diff --git a/catalog.json b/catalog.json
index 0202482ce1..ae104ef87e 100644
--- a/catalog.json
+++ b/catalog.json
@@ -118,7 +118,7 @@
"latest_version": "1.7.44",
"latest_app_version": "1.32.1.6999",
"latest_human_version": "1.32.1.6999_1.7.44",
- "last_update": "2023-05-03 13:56:14",
+ "last_update": "2023-05-09 11:06:50",
"name": "plex",
"recommended": false,
"title": "Plex",
@@ -370,7 +370,7 @@
"latest_version": "1.0.21",
"latest_app_version": "v1.39.0",
"latest_human_version": "v1.39.0_1.0.21",
- "last_update": "2023-05-03 13:56:14",
+ "last_update": "2023-05-09 11:06:50",
"name": "netdata",
"recommended": false,
"title": "Netdata",
@@ -947,6 +947,34 @@
],
"tags": [],
"icon_url": "https://avatars.githubusercontent.com/u/10536621"
+ },
+ "clamav": {
+ "app_readme": "ClamAV
\nClamAV - ClamAV\u00ae is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
\n\n- App runs as
root user \n
",
+ "categories": [
+ "anti-virus",
+ "clamav"
+ ],
+ "description": "ClamAV is an open source (GPLv2) anti-virus toolkit.",
+ "healthy": true,
+ "healthy_error": null,
+ "home": "https://www.clamav.net/",
+ "location": "/__w/charts/charts/community/clamav",
+ "latest_version": "1.0.0",
+ "latest_app_version": "1.0.1",
+ "latest_human_version": "1.0.1_1.0.0",
+ "last_update": null,
+ "name": "clamav",
+ "recommended": false,
+ "title": "Clam AV",
+ "maintainers": [
+ {
+ "name": "truenas",
+ "url": "https://www.truenas.com/",
+ "email": "dev@ixsystems.com"
+ }
+ ],
+ "tags": [],
+ "icon_url": "https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png"
}
},
"enterprise": {
diff --git a/community/clamav/1.0.0/Chart.lock b/community/clamav/1.0.0/Chart.lock
new file mode 100644
index 0000000000..38f0629cf7
--- /dev/null
+++ b/community/clamav/1.0.0/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+ repository: file://../../../common
+ version: 1.0.6
+digest: sha256:2f1f31c15fb7f92db141a66adbb8d23a8598727730050a3883a211763a4e5472
+generated: "2023-04-28T16:05:12.034666174+03:00"
diff --git a/community/clamav/1.0.0/Chart.yaml b/community/clamav/1.0.0/Chart.yaml
new file mode 100644
index 0000000000..55761cbc53
--- /dev/null
+++ b/community/clamav/1.0.0/Chart.yaml
@@ -0,0 +1,26 @@
+name: clamav
+description: ClamAV is an open source (GPLv2) anti-virus toolkit.
+annotations:
+ title: Clam AV
+type: application
+version: 1.0.0
+apiVersion: v2
+appVersion: '1.0.1'
+kubeVersion: '>=1.16.0-0'
+maintainers:
+ - name: truenas
+ url: https://www.truenas.com/
+ email: dev@ixsystems.com
+dependencies:
+ - name: common
+ repository: file://../../../common
+ version: 1.0.6
+home: https://www.clamav.net/
+icon: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png
+sources:
+ - https://docs.clamav.net/
+ - https://github.com/truenas/charts/tree/master/community/clamav
+ - https://www.clamav.net/
+keywords:
+ - anti-virus
+ - clamav
diff --git a/community/clamav/1.0.0/README.md b/community/clamav/1.0.0/README.md
new file mode 100644
index 0000000000..3c4d7460a4
--- /dev/null
+++ b/community/clamav/1.0.0/README.md
@@ -0,0 +1,5 @@
+# ClamAV
+
+[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
+
+- App runs as `root` user
diff --git a/community/clamav/1.0.0/app-readme.md b/community/clamav/1.0.0/app-readme.md
new file mode 100644
index 0000000000..3c4d7460a4
--- /dev/null
+++ b/community/clamav/1.0.0/app-readme.md
@@ -0,0 +1,5 @@
+# ClamAV
+
+[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
+
+- App runs as `root` user
