Skip to content

Add unified scanner with TensorTrap + ClamAV integration#5

Open
JustMaier wants to merge 1 commit intomainfrom
feature/unified-scanner-tensortrap
Open

Add unified scanner with TensorTrap + ClamAV integration#5
JustMaier wants to merge 1 commit intomainfrom
feature/unified-scanner-tensortrap

Conversation

@JustMaier
Copy link
Copy Markdown
Contributor

@JustMaier JustMaier commented Jan 15, 2026

Summary

  • Adds unified scanner container combining TensorTrap ML security scanner with ClamAV antivirus
  • Implements shadow mode to run both legacy (picklescan) and unified scanners in parallel for safe rollout
  • Adds metrics endpoint to track scanner agreement rates before migration
  • Includes e2e test infrastructure for local development

Key Changes

New Components

  • unified-scanner: Docker container with TensorTrap + ClamAV
  • clamav-updater: Sidecar container for automatic virus definition updates
  • ShadowModeMetrics: Tracks comparison between legacy and unified scanner results

Features

  • Shadow mode runs both scanners in parallel, uses legacy results but logs discrepancies
  • /metrics/shadow endpoint shows agreement rate, discrepancies, and recommendations
  • Docker-in-Docker support with shared volumes for file access
  • Path validation to prevent command injection
  • Atomic file writes for metrics persistence

Performance

  • TensorTrap scans 2GB .ckpt files in ~3.5 seconds vs 4-5 minutes with legacy picklescan
  • Uses optimized fork: JustMaier/TensorTrap

Test plan

  • Shadow mode test with 2GB .ckpt file - both scanners agree (100% agreement rate)
  • Metrics endpoint returns correct statistics
  • E2E test infrastructure working
  • Test with known malicious samples to verify discrepancy detection

Configuration

Enable shadow mode:

ScannerOptions__ShadowMode=true

Enable unified scanner only (after shadow mode validation):

ScannerOptions__UseUnifiedScanner=true
ScannerOptions__ShadowMode=false

🤖 Generated with Claude Code

@JustMaier @claude
Add unified scanner with TensorTrap + ClamAV integration
a7caaf4 
- Add unified-scanner container with TensorTrap ML security scanner and ClamAV
- Add clamav-updater sidecar for automatic virus definition updates
- Implement shadow mode to compare legacy (picklescan) vs unified scanner results
- Add metrics endpoint (/metrics/shadow) to track scanner agreement rates
- Support Docker-in-Docker with shared volume for file access
- Add path validation to prevent command injection
- Add e2e test infrastructure for local testing
- Preserve file extensions for TensorTrap format detection
- Add atomic file writes for metrics persistence

Performance: TensorTrap scans 2GB .ckpt files in ~3.5 seconds vs 4-5 minutes with legacy scanner

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@JustMaier JustMaier requested a review from koenbeuk January 15, 2026 01:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@koenbeuk koenbeuk Awaiting requested review from koenbeuk

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JustMaier