clamscan
clamscan copied to clipboard
kylefarris
Socket times out when remote scanning EICAR test file
Whenever I try to test a virus positive EICAR test file I get a socket timeout. Virus negative files work fine.
removeInfected: false,
debugMode: true,
scanRecursively: false,
clamdscan: {
host: CLAM_AV_IP,
port: CLAM_AV_PORT,
localFallback: false,
},
preference: 'clamdscan',
};
const ClamScan = new NodeClam().init(config);
ClamScan.then(async clamscan => {
try {
let filename = './eicar.com.txt'
const {isInfected, file, viruses} = await clamscan.isInfected(filename);
if (isInfected) console.log(`${file} is infected with ${viruses}!`);
} catch (err) {
// Handle any errors raised by the code in the try block
}
}).catch(err => {
// Handle errors that may have occurred during initialization
});
I get the following output:
node-clam: Provided stream is readable.
node-clam: Attempting to establish socket/TCP connection for "scanStream"
node-clam: using remote server: n.n.n.n:3310
passed stream
node-clam: Received final data from stream.
node-clam: The input stream has dried up.
node-clam: Socket/Host connection failed: Error: read ETIMEDOUT
at TCP.onStreamRead (internal/stream_base_commons.js:205:27) {
errno: 'ETIMEDOUT',
code: 'ETIMEDOUT',
syscall: 'read'
}
node-clam: Error emitted from ClamAV socket: Error: read ETIMEDOUT
at TCP.onStreamRead (internal/stream_base_commons.js:205:27) {
errno: 'ETIMEDOUT',
code: 'ETIMEDOUT',
syscall: 'read'
}
node-clam: Socket/Host connection closed.
node-clam: ClamAV socket has been closed! true
Negative file gets the following output from the same server
node-clam: Received output from ClamAV Socket.
node-clam: ClamAV is done scanning.
node-clam: Raw Response: stream: OK
stream: OK
node-clam: File is OK!
node-clam: Socket/Host connection closed.
node-clam: ClamAV socket has been closed! false
Can you clone the repo directly, CD to it, and then npm i, and then run npm run test? Do all the tests pass?
Kyle
They don't. I'm using node v16.
npm i
up to date, audited 381 packages in 1s
61 packages are looking for funding
run `npm fund` for details
1 critical severity vulnerability
To address all issues, run:
npm audit fix
Run `npm audit` for details.
dcozens@ALG3030 clamscan % npm run test
> [email protected] test
> make test
up to date, audited 381 packages in 1s
61 packages are looking for funding
run `npm fund` for details
1 critical severity vulnerability
To address all issues, run:
npm audit fix
Run `npm audit` for details.
NodeClam Module
✔ should return an object
✔ should not be initialized immediately
Initialized NodeClam module
1) should have certain config properties defined
2) should have the proper global default values set
3) should have the proper clamscan default values set
4) should have the proper clamdscan default values set
✔ should accept an options array and merge them with the object defaults
✔ should failover to alternate scanner if preferred scanner is inactive
✔ should fail if an invalid scanner preference is supplied when socket or host is not specified and localFallback is not false
Reason: invalid scanner: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock' Error: connect ENOENT /var/run/clamd.scan/clamd.sock
Unhandled Rejection reason: [AssertionError: invalid scanner: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock'] {
showDiff: true,
actual: 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock',
expected: 'Error',
operator: 'notStrictEqual'
}
Reason: invalid scanner: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock' Error: connect ENOENT /var/run/clamd.scan/clamd.sock
Unhandled Rejection reason: [AssertionError: invalid scanner: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock'] {
showDiff: true,
actual: 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock',
expected: 'Error',
operator: 'notStrictEqual'
}
✔ should fail to load if no active & valid scanner is found and socket is not available
✔ should fail to load if quarantine path (if specified) does not exist or is not writable and socket is not available
Reason: good quarantine path: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock' Error: connect ENOENT /var/run/clamd.scan/clamd.sock
Unhandled Rejection reason: [AssertionError: good quarantine path: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock'] {
showDiff: true,
actual: 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock',
expected: 'Error',
operator: 'notStrictEqual'
}
Reason: good quarantine path: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock' Error: connect ENOENT /var/run/clamd.scan/clamd.sock
Unhandled Rejection reason: [AssertionError: good quarantine path: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock'] {
showDiff: true,
actual: 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock',
expected: 'Error',
operator: 'notStrictEqual'
}
5) should set definition database (clamscan) to null if specified db is not found
6) should set scanLog to null if specified scanLog is not found
Reason: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock' Error: connect ENOENT /var/run/clamd.scan/clamd.sock
Unhandled Rejection reason: [AssertionError: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock'] {
showDiff: true,
actual: 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock',
