[ClamAV] Move to official ClamAV Docker container (#4525)

Since ClamAV starts to offer Docker containers this PR introduces said containers so we don't need to build the container on our own anymore. This was an easy task until v0.104, but then ClamAV changed its buildprocess to use cmake and with v0.105 it also needs the Rust toolchain -> https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html#ubuntu--debian

Here are the main changes for the new container

Creates clamd-db-vol-1 volume
Still uses the same config files
Downloads ClamAV databases in said volume
Smaller container footprint 13MB vs 150MB

---

* [ClamAV] Move to official ClamAV Docker container

* [ClamAV] Remove vim + nano

* [ClamAV] Use normal version in docker-compose

data/Dockerfiles/clamd/Dockerfile

@@ -1,76 +1,15 @@
-FROM debian:bullseye-slim
+FROM clamav/clamav:0.104.2-2_base
 
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
-ARG CLAMAV=0.104.2
-ARG TINI_VERSION=v0.19.0
-
-RUN apt-get update && apt-get install -y --no-install-recommends \
-  ca-certificates \
-  build-essential \
-  pkg-config \
-  python3 \
-  python3-pip \
-  valgrind \
-  check \
-  libbz2-dev \
-  libcurl4-openssl-dev \
-  libjson-c-dev \
-  libmilter-dev \
-  libncurses5-dev \
-  libpcre2-dev \
-  libssl-dev \
-  libxml2-dev \
-  zlib1g-dev \
-  curl \
-  bash \
-  wget \
-  tzdata \
-  dnsutils \
+RUN apk upgrade --no-cache \
+  && apk add --update --no-cache \
   rsync \
-  dos2unix \
-  netcat \
-  && python3 -m pip install cmake \
-  && rm -rf /var/lib/apt/lists/* \
-  && wget -O - https://www.clamav.net/downloads/production/clamav-${CLAMAV}.tar.gz | tar xfvz - \
-  && cd clamav-${CLAMAV} \
-  && cmake . \
-      -D CMAKE_INSTALL_PREFIX=/usr \
-      -D CMAKE_INSTALL_LIBDIR=/usr/lib \
-      -D APP_CONFIG_DIRECTORY=/etc/clamav \
-      -D CMAKE_INSTALL_MANDIR=/usr/share/man \
-      -D CMAKE_INSTALL_INFODIR=/usr/share/info \
-      -D CLAMAV_USER=clamav \
-      -D CLAMAV_GROUP=clamav \
-      -D DATABASE_DIRECTORY=/var/lib/clamav \
-      -D ENABLE_APP=ON \
-      -D ENABLE_JSON_SHARED=OFF \
-      -D CMAKE_BUILD_TYPE=MinSizeRel \
-  && cmake --build . -j4 \
-  && cmake --build . --target install \
-  && cd .. && rm -rf clamav-${CLAMAV} \
-  && apt-get -y --auto-remove purge build-essential \
-  && apt-get -y purge pkg-config \
-  python3 \
-  python3-pip \
-  valgrind \
-  check \
-  libbz2-dev \
-  libcurl4-openssl-dev \
-  libjson-c-dev \
-  libmilter-dev \
-  libncurses5-dev \
-  libpcre2-dev \
-  libssl-dev \
-  libxml2-dev \
-  zlib1g-dev \
-
-  && addgroup --system --gid 700 clamav \
-  && adduser --system --no-create-home --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \
-  && rm -rf /tmp/* /var/tmp/*
+  bind-tools \
+  bash 
 
 COPY clamd.sh ./
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
 RUN chmod +x /sbin/tini
 
-CMD ["/sbin/tini", "-g", "--", "/clamd.sh"]
+ENTRYPOINT []
+CMD ["/sbin/tini", "-g", "--", "/clamd.sh"]

data/Dockerfiles/clamd/clamd.sh

@@ -14,10 +14,10 @@ rm -rf /var/lib/clamav/clamav-*.tmp
 
 mkdir -p /run/clamav /var/lib/clamav
 
-if [[ -s /etc/clamav/whitelist.ign2 ]]; then
-  echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
-  cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
-fi
+#if [[ -s /etc/clamav/whitelist.ign2 ]]; then
+#  echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
+#  cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
+#fi
 
 if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
   echo "Creating /var/lib/clamav/whitelist.ign2"

docker-compose.yml

@@ -58,7 +58,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.44
+      image: mailcow/clamd:1.50
       restart: always
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
@@ -67,6 +67,7 @@ services:
         - SKIP_CLAMD=${SKIP_CLAMD:-n}
       volumes:
         - ./data/conf/clamav/:/etc/clamav/:Z
+        - clamd-db-vol-1:/var/lib/clamav:z
       networks:
         mailcow-network:
           aliases:
@@ -631,3 +632,4 @@ volumes:
   crypt-vol-1:
   sogo-web-vol-1:
   sogo-userdata-backup-vol-1:
+  clamd-db-vol-1: