search

benzino77 / clamav-rest-api

ClamAV REST API. Scan files using simple POST request.
MIT License
105 stars 37 forks source link

CRA returns `"is_infected": null` #45

Closed d-mankowski-synerise closed 1 year ago

d-mankowski-synerise commented 1 year ago

I ran docker-compose (simple docker-compose up) and CRA returns result as in the title. No matter what files I scanned, every time it returned null. When I changed image from benzino77/clamav-rest-api to benzino77/clamav-rest-api:1.1.2 it works fine - hence, there must be some regression done lately.

❯ curl -s -XPOST http://localhost:8080/api/v1/scan -F FILES=@versions.sh | jq
{
  "success": true,
  "data": {
    "result": [
      {
        "name": "versions.sh",
        "is_infected": null,
        "viruses": []
      }
    ]
  }
}

logs from containers:

synerise-base-images-api-1    | 
synerise-base-images-api-1    | > clamav-rest-api@1.1.3 start /clamav-rest-api
synerise-base-images-api-1    | > node src/app.js
synerise-base-images-api-1    | 
synerise-base-images-api-1    | Cannot initialize clamav object: Error: connect ECONNREFUSED 172.18.0.2:3310
synerise-base-images-api-1 exited with code 0
Socket for clamd not found yet, retrying (18/1800) ...Tue Feb 14 00:09:35 2023 -> Limits: Global time limit set to 120000 milliseconds.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: Global size limit set to 104857600 bytes.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: File size limit set to 26214400 bytes.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: Recursion level limit set to 17.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: Files limit set to 10000.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: MaxPartitions limit set to 50.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: MaxIconsPE limit set to 100.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: MaxRecHWP3 limit set to 16.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: PCREMatchLimit limit set to 100000.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: PCRERecMatchLimit limit set to 2000.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Limits: PCREMaxFileSize limit set to 26214400.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Archive support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> AlertExceedsMax heuristic detection disabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Heuristic alerts enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Portable Executable support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> ELF support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Mail files support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> OLE2 support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> PDF support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> SWF support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> HTML support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> XMLDOCS support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> HWP3 support enabled.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Self checking every 600 seconds.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:35 2023 -> Set stacksize to 1048576
synerise-base-images-clamd-1  | socket found, clamd started.
synerise-base-images-clamd-1  | Starting Freshclamd
synerise-base-images-clamd-1  | ClamAV update process started at Tue Feb 14 00:09:36 2023
synerise-base-images-clamd-1  | daily database available for update (local version: 26644, remote version: 26811)
synerise-base-images-clamd-1  | WARNING: downloadFile: file not found: https://database.clamav.net/daily-26645.cdiff
synerise-base-images-clamd-1  | WARNING: downloadPatch: Can't download daily-26645.cdiff from https://database.clamav.net/daily-26645.cdiff
synerise-base-images-clamd-1  | WARNING: downloadFile: file not found: https://database.clamav.net/daily-26645.cdiff
synerise-base-images-clamd-1  | WARNING: downloadPatch: Can't download daily-26645.cdiff from https://database.clamav.net/daily-26645.cdiff
synerise-base-images-clamd-1  | WARNING: downloadFile: file not found: https://database.clamav.net/daily-26645.cdiff
synerise-base-images-clamd-1  | WARNING: downloadPatch: Can't download daily-26645.cdiff from https://database.clamav.net/daily-26645.cdiff
synerise-base-images-clamd-1  | WARNING: Incremental update failed, trying to download daily.cvd
synerise-base-images-api-1    | 
synerise-base-images-api-1    | > clamav-rest-api@1.1.3 start /clamav-rest-api
synerise-base-images-api-1    | > node src/app.js
synerise-base-images-api-1    | 
synerise-base-images-api-1    | Server started on PORT: 3000
synerise-base-images-clamd-1  | Testing database: '/var/lib/clamav/tmp.0ea496f986/clamav-75a151af4898ac4094f65ca92323f264.tmp-daily.cvd' ...
synerise-base-images-clamd-1  | Database test passed.
synerise-base-images-clamd-1  | daily.cvd updated (version: 26811, sigs: 2020779, f-level: 90, builder: raynman)
synerise-base-images-clamd-1  | main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
synerise-base-images-clamd-1  | bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
synerise-base-images-clamd-1  | Clamd successfully notified about the update.
synerise-base-images-clamd-1  | Tue Feb 14 00:09:46 2023 -> Reading databases from /var/lib/clamav
synerise-base-images-clamd-1  | Tue Feb 14 00:10:05 2023 -> Database correctly reloaded (8652711 signatures)
synerise-base-images-clamd-1  | Tue Feb 14 00:10:05 2023 -> Activating the newly loaded database...
synerise-base-images-api-1    | ::ffff:172.18.0.1 - - [14/Feb/2023:00:10:29 +0000] "POST /api/v1/scan HTTP/1.1" 200 91 "-" "curl/7.85.0"
synerise-base-images-api-1    | ::ffff:172.18.0.1 - - [14/Feb/2023:00:11:58 +0000] "POST /api/v1/scan HTTP/1.1" 200 91 "-" "curl/7.85.0"
synerise-base-images-api-1    | ::ffff:172.18.0.1 - - [14/Feb/2023:00:12:05 +0000] "POST /api/v1/scan HTTP/1.1" 200 91 "-" "curl/7.85.0"
synerise-base-images-api-1    | ::ffff:172.18.0.1 - - [14/Feb/2023:00:12:11 +0000] "POST /api/v1/scan HTTP/1.1" 200 91 "-" "curl/7.85.0"
synerise-base-images-api-1    | ::ffff:172.18.0.1 - - [14/Feb/2023:00:12:19 +0000] "POST /api/v1/scan HTTP/1.1" 200 91 "-" "curl/7.85.0"
synerise-base-images-api-1    | ::ffff:127.0.0.1 - - [14/Feb/2023:00:14:33 +0000] "GET /api/v1/dbsignatures HTTP/1.1" 200 98 "-" "curl/7.64.0"
synerise-base-images-api-1    | ::ffff:127.0.0.1 - - [14/Feb/2023:00:15:20 +0000] "POST /api/v1/scan HTTP/1.1" 200 92 "-" "curl/7.64.0"
synerise-base-images-api-1    | ::ffff:127.0.0.1 - - [14/Feb/2023:00:17:53 +0000] "POST /api/v1/scan HTTP/1.1" 200 92 "-" "curl/7.64.0"
synerise-base-images-api-1    | ::ffff:172.18.0.1 - - [14/Feb/2023:00:19:31 +0000] "POST /api/v1/scan HTTP/1.1" 400 59 "-" "curl/7.85.0"
synerise-base-images-api-1    | ::ffff:172.18.0.1 - - [14/Feb/2023:00:19:34 +0000] "POST /api/v1/scan HTTP/1.1" 200 91 "-" "curl/7.85.0"
synerise-base-images-clamd-1  | Tue Feb 14 00:19:48 2023 -> SelfCheck: Database status OK.
benzino77 commented 1 year ago