diff --git a/community/clamav/1.0.0/charts/common-1.0.6.tgz b/community/clamav/1.0.0/charts/common-1.0.6.tgz
new file mode 100644
index 0000000000..3f42ea345d
Binary files /dev/null and b/community/clamav/1.0.0/charts/common-1.0.6.tgz differ
diff --git a/community/clamav/1.0.0/ci/basic-values.yaml b/community/clamav/1.0.0/ci/basic-values.yaml
new file mode 100644
index 0000000000..d43e407603
--- /dev/null
+++ b/community/clamav/1.0.0/ci/basic-values.yaml
@@ -0,0 +1,7 @@
+clamavStorage:
+ sigdb:
+ type: hostPath
+ hostPath: /mnt/{{ .Release.Name }}/sig-db
+ scandir:
+ type: hostPath
+ hostPath: /mnt/{{ .Release.Name }}/scan-dir
diff --git a/community/clamav/1.0.0/ci/milterd-values.yaml b/community/clamav/1.0.0/ci/milterd-values.yaml
new file mode 100644
index 0000000000..82e77114cb
--- /dev/null
+++ b/community/clamav/1.0.0/ci/milterd-values.yaml
@@ -0,0 +1,10 @@
+clamavStorage:
+ sigdb:
+ type: hostPath
+ hostPath: /mnt/{{ .Release.Name }}/sig-db
+ scandir:
+ type: hostPath
+ hostPath: /mnt/{{ .Release.Name }}/scan-dir
+
+clamavConfig:
+ disableMilterd: false
diff --git a/community/clamav/1.0.0/ci/no-clamd-values.yaml b/community/clamav/1.0.0/ci/no-clamd-values.yaml
new file mode 100644
index 0000000000..948c16d1f9
--- /dev/null
+++ b/community/clamav/1.0.0/ci/no-clamd-values.yaml
@@ -0,0 +1,10 @@
+clamavStorage:
+ sigdb:
+ type: hostPath
+ hostPath: /mnt/{{ .Release.Name }}/sig-db
+ scandir:
+ type: hostPath
+ hostPath: /mnt/{{ .Release.Name }}/scan-dir
+
+clamavConfig:
+ disableClamd: true
diff --git a/community/clamav/1.0.0/ci/no-freshclamd-values.yaml b/community/clamav/1.0.0/ci/no-freshclamd-values.yaml
new file mode 100644
index 0000000000..bf7a2dbb4b
--- /dev/null
+++ b/community/clamav/1.0.0/ci/no-freshclamd-values.yaml
@@ -0,0 +1,10 @@
+clamavStorage:
+ sigdb:
+ type: hostPath
+ hostPath: /mnt/{{ .Release.Name }}/sig-db
+ scandir:
+ type: hostPath
+ hostPath: /mnt/{{ .Release.Name }}/scan-dir
+
+clamavConfig:
+ disableFreshClamd: true
diff --git a/community/clamav/1.0.0/ix_values.yaml b/community/clamav/1.0.0/ix_values.yaml
new file mode 100644
index 0000000000..5a9f740cef
--- /dev/null
+++ b/community/clamav/1.0.0/ix_values.yaml
@@ -0,0 +1,31 @@
+image:
+ repository: clamav/clamav
+ pullPolicy: IfNotPresent
+ tag: '1.0.1-2'
+
+resources:
+ limits:
+ cpu: 4000m
+ memory: 8Gi
+
+clamavConfig:
+ disableClamd: false
+ disableFreshClamd: false
+ disableMilterd: true
+ clamdStartupTimeout: 1800
+ freshclamChecks: 1
+ additionalEnvs: []
+
+clamavNetwork:
+ clamdPort: 30000
+ milterdPort: 30001
+
+clamavStorage:
+ sigdb:
+ type: ixVolume
+ hostPath: ''
+ datasetName: sig-db
+ scandir:
+ type: ixVolume
+ hostPath: ''
+ datasetName: scan-dir
diff --git a/community/clamav/1.0.0/metadata.yaml b/community/clamav/1.0.0/metadata.yaml
new file mode 100644
index 0000000000..27f2cf9ca2
--- /dev/null
+++ b/community/clamav/1.0.0/metadata.yaml
@@ -0,0 +1,18 @@
+runAsContext:
+ - userName: root
+ groupName: root
+ gid: 0
+ uid: 0
+ description: ClamAV runs as root user.
+capabilities:
+ - name: CHOWN
+ description: ClamAV is able to chown files.
+ - name: FOWNER
+ description: ClamAV is able bypass permission checks for it's sub-processes.
+ - name: DAC_OVERRIDE
+ description: ClamAV is able to bypass permission checks.
+ - name: SETGID
+ description: ClamAV is able to set group ID for it's sub-processes.
+ - name: SETUID
+ description: ClamAV is able to set user ID for it's sub-processes.
