks.
+  - name: SETGID
+    description: ClamAV is able to set group ID for it's sub-processes.
+  - name: SETUID
+    description: ClamAV is able to set user ID for it's sub-processes.
+hostMounts: []
diff --git a/library/ix-dev/community/clamav/questions.yaml b/library/ix-dev/community/clamav/questions.yaml
@@ -0,0 +1,208 @@
+groups:
+  - name: ClamAV Configuration
+    description: Configure ClamAV
+  - name: Network Configuration
+    description: Configure Network for ClamAV
+  - name: Storage Configuration
+    description: Configure Storage for ClamAV
+  - name: Resources Configuration
+    description: Configure Resources for ClamAV
+
+questions:
+
+  - variable: clamavConfig
+    label: ""
+    group: ClamAV Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: disableClamd
+          label: Disable ClamD
+          description: Do not start Clam daemon
+          schema:
+            type: boolean
+            default: false
+        - variable: disableFreshClamd
+          label: Disable FreshClamD
+          description: Do not start the FreshClam daemon
+          schema:
+            type: boolean
+            default: false
+        - variable: disableMilterd
+          label: Disable MilterD
+          description: Do not start the ClamAV-Milter daemon
+          schema:
+            type: boolean
+            default: true
+        - variable: clamdStartupTimeout
+          label: ClamD Startup Timeout
+          description: Seconds to wait for ClamD to start
+          schema:
+            type: int
+            default: 1800
+            required: true
+        - variable: freshclamChecks
+          label: Fresh Clam Checks
+          description: Times to check per day for a new database.
+          schema:
+            type: int
+            default: 1
+            min: 1
+            max: 50
+            required: true
+        - variable: additionalEnvs
+          label: Additional Environment Variables
+          description: Configure additional environment variables for ClamAV.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: env
+                label: Environment Variable
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: value
+                      label: Value
+                      schema:
+                        type: string
+                        required: true
+
+  - variable: clamavNetwork
+    label: ""
+    group: Network Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: clamdPort
+          label: ClamD Port
+          description: The port for the ClamAV ClamD
+          schema:
+            type: int
+            default: 30000
+            min: 9000
+            max: 65535
+            required: true
+        - variable: milterdPort
+          label: MilterD Port
+          description: The port for the ClamAV MilterD
+          schema:
+            type: int
+            default: 30001
+            min: 9000
+            max: 65535
+            required: true
+
+  - variable: clamavStorage
+    label: ""
+    group: Storage Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: sigdb
+          label: ClamAV Signature Database Storage
+          description: The path to store ClamAV Signature Database.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: ixVolume
+                  enum:
+                    - value: hostPath
+                      description: Host Path (Path that already exists on the system)
+                    - value: ixVolume
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: sig-db
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+        - variable: scandir
+          label: ClamAV Scan Storage
+          description: The path to store ClamAV Scan storage.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: ixVolume
+                  enum:
+                    - value: hostPath
+                      description: Host Path (Path that already exists on the system)
+                    - value: ixVolume
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: scan-dir
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+
+  - variable: resources
+    label: ""
+    group: Resources Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: limits
+          label: Limits
+          schema:
+            type: dict
+            attrs:
+              - variable: cpu
+                label: CPU
+                description: CPU limit for ClamAV.
+                schema:
+                  type: string
+                  default: 4000m
+                  required: true
+              - variable: memory
+                label: Memory
+                description: Memory limit for ClamAV.
+                schema:
+                  type: string
+                  default: 8Gi
+                  required: true
diff --git a/library/ix-dev/community/clamav/templates/NOTES.txt b/library/ix-dev/community/clamav/templates/NOTES.txt
@@ -0,0 +1 @@
+{{ include "ix.v1.common.lib.chart.notes" $ }}