Malware Detection
Scan container filesystems for malware using ClamAV signatures. Each scan produces a JSON report archived to S3.
Requirements
Malware scanning requires the ClamAV sidecar, enabled by default in the Helm chart:
# values.yaml (default: enabled)
clamav:
enabled: true
ClamAV uses 512Mi–2Gi memory for its signature database. See Sizing.
Schedule with the Agent
# Daily malware scan at 4am
reel.io/schedule: |
0 4 * * * | export malware
reel.io/s3-bucket: "compliance-evidence"
One-Shot with the CLI
Run a malware scan from your terminal — no agent required.
# Scan an image
reel export malware nginx:latest
# Scan a running container
reel export malware --container my-nginx
What Gets Detected
ClamAV scans the container filesystem for:
- Known viruses and trojans
- Rootkits and backdoors
- Cryptominers and unwanted software
- Suspicious executables and scripts
Output: JSON with scan results, infected file paths, and threat names.
Combined Scanning
Chain malware scanning with other scans using the next keyword:
# Full security suite: SBOM → CBOM → malware
reel.io/schedule: |
0 6 * * * | export sbom --scanners vuln
next | export cbom
next | export malware