+hostMounts: []
diff --git a/community/clamav/1.0.0/questions.yaml b/community/clamav/1.0.0/questions.yaml
new file mode 100644
index 0000000000..f5a1a952cb
--- /dev/null
+++ b/community/clamav/1.0.0/questions.yaml
@@ -0,0 +1,208 @@
+groups:
+ - name: ClamAV Configuration
+ description: Configure ClamAV
+ - name: Network Configuration
+ description: Configure Network for ClamAV
+ - name: Storage Configuration
+ description: Configure Storage for ClamAV
+ - name: Resources Configuration
+ description: Configure Resources for ClamAV
+
+questions:
+
+ - variable: clamavConfig
+ label: ""
+ group: ClamAV Configuration
+ schema:
+ type: dict
+ attrs:
+ - variable: disableClamd
+ label: Disable ClamD
+ description: Do not start Clam daemon
+ schema:
+ type: boolean
+ default: false
+ - variable: disableFreshClamd
+ label: Disable FreshClamD
+ description: Do not start the FreshClam daemon
+ schema:
+ type: boolean
+ default: false
+ - variable: disableMilterd
+ label: Disable MilterD
+ description: Do not start the ClamAV-Milter daemon
+ schema:
+ type: boolean
+ default: true
+ - variable: clamdStartupTimeout
+ label: ClamD Startup Timeout
+ description: Seconds to wait for ClamD to start
+ schema:
+ type: int
+ default: 1800
+ required: true
+ - variable: freshclamChecks
+ label: Fresh Clam Checks
+ description: Times to check per day for a new database.
+ schema:
+ type: int
+ default: 1
+ min: 1
+ max: 50
+ required: true
+ - variable: additionalEnvs
+ label: Additional Environment Variables
+ description: Configure additional environment variables for ClamAV.
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: env
+ label: Environment Variable
+ schema:
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+
+ - variable: clamavNetwork
+ label: ""
+ group: Network Configuration
+ schema:
+ type: dict
+ attrs:
+ - variable: clamdPort
+ label: ClamD Port
+ description: The port for the ClamAV ClamD
+ schema:
+ type: int
+ default: 30000
+ min: 9000
+ max: 65535
+ required: true
+ - variable: milterdPort
+ label: MilterD Port
+ description: The port for the ClamAV MilterD
+ schema:
+ type: int
+ default: 30001
+ min: 9000
+ max: 65535
+ required: true
+
+ - variable: clamavStorage
+ label: ""
+ group: Storage Configuration
+ schema:
+ type: dict
+ attrs:
+ - variable: sigdb
+ label: ClamAV Signature Database Storage
+ description: The path to store ClamAV Signature Database.
+ schema:
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ description: |
+ ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
+ schema:
+ type: string
+ required: true
+ default: ixVolume
+ enum:
+ - value: hostPath
+ description: Host Path (Path that already exists on the system)
+ - value: ixVolume
+ description: ixVolume (Dataset created automatically by the system)
+ - variable: datasetName
+ label: Dataset Name
+ schema:
+ type: string
+ show_if: [["type", "=", "ixVolume"]]
+ required: true
+ hidden: true
+ immutable: true
+ default: sig-db
+ $ref:
+ - "normalize/ixVolume"
+ - variable: hostPath
+ label: Host Path
+ schema:
+ type: hostpath
+ show_if: [["type", "=", "hostPath"]]
+ immutable: true
+ required: true
+ - variable: scandir
+ label: ClamAV Scan Storage
+ description: The path to store ClamAV Scan storage.
+ schema:
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ description: |
+ ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
+ schema:
+ type: string
+ required: true
+ default: ixVolume
+ enum:
+ - value: hostPath
+ description: Host Path (Path that already exists on the system)
+ - value: ixVolume
+ description: ixVolume (Dataset created automatically by the system)
+ - variable: datasetName
+ label: Dataset Name
+ schema:
+ type: string
+ show_if: [["type", "=", "ixVolume"]]
+ required: true
+ hidden: true
+ immutable: true
+ default: scan-dir
+ $ref:
+ - "normalize/ixVolume"
+ - variable: hostPath
+ label: Host Path
+ schema:
+ type: hostpath
+ show_if: [["type", "=", "hostPath"]]
+ immutable: true
+ required: true
+
+ - variable: resources
+ label: ""
+ group: Resources Configuration
+ schema:
+ type: dict
+ attrs:
+ - variable: limits
+ label: Limits
+ schema:
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: CPU limit for ClamAV.
+ schema:
+ type: string
+ default: 4000m
+ required: true
+ - variable: memory
+ label: Memory
+ description: Memory limit for ClamAV.