Hmmm. That is interesting. CRA started "by hand" works as expected. There must be something wrong with the docker image itself. 

❯ jq ".version" package.json
"1.1.3"
❯ curl -s -XPOST http://localhost:8080/api/v1/scan -F FILES=@package.json | jq
{
  "success": true,
  "data": {
    "result": [
      {
        "name": "package.json",
        "is_infected": false,
        "viruses": []
      }
    ]
  }
}
❯ curl -s -XPOST http://localhost:8080/api/v1/scan -F FILES=@src/tests/eicar_com.zip | jq
{
  "success": true,
  "data": {
    "result": [
      {
        "name": "eicar_com.zip",
        "is_infected": true,
        "viruses": [
          "Win.Test.EICAR_HDB-1"
        ]
      }
    ]
  }
}

@d-mankowski-synerise dzięki Dominik za raport - w wolnej chwili popatrzę co jest nie tak z obrazem i postaram się wypchnąć taki który działa.

kyxap1 commented 1 year ago

I build own image and getting the same result as the reporter's one.

benzino77 commented 1 year ago

Could you guys please test v1.1.4 version? It is already pushed to registry.

kyxap1 commented 1 year ago

It's works! Thank you so much!

takutomasuda commented 1 year ago

I also encountered the same phenomenon, using v1.1.3. It was improved by setting APP_MAX_FILE_SIZE.

d-mankowski-synerise commented 1 year ago

Everything works now, thanks for quick reaction :)