Configuring Malware Scans of Images
Malware Scanning Overview
See Malware Scanning for an overview of the feature and how it works. This section is for configuration of scan behavior.
analyzer_config.yaml requires a restart of the analyzer container. The typical process is to mount it externally into
/config/analyzer_config.yaml from a host volume or as a ConfigMap in Kubernetes and
all analyzers in the deployment share the same configuration.
Enabling & Disabling Malware Scans
Each analyzer needs to have it’s analyzer_config.yaml file updated to include:
malware: clamav: enabled: true db_update_enabled: true
malware.clamav.enabled = true will enable the analyzer that runs the scan. If not enabled, the analyzer will run but will not execute a ClamAV scan so no scan results will be reported.
Disabling DB Updates for ClamAV
db_update_enabled property of the malware.clamav object shown above in the analyzer_config.yaml controls whether the analyzer will invoke a
refreshclam call prior to each
analysis execution. By default it is enabled and should be left on for up-to-date scan results. The db version is returned in the metadata section of the scan results available from the engine API.
You can disable the update if you want to mount an external volume to provide the db data in /home/anchore/clamav/db inside the container (must be read-write for the anchore user) This can be used to cache or share a db across multiple analyzers (e.g. using AWS EFS) or to support air-gapped deployments where the db cannot be automatically updated from deployment itself.
The path for the db and db update configuration are also available as environment variables inside the analyzer containers. These should not need to be used in most cases, but for air-gapped or other installation where the default configuration is not sufficient they are available for customization.
|ANCHORE_FRESHCLAM_CONFIG_FILE||Location of freshclam.conf to use||/home/anchore/clamav/freshclam.conf|
|ANCHORE_CLAMAV_DB_DIR||Location of the db dir to read/write||/home/anchore/clamav/db|
The invocation parameters for each command are available in the analyzer source
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.