search

benzino77 / clamav-rest-api

ClamAV REST API. Scan files using simple POST request.
MIT License
105 stars 37 forks source link

a few suggestions and fixes #46

Closed shm-eboks closed 10 months ago

shm-eboks commented 1 year ago

tried to push a branch, for you to evaluate, no permissions - so ill post it here:

dockerfile i've succesfully managed to update and run the rest api image under node:19, add below to dockerfile

FROM node:19.8.1-buster-slim

you should strongly consider using the official npm installer for idempotent images, replace your 

npm install --production

with:

npm ci --only=prodution

note: why - here https://docs.npmjs.com/cli/v9/commands/npm-ci note: this will also fail on the current node version, so do upgrade to the latest node:19

reason to why you had to rollback the previous commit/image if you attempt to run docker compose without the proper env variable APP_MAX_FILE_SIZE set, clamd will response with garbage. This is also why it was working when running it "locally"

example, if you enable node-clam debug flag and run without this env variable set:

node-clam: Socket/Host connection closed.
examples-api-1    | node-clam: Provided stream is readable.
examples-api-1    | node-clam: Attempting to establish socket/TCP connection for "scanStream"
examples-api-1    | node-clam: using remote server: 172.25.0.2:3310
examples-api-1    | node-clam: Received final data from stream.
examples-api-1    | node-clam: The input stream has dried up.
examples-api-1    | node-clam: Received output from ClamAV Socket.
examples-api-1    | node-clam: ClamAV is done scanning.
examples-api-1    | node-clam: Raw Response:  UNKNOWN COMMAND
examples-api-1    |
examples-api-1    | node-clam: Error Response:  UNKNOWN COMMAND
examples-api-1    | node-clam: File may be INFECTED!

fix, add to docker-compose.yml, (it already exists in your .env.example):

   - APP_MAX_FILE_SIZE=26214400

in any case - if this config is ommitted - it will yield a 'null'-result returned from the scanner endpoint

updated packages you can freely bump the following packages, as it will build and run:

benzino77 commented 1 year ago

Thanks!

benzino77 commented 1 year ago

For couple of days I've had a feeling that I forgot about something.... Now I remember: npm ci --only=prodution

Thanks again for your contribution. I will try to change it after Easter Break.

benzino77 commented 10 months ago

Thanks for your suggestions!