expected: 'Error',
operator: 'notStrictEqual'
}
Reason: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock' Error: connect ENOENT /var/run/clamd.scan/clamd.sock
Unhandled Rejection reason: [AssertionError: expected promise not to be rejected with 'Error' but it was rejected with 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock'] {
showDiff: true,
actual: 'Error: connect ENOENT /var/run/clamd.scan/clamd.sock',
expected: 'Error',
operator: 'notStrictEqual'
}
7) should be able have configuration settings changed after instantiation
8) should initialize successfully with a custom config file, even if the default config file does not exist
_buildClamFlags
9) "before each" hook for "should build an array"
getVersion
10) "before each" hook for "should exist"
_initSocket
11) "before each" hook for "should exist"
_ping
12) "before each" hook for "should exist"
isInfected
13) "before each" hook for "should exist"
scanFile
14) "before each" hook for "should exist"
scanFiles
15) "before each" hook for "should exist"
scanDir
16) "before all" hook for "should exist"
scanStream
17) "before all" hook for "should exist"
passthrough
18) "before all" hook for "should exist"
7 passing (40ms)
18 failing
1) Initialized NodeClam module
should have certain config properties defined:
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
2) Initialized NodeClam module
should have the proper global default values set:
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
3) Initialized NodeClam module
should have the proper clamscan default values set:
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
4) Initialized NodeClam module
should have the proper clamdscan default values set:
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
5) Initialized NodeClam module
should set definition database (clamscan) to null if specified db is not found:
Error: No valid & active virus scanning binaries are active and available and no host/socket option provided!
at /Users/dcozens/sfg20/clamscan/index.js:241:41
6) Initialized NodeClam module
should set scanLog to null if specified scanLog is not found:
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
7) Initialized NodeClam module
should be able have configuration settings changed after instantiation:
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
8) Initialized NodeClam module
should initialize successfully with a custom config file, even if the default config file does not exist:
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
9) _buildClamFlags
"before each" hook for "should build an array":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
10) getVersion
"before each" hook for "should exist":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
11) _initSocket
"before each" hook for "should exist":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
12) _ping
"before each" hook for "should exist":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
13) isInfected
"before each" hook for "should exist":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
14) scanFile
"before each" hook for "should exist":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
15) scanFiles
"before each" hook for "should exist":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
16) scanDir
"before all" hook for "should exist":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
17) scanStream
"before all" hook for "should exist":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
18) passthrough
"before all" hook for "should exist":
Error: connect ENOENT /var/run/clamd.scan/clamd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
make: *** [test] Error 18
Those errors seem to indicate a misconfiguration of your clamd host or possibly a permissions or SELinux issue. Are you able to scan files using clamdscan on the command line? For example clamdscan someFileName?
It's deployed to AWS Fargate from Docker image tquinnelly/clamav-alpine:latest so I don't have command line access.
But it's odd that a regular text file scan returns OK, it's just the EICAR test file that throws the error... There's also nothing in the logs
Yeah man, I took a look through https://github.com/tquizzle/clamav-alpine and I just don't know enough about that setup and without anyway to test it outside of the use of the package, it makes it very difficult to narrow down the cause.
With that being said, the package is running and passing tests on my Linux and MacOS machines (non-Docker) without a problem.
Would you recommend another docker image? D
On Mon, Aug 1, 2022 at 3:27 PM Kyle Farris @.***> wrote:
Yeah man, I took a look through https://github.com/tquizzle/clamav-alpine and I just don't know enough about that setup and without anyway to test it outside of the use of the package, it makes it very difficult to narrow down the cause.
With that being said, the package is running and passing tests on my Linux and MacOS machines (non-Docker) without a problem.
— Reply to this email directly, view it on GitHub https://github.com/kylefarris/clamscan/issues/103#issuecomment-1201280402, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA2Y23AUVZ4IT4DPY7TENRTVW7NG7ANCNFSM55APLMSQ . You are receiving this because you authored the thread.Message ID: @.***>