我是 docker 和 clamav 的初学者。如果我描述的方式有任何不合理之处,请提前抱歉。
我已经使用 Maven 和 Docker 容器工具链构建了一个 docker 映像,并将该映像推送到 Google Artifact Registry。然后将其部署到 gcloud run。其目的是使用 clamav 病毒扫描程序来扫描上传到“uploaded-files”存储桶中的文件。当我在本地运行 docker 映像时,我的日志最终看起来像这样
Testing database: '/var/lib/clamav/tmp.ea3d86d12f/clamav-2a387e979c4310f2be4f06188176705f.tmp-daily.cld' ...
Socket for clamd not found yet, retrying (55/1800) ...Database test passed.
daily.cld updated (version: 26940, sigs: 2037113, f-level: 90, builder: raynman)
Socket for clamd not found yet, retrying (56/1800) ...main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
WARNING: Clamd was NOT notified: Can't connect to clamd through /tmp/clamd.sock: No such file or directory
Socket for clamd not found yet, retrying (99/1800) ...Thu Jun 15 15:47:53 2023 -> Limits: Global time limit set to 120000 milliseconds.
Thu Jun 15 15:47:53 2023 -> Limits: Global size limit set to 419430400 bytes.
Thu Jun 15 15:47:53 2023 -> Limits: File size limit set to 104857600 bytes.
Thu Jun 15 15:47:53 2023 -> Limits: Recursion level limit set to 17.
Thu Jun 15 15:47:53 2023 -> Limits: Files limit set to 10000.
Thu Jun 15 15:47:53 2023 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Thu Jun 15 15:47:53 2023 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Thu Jun 15 15:47:53 2023 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Thu Jun 15 15:47:53 2023 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Thu Jun 15 15:47:53 2023 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Thu Jun 15 15:47:53 2023 -> Limits: MaxPartitions limit set to 50.
Thu Jun 15 15:47:53 2023 -> Limits: MaxIconsPE limit set to 100.
Thu Jun 15 15:47:53 2023 -> Limits: MaxRecHWP3 limit set to 16.
Thu Jun 15 15:47:53 2023 -> Limits: PCREMatchLimit limit set to 100000.
Thu Jun 15 15:47:53 2023 -> Limits: PCRERecMatchLimit limit set to 2000.
Thu Jun 15 15:47:53 2023 -> Limits: PCREMaxFileSize limit set to 104857600.
Thu Jun 15 15:47:53 2023 -> Archive support enabled.
Thu Jun 15 15:47:53 2023 -> AlertExceedsMax heuristic detection disabled.
Thu Jun 15 15:47:53 2023 -> Heuristic alerts enabled.
Thu Jun 15 15:47:53 2023 -> Portable Executable support enabled.
Thu Jun 15 15:47:53 2023 -> ELF support enabled.
Thu Jun 15 15:47:53 2023 -> Mail files support enabled.
Thu Jun 15 15:47:53 2023 -> OLE2 support enabled.
Thu Jun 15 15:47:53 2023 -> PDF support enabled.
Thu Jun 15 15:47:53 2023 -> SWF support enabled.
Thu Jun 15 15:47:53 2023 -> HTML support enabled.
Thu Jun 15 15:47:53 2023 -> XMLDOCS support enabled.
Thu Jun 15 15:47:53 2023 -> HWP3 support enabled.
Thu Jun 15 15:47:53 2023 -> Self checking every 600 seconds.
Thu Jun 15 15:47:53 2023 -> Set stacksize to 1048576
socket found, clamd started.
Thu Jun 15 16:26:07 2023 -> SelfCheck: Database status OK.
但是当图像部署到云运行中时,我无法通过
Socket for clamd not found yet, retryingSocket for clamd not found yet, retrying (35/1800) ...
2023-06-18 19:22:11.899 EDT
Socket for clamd not found yet, retrying (36/1800) ...
2023-06-18 19:22:12.398 EDT
WARNING: Download failed (28) WARNING: Message: Timeout was reached
2023-06-18 19:22:12.498 EDT
Socket for clamd not found yet, retrying (37/1800) ...WARNING: Download failed (28) WARNING: Message: Timeout was reached
2023-06-18 19:22:14.099 EDT
WARNING: downloadPatch: Can't download daily-26902.cdiff from https://database.clamav.net/daily-26902.cdiff
2023-06-18 19:22:14.198 EDT
WARNING: downloadPatch: Can't download daily-26902.cdiff from https://database.clamav.net/daily-26902.cdiff
2023-06-18 18:26:55.898 EDT
2023-06-18 19:22:16.100 EDT
Socket for clamd not found yet, retrying (38/1800) ...
2023-06-18 19:22:17.698 EDT
Socket for clamd not found yet, retrying (39/1800) ...
2023-06-18 19:22:20.098 EDT
Socket for clamd not found yet, retrying (40/1800) ...
2023-06-18 19:22:24.598 EDT
Socket for clamd not found yet, retrying (41/1800) ...
2023-06-18 19:22:27.899 EDT
Socket for clamd not found yet, retrying (42/1800) ...
2023-06-18 19:22:31.799 EDT
Socket for clamd not found yet, retrying (43/1800) ...
2023-06-18 19:22:34.098 EDT
Socket for clamd not found yet, retrying (44/1800) ...
2023-06-18 19:22:36.998 EDT
Socket for clamd not found yet, retrying (45/1800) ...
.
.
.
就这样继续下去......我尝试过使用 clamav:latest、clamav:0.104 和 clamav:1.1.0。我的 Docker 版本是
24.0.2, build cb74dfc1我的云运行部署了
gcloud run deploy "$SERVICE_NAME" \
--service-account="$SERVICE_ACCOUNT" \
--region="$CLOUDSDK_RUN_REGION" \
--platform="managed" \
--cpu="1" \
--memory="4Gi" \
--image="$CONTAINER_FQ_NAME" \
--min-instances="1" \
--max-instances="3" \
--env-vars-file="env.yaml" \
--update-secrets=ENV="$SECRET_ID:$SECRET_VERSION" \
--ingress="internal-and-cloud-load-balancing" \
--allow-unauthenticated \
--port="80"
是否需要防火墙规则来允许端口 3310 上的 clamav?这解决了我在 AWS 上的问题。我必须在端口 3310 上包含 ClamAV 的入站规则才能创建套接字文件。