search

kylefarris / clamscan

A robust ClamAV virus scanning library supporting scanning files, directories, and streams with local sockets, local/remote TCP, and local clamscan/clamdscan binaries (with failover).
MIT License
230 stars 68 forks source link

Frequent failed clamAV scan fails #100

Closed imndaiga closed 5 months ago

imndaiga commented 2 years ago

I'm currently running a container-based, AWS lambda that is configured to download a file from S3 and scan the file before further processing downstream. I have stumbled on this issue where the clamscan module fails repeatedly with ClamAV null errors (it successfully scans for the most part). The reported error is as follows

INFO    node-clam NodeClamError: There was an error scanning the file (ClamAV Error Code: null)
    at /var/task/node_modules/clamscan/index.js:972:39
    at ChildProcess.exithandler (child_process.js:390:5)
    at ChildProcess.emit (events.js:400:28)
    at ChildProcess.emit (domain.js:475:12)
    at maybeClose (internal/child_process.js:1058:16)
    at Socket.<anonymous> (internal/child_process.js:443:11)
    at Socket.emit (events.js:400:28)
    at Socket.emit (domain.js:475:12)
    at Pipe.<anonymous> (net.js:686:12) {
  data: {
    file: '/tmp/cc05801c-5e71-4113-8239-8939e636d0d1.jpeg',
    err: Error: Command failed: /usr/bin/clamscan --no-summary --stdout --remove=no --scan-archive=yes -r /tmp/cc05801c-5e71-4113-8239-8939e636d0d1.jpeg

        at ChildProcess.exithandler (child_process.js:383:12)
        at ChildProcess.emit (events.js:400:28)
        at ChildProcess.emit (domain.js:475:12)
        at maybeClose (internal/child_process.js:1058:16)
        at Socket.<anonymous> (internal/child_process.js:443:11)
        at Socket.emit (events.js:400:28)
        at Socket.emit (domain.js:475:12)
        at Pipe.<anonymous> (net.js:686:12) {
      killed: false,
      code: null,
      signal: 'SIGKILL',
      cmd: '/usr/bin/clamscan --no-summary --stdout --remove=no --scan-archive=yes -r /tmp/cc05801c-5e71-4113-8239-8939e636d0d1.jpeg'
    },
    isInfected: null
  },
  date: 2022-05-11T08:31:20.739Z
}

I've configure this to run in clamscan mode, but have not set other parameters - is there a missing configuration I'm overlooking?

  const clamscan = await new NodeClam().init({
    preference: 'clamscan',
    debugMode: process.env.CLAMSCAN_DEBUG
  });
kylefarris commented 2 years ago

Not necessarily sure why there's no error code, per se, but the error itself is logged and its saying that the command (/usr/bin/clamscan --no-summary --stdout --remove=no --scan-archive=yes -r /tmp/cc05801c-5e71-4113-8239-8939e636d0d1.jpeg) has failed to execute which would indicate that clamscan (not this package) is not setup correctly on the host. Now, since you're running this in Lambda, I'm not sure what kind of debugging you can do to fix this but getting a file to it and then running that command with the name of the file you have on there would be a good start. It could be a permissions issue or something like that.

mikfaina commented 8 months ago

Hi @imndaiga did you manage to resolve your problem? I have the same exact issue. Thanks