A robust ClamAV virus scanning library supporting scanning files, directories, and streams with local sockets, local/remote TCP, and local clamscan/clamdscan binaries (with failover).
MIT License
236
stars
69
forks
source link
ClamAv produces a warning then file is assumed to be clean #21
If you were to run the example is_infected code on the repo page, and ClamAv was to produce a single warning in it's output the file been checked would be assumed to be clean without it looking at the scanning result from stdout.
This is because if any warnings are raised they are received on stdErr. Resulting in line 216 been invoked:
return callback(err, '', null); ** Note: err === null, if the error comes from stderr **
Following through to the example on the main repo page. 'File is clean' would be returned.
I had missed the fact that the handling of status codes from the exe - would ensure a virus would be reported when warnings have been written to stderr.
Hi,
Wondering if this has ever cropped up before:
If you were to run the example is_infected code on the repo page, and ClamAv was to produce a single warning in it's output the file been checked would be assumed to be clean without it looking at the scanning result from stdout.
This is because if any warnings are raised they are received on stdErr. Resulting in line 216 been invoked:
Following through to the example on the main repo page. 'File is clean' would be returned.
clam.is_infected('/a/picture/for_example.jpg', function(err, file, is_infected) { if(err) { console.log(err); return false; } if(is_infected) { res.send({msg: "File is infected!"}); } else { res.send({msg: "File is clean!"}); } });
Thanks Rich.