From 7e83a3bc8917fcd2949409fdeb05730b8729a6e4 Mon Sep 17 00:00:00 2001
From: Christian Lautier <15379878+maatinito@users.noreply.github.com>
Date: Wed, 20 Nov 2024 13:50:16 -1000
Subject: [PATCH] Clamav now use tcp to send file instead of shared filesystem

---
 .gitignore                     |  1 +
 app/services/clamav_service.rb |  2 +-
 app/test.rb                    |  0
 docker-compose.yml             | 28 ++++------------------------
 4 files changed, 6 insertions(+), 25 deletions(-)
 create mode 100644 app/test.rb

diff --git a/.gitignore b/.gitignore
index 774d38e4349..b073338e63e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,3 +54,4 @@ public/vite-test
 
 app/graphql/schema.json
 public/graphql/schema
+/docker/
diff --git a/app/services/clamav_service.rb b/app/services/clamav_service.rb
index 5b7032a5548..d3c62401f74 100644
--- a/app/services/clamav_service.rb
+++ b/app/services/clamav_service.rb
@@ -5,7 +5,7 @@ def self.safe_file?(file_path)
     FileUtils.chmod(0666, file_path)
 
     client = ClamAV::Client.new
-    response = client.execute(ClamAV::Commands::ScanCommand.new(file_path)).first
+    response = client.execute(ClamAV::Commands::InstreamCommand.new(File.open(file_path, 'rb')))
 
     case response
     when ClamAV::SuccessResponse
diff --git a/app/test.rb b/app/test.rb
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/docker-compose.yml b/docker-compose.yml
index a68f1685713..2a199ec2cfd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -75,7 +75,8 @@ services:
       - AR_ENCRYPTION_PRIMARY_KEY
       - BANNER_MESSAGE
       - CERTIGNA_USERPWD
-      - CLAMD_TCP_HOST=clamav-${ENV:-dev}
+      - CLAMAV_ENABLED=enabled
+      - CLAMD_TCP_HOST=clamav
       - CLAMD_TCP_PORT=3310
       - COJO_JWT_RSA_PRIVATE_KEY
       - CRISP_CLIENT_KEY
@@ -160,8 +161,6 @@ services:
     volumes:
       - md-data-files:/app/storage
       - md-tmp:/app/tmp
-      - md-logo-uploads:/app/public/uploads
-      - md-logo-downloads:/app/public/downloads
     networks:
       - md-network
     depends_on:
@@ -195,7 +194,8 @@ services:
       - AR_ENCRYPTION_KEY_DERIVATION_SALT
       - AR_ENCRYPTION_PRIMARY_KEY
       - CERTIGNA_USERPWD
-      - CLAMD_TCP_HOST=clamav-${ENV:-dev}
+      - CLAMAV_ENABLED=enabled
+      - CLAMD_TCP_HOST=clamav
       - CLAMD_TCP_PORT=3310
       - COJO_JWT_RSA_PRIVATE_KEY
       - DB_DATABASE
@@ -239,7 +239,6 @@ services:
       - WATERMARK_FILE
     volumes:
       - md-data-files:/app/storage
-      - md-root-tmp:/tmp
       - md-tmp:/app/tmp
     networks:
       - md-network
@@ -251,7 +250,6 @@ services:
     volumes:
       - clamav-db:/data
       - clamav-logs:/var/log/clamav
-      - md-root-tmp:/tmp
     networks:
       - md-network
 
@@ -295,30 +293,12 @@ volumes:
       type: none
       device: $ROOT/redis
       o: bind
-  md-logo-uploads:
-    driver: local
-    driver_opts:
-      type: none
-      device: $ROOT/logos/uploads
-      o: bind
-  md-logo-downloads:
-    driver: local
-    driver_opts:
-      type: none
-      device: $ROOT/logos/downloads
-      o: bind
   md-tmp:
     driver: local
     driver_opts:
       type: none
       device: $ROOT/tmp
       o: bind
-  #----- to share file between worker and clamav
-  md-root-tmp:
-    driver_opts:
-      type: none
-      device: $ROOT/systmp
-      o: bind
   clamav-db:
     driver: local
     driver_opts: