0

我正在尝试构建一个在 squid 代理上运行的 ClamAV 恶意软件扫描程序 docker 映像,我得到了

!NotifyClamd:无法在 127.0.0.1:3310 上连接到 clamd:连接被拒绝和错误:在 TCPConnectWrap.afterConnect [as oncomplete] 处连接 ECONNREFUSED 127.0.0.1:3310 (node:net:1158:16) { errno: -111 ,代码:'ECONNREFUSED',系统调用:'connect',地址:'127.0.0.1',端口:3310 }

停止 ClamAV 守护进程:clamd. 在 /var/lib/clamav 中找不到 Clamav 签名...失败!请使用freshclam 检索它们...失败!然后运行'invoke-rc.d clamav-daemon start' ...失败!

这是我的 dockerfile :


FROM node:17.6.0-bullseye-slim
# Set versions
ENV CLOUD_SDK_VERSION=372.0.0
# Install base packages 
ENV PATH $PATH:/usr/local/gcloud/google-cloud-sdk/bin
RUN apt-get update && \
    apt-get install -y build-essential clamav-daemon clamav-freshclam curl python3 sudo && \
    rm -rf /var/lib/apt/lists/* && \
    mkdir -p /usr/local/gcloud && \
    curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
    tar -C /usr/local/gcloud -xvf google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
    rm google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
    ln -s /lib /lib64 && \
    gcloud config set core/disable_usage_reporting true && \
    gcloud config set component_manager/disable_update_check true && \
    mkdir -p /home/node/app && \
    chown -R node:node /home/node/app && \
    chmod 777 /var/log/clamav/freshclam.log && \
    chmod 777 /var/lib/clamav && \
    echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    echo "TCPAddr 127.0.0.1" >> /etc/clamav/clamd.conf && \
    echo "User node" >> /etc/clamav/clamd.conf && \
    echo "DatabaseOwner node" >> /etc/clamav/freshclam.conf && \
    echo "HTTPProxyServer squid-proxy.neds.local" >> /etc/clamav/freshclam.conf && \
    echo "HTTPProxyPort 3128"  >> /etc/clamav/freshclam.conf && \
    echo "node ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/node
# Bring in app code
WORKDIR /home/node/app
COPY --chown=node:node . .
# Set up app
RUN npm config set python $(which python3) && \
    npm install
# Run the rest as the node user
USER 1000
CMD ["/bin/bash", "bootstrap.sh"]

这是 bootstrap.sh :

#!/bin/bash
sudo service clamav-freshclam stop && \
sudo freshclam && \
sudo service clamav-freshclam start && \
sudo service clamav-daemon force-reload && \
npm start

当我 docker 运行它或将它部署在 GKE 集群上时它失败,所需的所有 ips 都在 squid 上列入白名单

4

0 回答 0