diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 22227b71..9f86f5f9 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,28 +1,25 @@
# syntax=docker/dockerfile:latest
-# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.2-29
-
-COPY clamav.conf /clamav.conf
-COPY --chmod=775 start.script /start.script
+FROM alpine:3.21.3
RUN set -ex; \
apk upgrade --no-cache -a; \
- apk add --no-cache tzdata bash; \
- mkdir -p /var/run/clamav /run/lock; \
- chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
- chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp; \
- sed -i "/^set -eu/r /start.script" /init-unprivileged; \
- rm /start.script; \
- grep -q 'clamd --foreground &' /init-unprivileged; \
- sed -i "s|clamd --foreground \&|clamd --foreground --config-file /tmp/clamd.conf \&|" /init-unprivileged; \
- cat /init-unprivileged
+ apk add --no-cache tzdata clamav supervisord; \
+ mkdir /run/clamav; \
+ chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \
+ sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \
+ sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \
+ sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
+ sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
+ sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
+ freshclam --foreground --stdout
-VOLUME /var/lib/clamav
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
USER 100
-
+VOLUME /var/lib/clamav
+ENTRYPOINT ["/start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
LABEL com.centurylinklabs.watchtower.enable="false"
-
-HEALTHCHECK --start-period=60s --retries=9 CMD clamdcheck.sh
-
-ENTRYPOINT ["/init-unprivileged"]
+HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
diff --git a/Containers/clamav/clamav.conf b/Containers/clamav/clamav.conf
deleted file mode 100644
index b32636ba..00000000
--- a/Containers/clamav/clamav.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# AIO settings
-MaxDirectoryRecursion 30
-MaxFileSize 16G
-PCREMaxFileSize 16G
-StreamMaxLength 16G
diff --git a/Containers/clamav/healthcheck.sh b/Containers/clamav/healthcheck.sh
new file mode 100644
index 00000000..cef67500
--- /dev/null
+++ b/Containers/clamav/healthcheck.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env sh
+
+if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then
+ echo "ERROR: Unable to contact server"
+ exit 1
+fi
+
+echo "Clamd is up"
+exit 0
diff --git a/Containers/clamav/start.script b/Containers/clamav/start.script
deleted file mode 100644
index da228462..00000000
--- a/Containers/clamav/start.script
+++ /dev/null
@@ -1,4 +0,0 @@
-# Adjust settings
-cat /etc/clamav/clamd.conf > /tmp/clamd.conf
-CLAMAV_FILE="$(sed "s|16G|$MAX_SIZE|" /clamav.conf)"
-echo "$CLAMAV_FILE" >> /tmp/clamd.conf
diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh
new file mode 100644
index 00000000..fb7c8bd8
--- /dev/null
+++ b/Containers/clamav/start.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf
+
+exec "$@"
diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf
new file mode 100644
index 00000000..a5475bce
--- /dev/null
+++ b/Containers/clamav/supervisord.conf
@@ -0,0 +1,21 @@
+[supervisord]
+nodaemon=true
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB
+logfile_backups=10
+loglevel=error
+
+[program:freshclam]
+stdout_logfile=NONE
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=freshclam --foreground --stdout --daemon
+
+[program:clamd]
+stdout_logfile=NONE
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=clamd --foreground --config-file=/tmp/clamd.conf
diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 1000ecbb..c208a403 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -5,7 +5,8 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.5
USER root
RUN set -ex; \
apk upgrade --no-cache -a; \
- apk add --no-cache bash
+ apk add --no-cache bash; \
+ chmod 777 -R /tmp
USER 65534
COPY --chmod=775 start.sh /start.sh
diff --git a/manual-install/readme.md b/manual-install/readme.md
index 9bf34c9c..874a5b4b 100644
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -24,7 +24,7 @@ First, install docker and docker-compose (v2) if not already done. Then simply r
git clone https://github.com/nextcloud/all-in-one.git
cd all-in-one/manual-install
```
-Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.
⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols! Also please note that values inside the latest.yaml that are not exposed as variables are not officially supported to be changed. See for example [this report](https://github.com/nextcloud/all-in-one/issues/5612).
Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`.
@@ -32,9 +32,9 @@ Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml
Now you should be ready to go with `sudo docker compose up`.
## Docker profiles
-The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
-For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. (Note: there is no clamav image for arm64).
+For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`.
## How to update?
Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index dc5e13f1..70d14b4e 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -75,7 +75,7 @@ do
done
sed -i 's|_ENABLED=|_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
-sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: arm64 has no clamav support|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf
sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf
sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora|' sample.conf
diff --git a/php/containers.json b/php/containers.json
index cc60249a..4f218af2 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -642,7 +642,7 @@
"init": false,
"healthcheck": {
"start_period": "60s",
- "test": "clamdcheck.sh",
+ "test": "/healthcheck.sh",
"interval": "30s",
"timeout": "30s",
"start_interval": "5s",
@@ -654,8 +654,7 @@
"internal_port": "3310",
"environment": [
"TZ=%TIMEZONE%",
- "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%",
- "CLAMD_STARTUP_TIMEOUT=90"
+ "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%"
],
"volumes": [
{
@@ -670,9 +669,11 @@
],
"read_only": true,
"tmpfs": [
- "/var/lock",
+ "/tmp",
"/var/log/clamav",
- "/tmp"
+ "/run/clamav",
+ "/var/log/supervisord",
+ "/var/run/supervisord"
],
"cap_drop": [
"NET_RAW"
diff --git a/php/public/index.php b/php/public/index.php
index 5e5c1896..a3ee8f7d 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -102,7 +102,6 @@ $app->get('/containers', function (Request $request, Response $response, array $
'last_backup_time' => $configurationManager->GetLastBackupTime(),
'backup_times' => $configurationManager->GetBackupTimes(),
'current_channel' => $dockerActionManger->GetCurrentChannel(),
- 'is_x64_platform' => $configurationManager->isx64Platform(),
'is_clamav_enabled' => $configurationManager->isClamavEnabled(),
'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(),
'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(),
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 60a95761..7c7039af 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -132,7 +132,7 @@ class ConfigurationManager
}
}
- public function isx64Platform() : bool {
+ private function isx64Platform() : bool {
if (php_uname('m') === 'x86_64') {
return true;
} else {
@@ -140,11 +140,7 @@ class ConfigurationManager
}
}
- public function isClamavEnabled() : bool {
- if (!$this->isx64Platform()) {
- return false;
- }
-
+ public function isClamavEnabled() : bool {
$config = $this->GetConfig();
if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
return true;
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 5b00a769..16fef91f 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -21,7 +21,7 @@
data-initial-state="false"
{% endif %}
>
-
+
Minimal system requirements: When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV, Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see this documentation
-{% if isAnyRunning == true or is_x64_platform == false %}
-
-{% endif %}
{% if isAnyRunning == true %}
+
diff --git a/readme.md b/readme.md
index b10a262d..0eb92033 100644
--- a/readme.md
+++ b/readme.md
@@ -351,7 +351,7 @@ If you get an error during the domain validation which states that your ip-addre
### Which CPU architectures are supported?
You can check this on Linux by running: `uname -m`
- x86_64/x64/amd64
-- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture)
+- aarch64/arm64/armv8
### Disrecommended VPS providers
- *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work.