Using ClamAV with persistentVolume

[hperez-lab]

I have enabled the persistentVolume in my ClamAV configuration:

apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
  name: clamav
spec:
  releaseName: clamav
  targetNamespace: clamav
  chart:
    repository: https://wiremind.github.io/wiremind-helm-charts
    name: clamav
    version: 2.6.2
  values:
    image:
      repository: ghcr.io/mailu/clamav # Should be a mirror on our docker-registry
      tag: 1.9.50
    ## Clamav data dir persistence
    persistentVolume:
      enabled: true
      accessModes:
      - ReadWriteOnce
      size: 1Gi

The pv and pvc are created as expected however I'm getting the below error when the container is trying to start:

Tue Aug 29 07:44:56 2023 -> ERROR: Can't create freshclam.dat in /data
Tue Aug 29 07:44:56 2023 -> Hint: The database directory must be writable for UID 2000 or GID 2000
Tue Aug 29 07:44:56 2023 -> Hint: The database directory must be writable for UID 2000 or GID 2000

As a workaround I have created a pod associated to the pvc already created and changing the permission of the /data folder form root to 2000 (chown 2000:2000 /data). But I would like to know it there is any way to fix this issue without having to make the workaround.

I have tried different configurations with podSecurityContext and securityContext but unsuccessfully.

Thank you

[sugarman402]

Hi, we encountered into the very same issue.

[sugarman402]

We found a workaround for this, We added fsGroup: 2000 to the values file under the podSecurityContext key.

[desaintmartin]

Hi, PR accepted!