A Go proxy for clamd that filters out insecure commands.
While ClamAV's protocol was not originally designed for remote scanning, there are legitimate reasons to do so in certain environments. clamdproxy enables remote virus scanning by acting as a security layer between clients and the ClamAV daemon.
Common use cases include:
- Providing virus scanning services to containerized applications without installing ClamAV in each container
- Creating centralized scanning services in microservice architectures
- Enabling scanning from untrusted networks without exposing full clamd functionality
- Integrating with API gateways and service meshes for content security
- Proxies clamd protocol commands to a backend clamd server
- Uses a whitelist approach
- Blocks all other commands for enhanced security
- Supports both null character and newline delimited commands
- Handles special INSTREAM command properly
- Performance optimized with buffer pools and efficient I/O
- Configurable logging levels
The easiest way to get started is to download a pre-built binary from the GitHub Releases page:
-
Navigate to the latest release
-
Download the appropriate binary for your platform (Linux, macOS, Windows)
-
Make the file executable (on Unix-based systems):
chmod +x clamdproxy -
Move it to a directory in your PATH (optional):
sudo mv clamdproxy /usr/local/bin/
If you prefer to build from source:
git clone https://github.com/miklosn/clamdproxy.git
cd clamdproxy
go build -o clamdproxy
Basic usage:
clamdproxy --listen 127.0.0.1:3310 --backend 127.0.0.1:3311
--listen: Address to listen on (default: 127.0.0.1:3310)--backend: Address of the backend clamd server (default: 127.0.0.1:3311)--log-level: Logging level: debug, info, warn, error (default: warn)--pprof: Address for pprof HTTP server (disabled if empty)--allow-command: ClamAV command to allow (can be specified multiple times). If not specified, defaults to a subset of commands (PING, VERSION, VERSIONCOMMANDS, INSTREAM).
The proxy supports the clamd protocol as described in the clamd documentation. It handles both null-terminated commands (prefixed with 'z') and newline-terminated commands (prefixed with 'n').
clamdproxy is designed to be lightweight and efficient:
- Uses buffer pools to reduce memory allocations
- Implements efficient I/O with buffered readers/writers
- Minimal overhead for proxying commands and data
I use this program in production with quite some traffic, albeit in a very narrow use case. Ideas, bug reports, contributions are welcome!