Description
I require a pattern to deploy clam in a container initially for AWS ECS (Elastic Container Service) but need a solution that can replicate the same pattern for x (> 500) dedicated hosts running docker locally. The goal being to have a single solution for both to minimize code branching. Can someone please offer a pattern where x other containers (ATM this would be limited to a single container in each ECS cluster [same with dedicated host] but in future may include other micro-service containers) can call clamdscan from a central clam based container. The cludgy method after a couple of hours of research is via socket either via common volume mount (really bad) or via private docker network (much better) but need to know if this is the preferred best practices approach and if so how to stitch it together i.e. what to expose from the clam container and how to consume the clamdscan service from other containers. The clam doco is really good but fails how to achieve this.
refer: https://docs.clamav.net/manual/Usage/Scanning.html#clamdscan
Any assistance in this matter would be greatly appreciated. Orchestration will be varied between AWS taskDefs for ECS clusters and compose for on-prem so don't require details for orchestration just best practices and methods for exposing and consuming clamdscan in a clam container from other containers.
Any assistance in this matter is greatly appreciated.