dhi: add malware scan info

[craig-osterhout]

Description

Summary

• Add new Explore topic documenting how Docker scans DHI images for malware using ClamAV, including how to retrieve and verify the virus scan attestation
• Update the base and customized build pipeline descriptions to include scanning (malware, secrets, vulnerabilities) as an explicit pipeline step
• Add cross-references from the attestations page to the new malware scanning topic

Details

DHI images include a signed virus/malware scan attestation (https://scout.docker.com/virus/v0.1), but this wasn't documented anywhere beyond a one-line mention in the attestations table. This PR adds a dedicated Explore topic for it and integrates scanning into the build pipeline documentation.

The attestation content was verified by pulling actual attestations from both a base image (dhi.io/python:3.13) and a customized image (projectsteam/dhi-python-3:3.10-alpine3.22_curl). Key findings that informed the docs:

• The virus scan uses ClamAV (clamav/clamav:stable), scanning all OCI blobs including archives
• The attestation payload is JSON with a base64-encoded ClamAV report
• Both base and customized images get virus, secrets, and vulnerability scanning
• Only base images get the functional test attestation — customized images do not

Notable generated topics

• https://deploy-preview-24729--docsdocker.netlify.app/dhi/explore/malware-scanning/
• https://deploy-preview-24729--docsdocker.netlify.app/dhi/explore/build-process/

Related issues or tickets

Closes #24728

Reviews

• Editorial review

[craig-osterhout]

/review

[netlify]

✅ Deploy Preview for docsdocker ready!

Name	Link
🔨 Latest commit	2cbe02e
🔍 Latest deploy log	https://app.netlify.com/projects/docsdocker/deploys/69de77b8e37fea0008e95a9a
😎 Deploy Preview	https://deploy-preview-24729--docsdocker.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[docker-agent]

Assessment: 🟢 APPROVE

This PR adds comprehensive documentation for malware scanning in Docker Hardened Images. The changes are well-structured and follow the Docker documentation style guide.

What was reviewed:

• New file: malware-scanning.md - Documents ClamAV-based virus scanning with clear examples
• Updated: attestations.md - Added cross-references to the new malware scanning topic
• Updated: build-process.md - Integrated scanning into the build pipeline diagrams
• Updated: _index.md - Added navigation entry for the new topic

Quality checks passed:
✅ No AI-generated patterns (hedge words, meta-commentary, marketing speak)
✅ Proper front matter with all required fields
✅ Valid cross-references and links
✅ Correct goat diagram syntax
✅ Follows Docker documentation style guide
✅ Clear, concise, and technically accurate content
✅ Good use of callouts and code examples

The documentation is ready to merge.

[dvdksn]

LGTM

[dvdksn]

you can also unset weight to let it sink to the bottom - pages with any weight are always ranked higher than weightless pages.