search

solita / clamav-java

Simple ClamAV client for streaming data to clamd server
GNU Lesser General Public License v2.1
106 stars 46 forks source link

java.lang.IndexOutOfBoundsException #14

Open julius-d opened 5 years ago

julius-d commented 5 years ago

Hi!

If I run multiple scans or pings in parallel I get this error

java.lang.IndexOutOfBoundsException: Range [0, 0 + -1) out of bounds for length 2000
    at java.base/jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64) ~[na:na]
    at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckFromIndexSize(Preconditions.java:82) ~[na:na]
    at java.base/jdk.internal.util.Preconditions.checkFromIndexSize(Preconditions.java:343) ~[na:na]
    at java.base/java.util.Objects.checkFromIndexSize(Objects.java:424) ~[na:na]
    at java.base/java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:155) ~[na:na]
    at fi.solita.clamav.ClamAVClient.readAll(ClamAVClient.java:159) ~[clamav-client-1.0.1.jar!/:na]
    at fi.solita.clamav.ClamAVClient.scan(ClamAVClient.java:111) ~[clamav-client-1.0.1.jar!/:na]
    at fi.solita.clamav.ClamAVClient.scan(ClamAVClient.java:124) ~[clamav-client-1.0.1.jar!/:na]

The bad thing is that after this error occured the whole anti virus scanner is not responding any longer.

BR

drogin commented 5 years ago

I've found a situation where an IndexOutOfBoundsException could happen, but I struggle to see how it would cause the entire scanner to stop responding for other requests. Are you certain it's not at your end it stops due to parallel thread management? Anyway, I will submit a pull request for the IndexOutOfBoundsException bug

akozmic-prisidio commented 3 years ago

EDIT: Looks like Docker locally was capped at 2GB and its a well-known issue with ClamAV that it can be a memory-hog with clamd and freshclam running. Running netstat on the box def showed that after the database was updated, the socket would die. Upped it to 8GB and 🤞 so far so good.

I am getting a similar issue even when running the code in serial. I'm running the clamav docker container and forwarding the Host port 9999 to 3310 via

docker run -p 9999:3310 clamav/clamav

When the container spins up, the console writes Socket for clamd not found yet, retrying (X/1800).
After about 20 tries, it says socket found. clamd started.

As soon as that happens I can run the code and everything works correctly. I created the 'eicar.com' file locally as well as another test file and I can use this library to process both files via "localhost" and port 9999 on my local machine. I have successfully ran 1000 individual trials.

On every trial of the test virus file (eicar.com), the console writes Wed Oct 13 15:44:48 2021 -> instream(172.17.0.1@63548): Win.Test.EICAR_HDB-1 FOUND

Shortly after all this success, the freshclam process picks up the database updates on the clamav container and the console reads Clamd successfully notified about the update.

After this occurs, I continuously get the exception java.lang.IndexOutOfBoundsException: Range [0, 0 + -1) out of bounds for length 2000 and never see the Win.Test.EICAR_HDB-1 FOUND message on the console.

I don't know if this is an issue with this library, the clamav docker container, clamd, freshclam, or what. Interestingly enough I get the exact same results using the Capybara library as well, which makes me think its something with clamd and the database update via freshclam. I will continue to dig but wanted to put the details here.