Update clamav/clamav-debian Docker tag to v1.5.2-31

[AlexSkrypnyk]

This PR contains the following updates:

Package	Type	Update	Change
clamav/clamav-debian (source)	final	patch	1.5.1-30 → 1.5.2-31

---

Configuration

📅 Schedule: Branch creation - "before 3am" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

Summary by CodeRabbit

• Chores
  • Updated the ClamAV Debian container base image to a newer version.

[coderabbitai]

Walkthrough

Updated the ClamAV Debian base image in the Docker configuration from version 1.5.1-30 to 1.5.2-31. All downstream build steps remain unchanged; only the base image tag is updated.

Changes

Cohort / File(s)	Summary
ClamAV Docker Base Image .docker/clamav.dockerfile	Updated base image tag from clamav/clamav-debian:1.5.1-30 to clamav/clamav-debian:1.5.2-31.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Switched ClamAV to use clamav/clamav-debian image for multi-platform support. #1812: Related ClamAV Dockerfile base image modification with previous version update.

Poem

🐰 A tiny hop from thirty to thirty-one,
ClamAV's jacket freshly spun!
Version bumped, the scanner gleams,
Security flows through Docker streams. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and clearly describes the main change: updating the ClamAV Docker image tag from 1.5.1-30 to 1.5.2-31, which directly matches the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch deps/container-images-all-major-minor-patch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.docker/clamav.dockerfile:
- Line 15: The Dockerfile uses a mutable tag in the FROM instruction ("FROM
clamav/clamav-debian:1.5.2-31"); replace that tag with the corresponding
immutable digest (preferably the image index digest for multi-arch support) so
the base image is pinned and reproducible—update the FROM line to reference the
canonical sha256 digest for the desired release (or platform-specific digest if
intentionally targeting amd64/arm64).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8ad49121-b69a-4fe9-bcc4-75a9648e693b

📥 Commits

Reviewing files that changed from the base of the PR and between ab18e17 and 9724290.

📒 Files selected for processing (1)

• .docker/clamav.dockerfile

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="clamav/clamav-debian"
tag="1.5.2-31"

echo "Attempting to resolve digest for ${repo}:${tag}..."

# Get token
token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" 2>&1 | jq -r '.token' 2>&1)"

if [ -z "$token" ] || [ "$token" = "null" ]; then
  echo "Error: Failed to get authentication token"
  exit 1
fi

echo "Token obtained: ${token:0:20}..."

# Get digest
digest="$(
  curl -fsSI \
    -H "Authorization: Bearer ${token}" \
    -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
    "https://registry-1.docker.io/v2/${repo}/manifests/${tag}" \
  2>&1 | tr -d '\r' \
  | awk -F': ' '/Docker-Content-Digest/ {print $2}'
)"

if [ -z "$digest" ]; then
  echo "Error: Failed to resolve digest. Tag may not exist or be accessible."
  exit 1
fi

echo "Successfully resolved digest:"
echo "${repo}:${tag}@${digest}"

Repository: drevops/vortex

Length of output: 232

---

🏁 Script executed:

#!/bin/bash

# Try a simpler curl request to check if the tag exists
repo="clamav/clamav-debian"
tag="1.5.2-31"

# Get token
token=$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" | jq -r '.token')

# Try to get manifest metadata (without -I flag to get more info)
echo "Checking if tag exists..."
curl -fsSL \
  -H "Authorization: Bearer ${token}" \
  -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
  "https://registry-1.docker.io/v2/${repo}/manifests/${tag}" 2>&1 | head -50

echo ""
echo "---"
echo "Attempting to list available tags..."

# Try to get tags list
curl -fsSL \
  -H "Authorization: Bearer ${token}" \
  "https://registry-1.docker.io/v2/${repo}/tags/list" 2>&1 | jq '.tags | sort | .[-10:]'

Repository: drevops/vortex

Length of output: 2005

---

Pin the updated ClamAV image to an immutable digest.

Line 15 uses a mutable tag. Pinning clamav/clamav-debian:1.5.2-31 to its digest improves reproducibility and prevents silent upstream retags.

Suggested change (amd64 example)

-FROM clamav/clamav-debian:1.5.2-31
+FROM clamav/clamav-debian:1.5.2-31@sha256:83f8128fadcd26bb3a177ea66b995efa6b1a22a13d11b6e4d2679681e2873bab

Note: This image supports multiple architectures (amd64, arm64). If targeting a specific platform, use the corresponding digest. For multi-arch support, prefer pinning to the image index digest rather than individual platform digests.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	FROM clamav/clamav-debian:1.5.2-31
	FROM clamav/clamav-debian:1.5.2-31@sha256:83f8128fadcd26bb3a177ea66b995efa6b1a22a13d11b6e4d2679681e2873bab

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.docker/clamav.dockerfile at line 15, The Dockerfile uses a mutable tag in
the FROM instruction ("FROM clamav/clamav-debian:1.5.2-31"); replace that tag
with the corresponding immutable digest (preferably the image index digest for
multi-arch support) so the base image is pinned and reproducible—update the FROM
line to reference the canonical sha256 digest for the desired release (or
platform-specific digest if intentionally targeting amd64/arm64).

[github-actions]

Code Coverage Report:
  2026-03-06 00:08:45

 Summary:
  Classes:  0.00% (0/1)
  Methods:  0.00% (0/2)
  Lines:   94.71% (179/189)

[AlexSkrypnyk]

Code Coverage Report:
  2026-03-06 00:11:32

 Summary:
  Classes:  0.00% (0/1)
  Methods:  0.00% (0/2)
  Lines:   94.71% (179/189)

[AlexSkrypnyk]

Code Coverage Report:
  2026-03-06 00:11:58

 Summary:
  Classes:  0.00% (0/1)
  Methods:  0.00% (0/2)
  Lines:   94.71% (179/189)