Update catalog information

catalog.json

@@ -118,7 +118,7 @@
             "latest_version": "1.7.44",
             "latest_app_version": "1.32.1.6999",
             "latest_human_version": "1.32.1.6999_1.7.44",
-            "last_update": "2023-05-03 13:56:14",
+            "last_update": "2023-05-09 11:06:50",
             "name": "plex",
             "recommended": false,
             "title": "Plex",
@@ -370,7 +370,7 @@
             "latest_version": "1.0.21",
             "latest_app_version": "v1.39.0",
             "latest_human_version": "v1.39.0_1.0.21",
-            "last_update": "2023-05-03 13:56:14",
+            "last_update": "2023-05-09 11:06:50",
             "name": "netdata",
             "recommended": false,
             "title": "Netdata",
@@ -947,6 +947,34 @@
             ],
             "tags": [],
             "icon_url": "https://avatars.githubusercontent.com/u/10536621"
+        },
+        "clamav": {
+            "app_readme": "<h1>ClamAV</h1>\n<p><a href=\"https://www.clamav.net/\">ClamAV</a> - ClamAV\u00ae is an open-source antivirus engine for detecting trojans, viruses, malware &amp; other malicious threats.</p>\n<ul>\n<li>App runs as <code>root</code> user</li>\n</ul>",
+            "categories": [
+                "anti-virus",
+                "clamav"
+            ],
+            "description": "ClamAV is an open source (GPLv2) anti-virus toolkit.",
+            "healthy": true,
+            "healthy_error": null,
+            "home": "https://www.clamav.net/",
+            "location": "/__w/charts/charts/community/clamav",
+            "latest_version": "1.0.0",
+            "latest_app_version": "1.0.1",
+            "latest_human_version": "1.0.1_1.0.0",
+            "last_update": null,
+            "name": "clamav",
+            "recommended": false,
+            "title": "Clam AV",
+            "maintainers": [
+                {
+                    "name": "truenas",
+                    "url": "https://www.truenas.com/",
+                    "email": "dev@ixsystems.com"
+                }
+            ],
+            "tags": [],
+            "icon_url": "https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png"
         }
     },
     "enterprise": {

community/clamav/1.0.0/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../../../common
+  version: 1.0.6
+digest: sha256:2f1f31c15fb7f92db141a66adbb8d23a8598727730050a3883a211763a4e5472
+generated: "2023-04-28T16:05:12.034666174+03:00"

community/clamav/1.0.0/Chart.yaml

@@ -0,0 +1,26 @@
+name: clamav
+description: ClamAV is an open source (GPLv2) anti-virus toolkit.
+annotations:
+  title: Clam AV
+type: application
+version: 1.0.0
+apiVersion: v2
+appVersion: '1.0.1'
+kubeVersion: '>=1.16.0-0'
+maintainers:
+  - name: truenas
+    url: https://www.truenas.com/
+    email: dev@ixsystems.com
+dependencies:
+  - name: common
+    repository: file://../../../common
+    version: 1.0.6
+home: https://www.clamav.net/
+icon: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png
+sources:
+  - https://docs.clamav.net/
+  - https://github.com/truenas/charts/tree/master/community/clamav
+  - https://www.clamav.net/
+keywords:
+  - anti-virus
+  - clamav

community/clamav/1.0.0/README.md

@@ -0,0 +1,5 @@
+# ClamAV
+
+[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
+
+- App runs as `root` user

community/clamav/1.0.0/app-readme.md

@@ -0,0 +1,5 @@
+# ClamAV
+
+[ClamAV](https://www.clamav.net/) - ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
+
+- App runs as `root` user

community/clamav/1.0.0/ci/basic-values.yaml

@@ -0,0 +1,7 @@
+clamavStorage:
+  sigdb:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/sig-db
+  scandir:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/scan-dir

community/clamav/1.0.0/ci/milterd-values.yaml

@@ -0,0 +1,10 @@
+clamavStorage:
+  sigdb:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/sig-db
+  scandir:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/scan-dir
+
+clamavConfig:
+  disableMilterd: false

community/clamav/1.0.0/ci/no-clamd-values.yaml

@@ -0,0 +1,10 @@
+clamavStorage:
+  sigdb:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/sig-db
+  scandir:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/scan-dir
+
+clamavConfig:
+  disableClamd: true

community/clamav/1.0.0/ci/no-freshclamd-values.yaml

@@ -0,0 +1,10 @@
+clamavStorage:
+  sigdb:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/sig-db
+  scandir:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/scan-dir
+
+clamavConfig:
+  disableFreshClamd: true

community/clamav/1.0.0/ix_values.yaml

@@ -0,0 +1,31 @@
+image:
+  repository: clamav/clamav
+  pullPolicy: IfNotPresent
+  tag: '1.0.1-2'
+
+resources:
+  limits:
+    cpu: 4000m
+    memory: 8Gi
+
+clamavConfig:
+  disableClamd: false
+  disableFreshClamd: false
+  disableMilterd: true
+  clamdStartupTimeout: 1800
+  freshclamChecks: 1
+  additionalEnvs: []
+
+clamavNetwork:
+  clamdPort: 30000
+  milterdPort: 30001
+
+clamavStorage:
+  sigdb:
+    type: ixVolume
+    hostPath: ''
+    datasetName: sig-db
+  scandir:
+    type: ixVolume
+    hostPath: ''
+    datasetName: scan-dir

community/clamav/1.0.0/metadata.yaml

@@ -0,0 +1,18 @@
+runAsContext:
+  - userName: root
+    groupName: root
+    gid: 0
+    uid: 0
+    description: ClamAV runs as root user.
+capabilities:
+  - name: CHOWN
+    description: ClamAV is able to chown files.
+  - name: FOWNER
+    description: ClamAV is able bypass permission checks for it's sub-processes.
+  - name: DAC_OVERRIDE
+    description: ClamAV is able to bypass permission checks.
+  - name: SETGID
+    description: ClamAV is able to set group ID for it's sub-processes.
+  - name: SETUID
+    description: ClamAV is able to set user ID for it's sub-processes.
+hostMounts: []

community/clamav/1.0.0/questions.yaml

@@ -0,0 +1,208 @@
+groups:
+  - name: ClamAV Configuration
+    description: Configure ClamAV
+  - name: Network Configuration
+    description: Configure Network for ClamAV
+  - name: Storage Configuration
+    description: Configure Storage for ClamAV
+  - name: Resources Configuration
+    description: Configure Resources for ClamAV
+
+questions:
+
+  - variable: clamavConfig
+    label: ""
+    group: ClamAV Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: disableClamd
+          label: Disable ClamD
+          description: Do not start Clam daemon
+          schema:
+            type: boolean
+            default: false
+        - variable: disableFreshClamd
+          label: Disable FreshClamD
+          description: Do not start the FreshClam daemon
+          schema:
+            type: boolean
+            default: false
+        - variable: disableMilterd
+          label: Disable MilterD
+          description: Do not start the ClamAV-Milter daemon
+          schema:
+            type: boolean
+            default: true
+        - variable: clamdStartupTimeout
+          label: ClamD Startup Timeout
+          description: Seconds to wait for ClamD to start
+          schema:
+            type: int
+            default: 1800
+            required: true
+        - variable: freshclamChecks
+          label: Fresh Clam Checks
+          description: Times to check per day for a new database.
+          schema:
+            type: int
+            default: 1
+            min: 1
+            max: 50
+            required: true
+        - variable: additionalEnvs
+          label: Additional Environment Variables
+          description: Configure additional environment variables for ClamAV.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: env
+                label: Environment Variable
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: value
+                      label: Value
+                      schema:
+                        type: string
+                        required: true
+
+  - variable: clamavNetwork
+    label: ""
+    group: Network Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: clamdPort
+          label: ClamD Port
+          description: The port for the ClamAV ClamD
+          schema:
+            type: int
+            default: 30000
+            min: 9000
+            max: 65535
+            required: true
+        - variable: milterdPort
+          label: MilterD Port
+          description: The port for the ClamAV MilterD
+          schema:
+            type: int
+            default: 30001
+            min: 9000
+            max: 65535
+            required: true
+
+  - variable: clamavStorage
+    label: ""
+    group: Storage Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: sigdb
+          label: ClamAV Signature Database Storage
+          description: The path to store ClamAV Signature Database.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: ixVolume
+                  enum:
+                    - value: hostPath
+                      description: Host Path (Path that already exists on the system)
+                    - value: ixVolume
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: sig-db
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+        - variable: scandir
+          label: ClamAV Scan Storage
+          description: The path to store ClamAV Scan storage.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: ixVolume
+                  enum:
+                    - value: hostPath
+                      description: Host Path (Path that already exists on the system)
+                    - value: ixVolume
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: scan-dir
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+
+  - variable: resources
+    label: ""
+    group: Resources Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: limits
+          label: Limits
+          schema:
+            type: dict
+            attrs:
+              - variable: cpu
+                label: CPU
+                description: CPU limit for ClamAV.
+                schema:
+                  type: string
+                  default: 4000m
+                  required: true
+              - variable: memory
+                label: Memory
+                description: Memory limit for ClamAV.
+                schema:
+                  type: string
+                  default: 8Gi
+                  required: true

