Hi,
ClamAV newbie here. I'm looking into setting up a Gitlab CI runner on an
Ubuntu 24.04 host VM. The Gitlab CI runner configuration is nothing
unusual, it will be sent jobs by the Gitlab CI server and run the CI
jobs in Docker containers spun up for each job and destroyed after the
job has completed. However, in our environment security (against
malware, viruses from the internet) of the running containers is a big
concern. We plan to do image scanning of the Docker images for
vulnerabilities, and regular rebuilding (per pipeline) but we also want
protection of the containers when they are running.
My question: is it possible to configure a clamonacc on the CI VM host
to perform on-demand monitoring of the containers filesystems? This
would be preferable to clamonacc running inside each container. It feels
like it is a reasonable use-case and that it should be possible, but it
is not clear to me from the ClamAV online documentation or from general
internet searches on the problem, whether it is possible/how easy it
would be to set up.
Any help/advice appreciated.
Thomas
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