+ schema:
+ type: string
+ default: 8Gi
+ required: true
diff --git a/community/clamav/1.0.0/templates/NOTES.txt b/community/clamav/1.0.0/templates/NOTES.txt
new file mode 100644
index 0000000000..ba4e01146c
--- /dev/null
+++ b/community/clamav/1.0.0/templates/NOTES.txt
@@ -0,0 +1 @@
+{{ include "ix.v1.common.lib.chart.notes" $ }}
diff --git a/community/clamav/1.0.0/templates/_clamav.tpl b/community/clamav/1.0.0/templates/_clamav.tpl
new file mode 100644
index 0000000000..3224c567ec
--- /dev/null
+++ b/community/clamav/1.0.0/templates/_clamav.tpl
@@ -0,0 +1,99 @@
+{{- define "clamav.workload" -}}
+workload:
+ clamav:
+ enabled: true
+ primary: true
+ type: Deployment
+ podSpec:
+ hostNetwork: false
+ containers:
+ clamav:
+ enabled: true
+ primary: true
+ tty: true
+ stdin: true
+ imageSelector: image
+ securityContext:
+ # FIXME: https://github.com/Cisco-Talos/clamav/issues/478
+ runAsUser: 0
+ runAsGroup: 0
+ runAsNonRoot: false
+ readOnlyRootFilesystem: false
+ capabilities:
+ add:
+ - CHOWN
+ - DAC_OVERRIDE
+ - FOWNER
+ - SETUID
+ - SETGID
+ env:
+ CLAMAV_NO_CLAMD: {{ .Values.clamavConfig.disableClamd | quote }}
+ CLAMAV_NO_FRESHCLAMD: {{ .Values.clamavConfig.disableFreshClamd | quote }}
+ CLAMAV_NO_MILTERD: {{ .Values.clamavConfig.disableMilterd | quote }}
+ CLAMD_STARTUP_TIMEOUT: {{ .Values.clamavConfig.clamdStartupTimeout | quote }}
+ FRESHCLAM_CHECKS: {{ .Values.clamavConfig.freshclamChecks | quote }}
+ {{ with .Values.clamavConfig.additionalEnvs }}
+ envList:
+ {{ range $env := . }}
+ - name: {{ $env.name }}
+ value: {{ $env.value }}
+ {{ end }}
+ {{ end }}
+ probes:
+ liveness:
+ enabled: {{ not .Values.clamavConfig.disableClamd }}
+ type: exec
+ command: clamdcheck.sh
+ readiness:
+ enabled: {{ not .Values.clamavConfig.disableClamd }}
+ type: exec
+ command: clamdcheck.sh
+ startup:
+ enabled: {{ not .Values.clamavConfig.disableClamd }}
+ type: exec
+ command: clamdcheck.sh
+
+{{/* Service */}}
+service:
+ clamav:
+ enabled: {{ or (not .Values.clamavConfig.disableClamd) (not .Values.clamavConfig.disableMilterd) }}
+ primary: true
+ type: NodePort
+ targetSelector: clamav
+ ports:
+ clamd:
+ enabled: {{ not .Values.clamavConfig.disableClamd }}
+ primary: true
+ port: {{ .Values.clamavNetwork.clamdPort }}
+ nodePort: {{ .Values.clamavNetwork.clamdPort }}
+ targetPort: 3310
+ targetSelector: clamav
+ milted:
+ enabled: {{ not .Values.clamavConfig.disableMilterd }}
+ primary: {{ .Values.clamavConfig.disableClamd }}
+ port: {{ .Values.clamavNetwork.milterdPort }}
+ nodePort: {{ .Values.clamavNetwork.milterdPort }}
+ targetPort: 7357
+ targetSelector: clamav
+
+{{/* Persistence */}}
+persistence:
+ data:
+ enabled: true
+ type: {{ .Values.clamavStorage.sigdb.type }}
+ datasetName: {{ .Values.clamavStorage.sigdb.datasetName | default "" }}
+ hostPath: {{ .Values.clamavStorage.sigdb.hostPath | default "" }}
+ targetSelector:
+ clamav:
+ clamav:
+ mountPath: /var/lib/clamav
+ scan-dir:
+ enabled: true
+ type: {{ .Values.clamavStorage.scandir.type }}
+ datasetName: {{ .Values.clamavStorage.scandir.datasetName | default "" }}
+ hostPath: {{ .Values.clamavStorage.scandir.hostPath | default "" }}
+ targetSelector:
+ clamav:
+ clamav:
+ mountPath: /scandir
+{{- end -}}
diff --git a/community/clamav/1.0.0/templates/common.yaml b/community/clamav/1.0.0/templates/common.yaml
new file mode 100644
index 0000000000..cb90f891d9
--- /dev/null
+++ b/community/clamav/1.0.0/templates/common.yaml
@@ -0,0 +1,6 @@
+{{- include "ix.v1.common.loader.init" . -}}
+
+{{/* Merge the templates with Values */}}
+{{- $_ := mustMergeOverwrite .Values (include "clamav.workload" $ | fromYaml) -}}
+
+{{- include "ix.v1.common.loader.apply" . -}}
diff --git a/community/clamav/item.yaml b/community/clamav/item.yaml
new file mode 100644
index 0000000000..07ba36c343
--- /dev/null
+++ b/community/clamav/item.yaml
@@ -0,0 +1,4 @@
+icon_url: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png
+categories:
+ - anti-virus
+ - clamav