forked from malice-plugins/windows-defender
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
80 lines (66 loc) · 2.76 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
####################################################
# GOLANG BUILDER
####################################################
FROM golang:1.11 as go_builder
COPY . /go/src/github.com/malice-plugins/windows-defender
WORKDIR /go/src/github.com/malice-plugins/windows-defender
RUN go get -u github.com/golang/dep/cmd/dep && dep ensure
RUN go build -ldflags "-s -w -X main.Version=v$(cat VERSION) -X main.BuildTime=$(date -u +%Y%m%d)" -o /bin/avscan
####################################################
# PLUGIN BUILDER
####################################################
FROM ubuntu:bionic
LABEL maintainer "https://github.com/blacktop"
LABEL malice.plugin.repository = "https://github.com/malice-plugins/windows-defender.git"
LABEL malice.plugin.category="av"
LABEL malice.plugin.mime="*"
LABEL malice.plugin.docker.engine="*"
# Create a malice user and group first so the IDs get set the same way, even as
# the rest of this may change over time.
RUN groupadd -r malice \
&& useradd --no-log-init -r -g malice malice \
&& mkdir /malware \
&& chown -R malice:malice /malware
RUN buildDeps='libreadline-dev:i386 \
ca-certificates \
libc6-dev:i386 \
build-essential \
gcc-multilib \
cabextract \
mercurial \
git-core \
unzip \
wget' \
&& set -x \
&& dpkg --add-architecture i386 && apt-get update -qq \
&& apt-get install -y $buildDeps libc6-i386 --no-install-recommends \
&& echo "===> Install taviso/loadlibrary..." \
&& git clone https://github.com/taviso/loadlibrary.git /loadlibrary \
&& echo "===> Download 32-bit antimalware update file.." \
&& wget --progress=bar:force "https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86" -O \
/loadlibrary/engine/mpam-fe.exe \
&& cd /loadlibrary/engine \
&& cabextract mpam-fe.exe \
&& rm mpam-fe.exe \
&& cd /loadlibrary \
&& make -j2 \
&& echo "===> Clean up unnecessary files..." \
&& apt-get purge -y --auto-remove $buildDeps $(apt-mark showauto) \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /var/cache/apt/archives /tmp/* /var/tmp/*
# Ensure ca-certificates is installed for elasticsearch to use https
RUN apt-get update -qq && apt-get install -yq --no-install-recommends ca-certificates \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Install exiftool for engine version extraction
RUN apt-get update -qq && apt-get install -yq --no-install-recommends exiftool \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Add EICAR Test Virus File to malware folder
ADD http://www.eicar.org/download/eicar.com.txt /malware/EICAR
RUN mkdir -p /opt/malice
COPY update.sh /opt/malice/update
COPY --from=go_builder /bin/avscan /bin/avscan
WORKDIR /malware
ENTRYPOINT ["/bin/avscan"]
CMD ["--help"]
####################################################
####################################################