From 06460bdf6ae2e4c30e51dbded2895a1b3f31c9a7 Mon Sep 17 00:00:00 2001
From: nadeem <nadeem.sabri@digital.cabinet-office.gov.uk>
Date: Mon, 27 Nov 2023 07:20:20 +0000
Subject: [PATCH] Updating ClamAV engine with offical version 1.2.1

Currently adding latest version found on https://www.clamav.net/downloads

As a todo:
Can improve this by using curl to aascertain the latest release then
injecting that as variable $LATEST rather then hardcoding the current
version.

thus the wget line will change to:
wget https://www.clamav.net/downloads/production/clamav-$LATEST.linux.x86_64.deb

https://github.com/alphagov/govuk-helm-charts/pull/new/nsabri1/update-clamav-config
---
 Dockerfile | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 16a3fd85..8bd3d8d1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 ARG ruby_version=3.2.2
 ARG base_image=ghcr.io/alphagov/govuk-ruby-base:$ruby_version
 ARG builder_image=ghcr.io/alphagov/govuk-ruby-builder:$ruby_version
-
+ARG clam_engine=clamav-1.2.1.linux.x86_64.deb
 
 FROM $builder_image AS builder
 
@@ -14,13 +14,15 @@ RUN bootsnap precompile --gemfile .
 
 FROM $base_image
 
+ARG clam_engine
 ENV GOVUK_APP_NAME=asset-manager
 
 # TODO: move ClamAV into a completely separate service.
-RUN install_packages clamav clamav-daemon clamdscan shared-mime-info && \
-    rm -fr /etc/clamav/* && \
-    mkdir -p /var/run/clamav && \
-    chown app:app /var/run/clamav /var/lib/clamav
+RUN install_packages wget shared-mime-info && \
+    wget https://www.clamav.net/downloads/production/$clam_engine && \
+    apt install ./$clam_engine && rm ./$clam_engine && \
+    mkdir -p /var/run/clamav /var/lib/clamav /usr/local/share/clamav && \
+    chown app:app /var/run/clamav /var/lib/clamav /usr/local/share/clamav
 
 WORKDIR $APP_HOME
 COPY --from=builder $BUNDLE_PATH $BUNDLE_PATH