From e68c04f465f848ade11e105695d6fe5ee5a9978e Mon Sep 17 00:00:00 2001
From: David Mays <david.mays@digital.cabinet-office.gov.uk>
Date: Thu, 20 Jun 2024 11:00:22 +0100
Subject: [PATCH 1/2] Build ClamAV to run as "app" user for container.

---
 Dockerfile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c8b31cd8..382acf9b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -77,13 +77,13 @@ RUN apt update && apt install -y \
         -e "s|.*\(LocalSocket\) .*|\1 /tmp/clamd.sock|" \
         -e "s|.*\(TCPSocket\) .*|\1 3310|" \
         -e "s|.*\(TCPAddr\) .*|#\1 0.0.0.0|" \
-        -e "s|.*\(User\) .*|\1 clamav|" \
+        -e "s|.*\(User\) .*|\1 app|" \
         -e "s|^\#\(LogFile\) .*|\1 /var/log/clamav/clamd.log|" \
         -e "s|^\#\(LogTime\).*|\1 yes|" \
         "/clamav/etc/clamav/clamd.conf.sample" > "/clamav/etc/clamav/clamd.conf" && \
     sed -e "s|^\(Example\)|\# \1|" \
         -e "s|.*\(PidFile\) .*|\1 /tmp/freshclam.pid|" \
-        -e "s|.*\(DatabaseOwner\) .*|\1 clamav|" \
+        -e "s|.*\(DatabaseOwner\) .*|\1 app|" \
         -e "s|^\#\(UpdateLogFile\) .*|\1 /var/log/clamav/freshclam.log|" \
         -e "s|^\#\(NotifyClamd\).*|\1 /etc/clamav/clamd.conf|" \
         -e "s|^\#\(ScriptedUpdates\).*|\1 yes|" \
@@ -134,7 +134,9 @@ WORKDIR $APP_HOME
 
 COPY --from=clam_builder "/clamav" "/"
 
-RUN ln -s /usr/bin/clam* /usr/local/bin
+RUN ln -s /usr/bin/clam* /usr/local/bin && \
+    ln -s /usr/bin/freshclam /usr/local/bin && \
+    chown 0755 /usr/local/bin/clam* /usr/local/bin/freshclam
 
 COPY --from=app_builder $BUNDLE_PATH $BUNDLE_PATH
 COPY --from=app_builder $BOOTSNAP_CACHE_DIR $BOOTSNAP_CACHE_DIR

From f1ab7297814c020880ab706385e77ec8ba359301 Mon Sep 17 00:00:00 2001
From: David Mays <david.mays@digital.cabinet-office.gov.uk>
Date: Thu, 20 Jun 2024 11:21:10 +0100
Subject: [PATCH 2/2] Can probably do without this - isn't doing much

---
 Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 382acf9b..d6adaba6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -135,8 +135,7 @@ WORKDIR $APP_HOME
 COPY --from=clam_builder "/clamav" "/"
 
 RUN ln -s /usr/bin/clam* /usr/local/bin && \
-    ln -s /usr/bin/freshclam /usr/local/bin && \
-    chown 0755 /usr/local/bin/clam* /usr/local/bin/freshclam
+    ln -s /usr/bin/freshclam /usr/local/bin
 
 COPY --from=app_builder $BUNDLE_PATH $BUNDLE_PATH
 COPY --from=app_builder $BOOTSNAP_CACHE_DIR $BOOTSNAP_CACHE_DIR