Malware scanningΒΆ
Certain CI builds can be configured with ClamAV integration, so that builds
have a basic malware scan performed on their output files. This is not yet
very generalized (it currently only works for builds in the private soss
distribution), and should not be expected to be robust.
To enable this in a local Launchpad installation, set this in
launchpad-lazr.conf
(or otherwise arrange for "scan_malware": true
to be included in the arguments dispatched to the builder):
[cibuild.soss]
scan_malware: True
database.clamav.net
rate-limits clients. To avoid this, and generally
to be good citizens, we maintain a private mirror of the ClamAV
database. This is organized using the clamav-database-mirror charm, deployed via the
vbuilder
Mojo spec (Canonical-internal); on production, this is exposed to builders
as clamav-database-mirror.lp.internal
. launchpad-buildd-image-modifier is
configured to pass a suitable local URL on to launchpad-buildd
, but you
can also do this in a local installation by adding something like the
following to /etc/launchpad-buildd/default
:
[proxy]
clamavdatabase = http://clamav-database-mirror.test/