Currently the clamd logs the following information with the filename missing:

Thu Oct 27 10:01:43 2022 -> instream(127.0.0.1@42164): Eicar-Signature FOUND

It would be good to add a feature to pass the name of the file that is submitted to the api, to clamav logs.
Not sure if it would make more sense to log the files on the http server level.

Thx!!!

We should be able to specify where to put the database so we can cache it somewhere, for example on S3

We want to use the docker container in non-root mode with alternative uid/gid. It would be great if the docker image would support that. Currently it seems that it simply cannot apply env vars when started:

$ podman run --rm -it --user 100:101 ajilaag/clamav-rest:20240511

sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
sed: can't create temp file '/etc/clamav/clamd.confXXXXXX': Permission denied
Starting clamav rest bridge...

Starting the container in an environment without internet access doesn't starts the service.

It would be nice to have the service started, and then try to update the virus database...

Background: We want to run integration tests, and our development environment is completely air gapped (no internet). So the update server is not reachable and the service doesn't start. This can be a dangerous behavior.

Hi!

According to https://blog.clamav.net/2023/11/clamav-130-122-105-released.html, clamav 1.1 is not (and will not) be patched against this security issue, it appears that alpine 3.19 has a patched version (1.2.2-r0). #35 already does the version bump, I did some quick tests and didn't notice any regression. Could this PR be merged?

It seems that the scanHandlerBody method doesn't have the registration added

Method
bd31698

Should there be not a a registration like this https://github.com/ajilach/clamav-rest/blob/4916375f9ddf974eedcea998f0b70f1a25daae3d/clamrest.go#L221C1-L221C47 @rhermanek

I got an error with:


,
How can you help me,

Hi

is it possible that you can implement HTTP/2 clear (h2c) support for the clam-av rest? I deployed your Docker image in Google cloud run and hit the 32 MB file size limitation. That means you can't scan files for threads which are bigger than 32 MB. Regarding to the Cloud Run documentation, there is no file size limitation for HTTP/2.

A possible workaround could be to setup a reverse proxy (e.g nginx) in front of your API which can handle HTTP/2.

Sources:
https://cloud.google.com/run/quotas
https://cloud.google.com/run/docs/configuring/http2

Thanks
Umut.

Hello,

It would be nice to allow the configuration / check of an ACCESS_TOKEN or BASIC Authentication to secure the access to the service.

Do you consider to add such option?

Thanks

I have a suggestion on the response json from the multipart scanning endpoint, but it's a breaking change. Since it contains one response for each file in the request, it should be wrapped in brackets to form a json array instead of multiple json documents.

My second proposition is that the if statement containing the continue action for when the multipart header filename is missing, should create an entry in the response with either a parse error or a plain error stating that the filename is missing.

Please close this issue if you find my suggestions irrelevant and supply why they are not feasible for implementation. If you find these suggestions valid, I volunteer to fork the project and implement them and then create a PR.

I want to check this rest api with /health get query. Can we do?

Volume mapping example would be great

Various vulnerable versions of libclamav and Go libraries are in use, and the vulnerabilities are rated "High". I don't want to report the details here, but you can see them easily by logging into https://slim.ai, searching for ajilaag/clamav-rest, and clicking on Vulnerabilities. There you'll see the details in the Vulnerabilities and Packages sub-tabs. There are 3 and 8 entries on each tab respectively.

As covered in https://opensource.guide/legal/ the lack of a license file on a public repository only allows others to view and fork the project, but with no permission for distribution, modification, or contribution.

With no licensing statement, there is ambiguity on whether this was an oversight or the intended licensing.

Description:
The current behavior of the ClamAV HTTP server is to display a warning message in the console when a file size exceeds the configured MAX_FILE_SIZE value, but it does not terminate the connection. This behavior is problematic as it allows oversized files to consume server resources and potentially disrupt the server's performance.

Expected Behavior:
When a client uploads a file larger than the defined MAX_FILE_SIZE, the server should terminate the connection and provide a clear error message to the client, indicating that the file size exceeds the limit.

Additional Information:

ClamAV version: ClamAV 0.105.2/26926

Referencing an open item we would like to modify the entrypoint.sh to pass proxy information into freshclam.conf

Files to modify:
entrypoint.sh

Description:
Following the pattern present in entrypoint.sh we would like to add a conditional to support an environment variable being set of $PROXY_SERVER. If the environment variables are set for $PROXY_PORT that can also be set, along with $PROXY_USERNAME and $PROXY_PASSWORD for the following items in freshclam.conf:

#HTTPProxyServer https://proxy.example.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass

if [ -n "$PROXY_SERVER" ]; then
    sed -i 's~^#HTTPProxyServer .*~HTTPProxyServer '"$PROXY_SERVER"'~g' /etc/clamav/freshclam.conf

    # It's not required, but if they also provided a port, then configure it
    if [ -n "$PROXY_PORT" ]; then
        sed -i 's/^#HTTPProxyPort .*$/HTTPProxyPort '"$PROXY_PORT"'/g' /etc/clamav/freshclam.conf
    fi

    # It's not required, but if they also provided a username, then configure both the username and password
    if [ -n "$PROXY_USERNAME" ]; then
        sed -i 's/^#HTTPProxyUsername .*$/HTTPProxyUsername '"$PROXY_USERNAME"'/g' /etc/clamav/freshclam.conf
        sed -i 's~^#HTTPProxyPassword .*~HTTPProxyPassword '"$PROXY_PASSWORD"'~g' /etc/clamav/freshclam.conf
    fi
fi

I noticed that I have this warning in /var/log/clamav/freshclam.log:
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

Full log entry:

freshclam daemon 0.104.3 (OS: Linux, ARCH: x86_64, CPU: x86_64)
ClamAV update process started at Sun Aug 21 15:57:23 2022
daily database available for update (local version: 26615, remote version: 26634)
Testing database: '/var/lib/clamav/tmp.10358d49f6/clamav-444b2a996524c77c8813b0b1f33e689f.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 26634, sigs: 1998006, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory
--------------------------------------

What does that mean for scans requested via the REST API?

Hi

How can the signature database be updated in the running docker pod ?

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update alpine docker tag to v3.20
• chore(deps): update docker/build-push-action action to v6

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

According to https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html, there is a critical vulnerability in the ClamAV version available as part of Alpine 3.16.

Please provide a new fixed version of the docker image, maybe based on Alpine 3.17.

Hello
I'm sending files to the api (Web API in Docker to ClamAv Docker) and it looks that the ClamAV image is missing a valid certificate so it won't accept requests.

The error that I'm getting is
{System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.. The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors