Jaspal,
I think Micah was replying to Marc.
Your email ettiquette was great.
On Fri, 18 Feb 2022, Jaspal Singh Sandhu via clamav-users wrote:
Hi Micah,
I will use https://github.com/Cisco-Talos/clamav/issues/new/choose.
There was no intention of Mocking. It was simply to let you know that we
saw the vulnerabilities in busybox and pulled back from that image.
We have successfully upgraded clamav. It is an awesome product.
Nowadays, it is good to be extra cautious.
Again, thanks for your support.
Thanks,
Jaspal Sandhu
Roberthalf
On Thu, Feb 17, 2022 at 11:52 AM Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:
Please don't hijack a thread to report a bug or request an improvement. A
new thread for new discussion topic is always great.
Please also be careful in your phrasing. ClamAV's docker support was 99%
the work of a kind-hearted community member. Mocking the current design
isn't helpful. I do see what you're talking about. I'm sure there is room
for improvement.
If you know there is a bug, please report the issue
https://github.com/Cisco-Talos/clamav/issues/new/choose
<https://github.com/Cisco-Talos/clamav/issues/new?assignees=&labels=&template=bug_report.md&title=>
If you have a proposed solution for the issue, it's still good to make the
issue and submit your solution in a pull-request.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
------------------------------
*From:* Marc <m...@f1-outsourcing.eu>
*Sent:* Sunday, February 13, 2022 5:02 AM
*To:* ClamAV users ML <clamav-users@lists.clamav.net>
*Cc:* Micah Snyder (micasnyd) <micas...@cisco.com>; Sandhu, Jaspal (HQP) <
jaspal.san...@roberthalf.com>
*Subject:* RE: CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities
for Busy Box
My team is new to maintaining images on Docker Hub. We hadn't yet
identified the best practices for how to publish an image for the same
ClamAV version with a new base image. After a little investigation, I
settled on this on this scheme.
I can see ;)
This is of course crap.
# Wait forever (or until canceled)
exec tail -f "/dev/null"
The goal of the entrypoint.sh exec is that if it terminates the OC can
take proper action, eg restart the task. In your case clamd can crash and
no action will be taken, because the OC monitors a useless tail?????
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