community/clamav/1.0.0/templates/NOTES.txt

@@ -0,0 +1 @@
+{{ include "ix.v1.common.lib.chart.notes" $ }}

community/clamav/1.0.0/templates/_clamav.tpl

@@ -0,0 +1,99 @@
+{{- define "clamav.workload" -}}
+workload:
+  clamav:
+    enabled: true
+    primary: true
+    type: Deployment
+    podSpec:
+      hostNetwork: false
+      containers:
+        clamav:
+          enabled: true
+          primary: true
+          tty: true
+          stdin: true
+          imageSelector: image
+          securityContext:
+            # FIXME: https://github.com/Cisco-Talos/clamav/issues/478
+            runAsUser: 0
+            runAsGroup: 0
+            runAsNonRoot: false
+            readOnlyRootFilesystem: false
+            capabilities:
+              add:
+                - CHOWN
+                - DAC_OVERRIDE
+                - FOWNER
+                - SETUID
+                - SETGID
+          env:
+            CLAMAV_NO_CLAMD: {{ .Values.clamavConfig.disableClamd | quote }}
+            CLAMAV_NO_FRESHCLAMD: {{ .Values.clamavConfig.disableFreshClamd | quote }}
+            CLAMAV_NO_MILTERD: {{ .Values.clamavConfig.disableMilterd | quote }}
+            CLAMD_STARTUP_TIMEOUT: {{ .Values.clamavConfig.clamdStartupTimeout | quote }}
+            FRESHCLAM_CHECKS: {{ .Values.clamavConfig.freshclamChecks | quote }}
+          {{ with .Values.clamavConfig.additionalEnvs }}
+          envList:
+            {{ range $env := . }}
+            - name: {{ $env.name }}
+              value: {{ $env.value }}
+            {{ end }}
+          {{ end }}
+          probes:
+            liveness:
+              enabled: {{ not .Values.clamavConfig.disableClamd }}
+              type: exec
+              command: clamdcheck.sh
+            readiness:
+              enabled: {{ not .Values.clamavConfig.disableClamd }}
+              type: exec
+              command: clamdcheck.sh
+            startup:
+              enabled: {{ not .Values.clamavConfig.disableClamd }}
+              type: exec
+              command: clamdcheck.sh
+
+{{/* Service */}}
+service:
+  clamav:
+    enabled: {{ or (not .Values.clamavConfig.disableClamd) (not .Values.clamavConfig.disableMilterd) }}
+    primary: true
+    type: NodePort
+    targetSelector: clamav
+    ports:
+      clamd:
+        enabled: {{ not .Values.clamavConfig.disableClamd }}
+        primary: true
+        port: {{ .Values.clamavNetwork.clamdPort }}
+        nodePort: {{ .Values.clamavNetwork.clamdPort }}
+        targetPort: 3310
+        targetSelector: clamav
+      milted:
+        enabled: {{ not .Values.clamavConfig.disableMilterd }}
+        primary: {{ .Values.clamavConfig.disableClamd }}
+        port: {{ .Values.clamavNetwork.milterdPort }}
+        nodePort: {{ .Values.clamavNetwork.milterdPort }}
+        targetPort: 7357
+        targetSelector: clamav
+
+{{/* Persistence */}}
+persistence:
+  data:
+    enabled: true
+    type: {{ .Values.clamavStorage.sigdb.type }}
+    datasetName: {{ .Values.clamavStorage.sigdb.datasetName | default "" }}
+    hostPath: {{ .Values.clamavStorage.sigdb.hostPath | default "" }}
+    targetSelector:
+      clamav:
+        clamav:
+          mountPath: /var/lib/clamav
+  scan-dir:
+    enabled: true
+    type: {{ .Values.clamavStorage.scandir.type }}
+    datasetName: {{ .Values.clamavStorage.scandir.datasetName | default "" }}
+    hostPath: {{ .Values.clamavStorage.scandir.hostPath | default "" }}
+    targetSelector:
+      clamav:
+        clamav:
+          mountPath: /scandir
+{{- end -}}

community/clamav/1.0.0/templates/common.yaml

@@ -0,0 +1,6 @@
+{{- include "ix.v1.common.loader.init" . -}}
+
+{{/* Merge the templates with Values */}}
+{{- $_ := mustMergeOverwrite .Values (include "clamav.workload" $ | fromYaml) -}}
+
+{{- include "ix.v1.common.loader.apply" . -}}

community/clamav/item.yaml

@@ -0,0 +1,4 @@
+icon_url: https://raw.githubusercontent.com/micahsnyder/clamav-documentation/main/src/images/logo.png
+categories:
+  - anti-virus
+  - clamav