initial commit

2026-01-01 20:42:59 +00:00
commit 2f557eda8c
9029 changed files with 1490197 additions and 0 deletions
--- a/fluxer_devops/clamav/compose.yaml
+++ b/fluxer_devops/clamav/compose.yaml
@@ -0,0 +1,38 @@
+services:
+  clamav:
+    image: clamav/clamav:1.4
+    hostname: clamav
+    volumes:
+      - clamav_data:/var/lib/clamav
+      - ./conf/clamd.conf:/etc/clamav/clamd.conf:ro
+    networks:
+      - fluxer-shared
+    ports:
+      - '3310:3310'
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+        delay: 10s
+        max_attempts: 3
+      resources:
+        limits:
+          cpus: '2'
+          memory: 4G
+        reservations:
+          cpus: '1'
+          memory: 2G
+    healthcheck:
+      test: ['CMD-SHELL', 'clamdscan --version || exit 1']
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 60s
+
+networks:
+  fluxer-shared:
+    external: true
+
+volumes:
+  clamav_data:
+    driver: local
--- a/fluxer_devops/clamav/conf/clamd.conf
+++ b/fluxer_devops/clamav/conf/clamd.conf
@@ -0,0 +1,54 @@
+# Listening
+LocalSocket /tmp/clamd.sock
+TCPSocket 3310
+TCPAddr 0.0.0.0
+
+# Threading
+MaxThreads 12
+MaxConnectionQueueLength 30
+
+# Scanner limits
+MaxScanSize 150M
+MaxFileSize 100M
+MaxRecursion 16
+MaxFiles 10000
+MaxEmbeddedPE 10M
+MaxHTMLNormalize 10M
+MaxHTMLNoTags 2M
+MaxScriptNormalize 5M
+MaxZipTypeRcg 1M
+
+# Scanning options
+ScanPE yes
+ScanELF yes
+ScanOLE2 yes
+ScanPDF yes
+ScanSWF yes
+ScanHTML yes
+ScanMail yes
+ScanArchive yes
+ScanPartialMessages yes
+AlertBrokenExecutables yes
+AlertEncrypted no
+AlertEncryptedArchive no
+AlertEncryptedDoc no
+AlertOLE2Macros yes
+AlertPhishingSSLMismatch no
+AlertPhishingCloak no
+
+# Database
+DatabaseDirectory /var/lib/clamav
+OfficialDatabaseOnly no
+DetectPUA yes
+ExcludePUA NetTool
+ExcludePUA PWTool
+HeuristicScanPrecedence yes
+
+# Logging
+LogTime yes
+LogClean no
+LogVerbose no
+ExtendedDetectionInfo yes
+
+# Performance
+BytecodeTimeout 60000