franckverrot / clamav-client Goto Github PK
View Code? Open in Web Editor NEWClamAV::Client connects to a Clam Anti-Virus clam daemon and send commands
Home Page: https://rubygems.org/gems/clamav-client
License: GNU General Public License v3.0
ClamAV::Client connects to a Clam Anti-Virus clam daemon and send commands
Home Page: https://rubygems.org/gems/clamav-client
License: GNU General Public License v3.0
Adjusting the warning level should print some debugging data to the user.
Constraints:
Not sure if this is something that could be altered. But GPL does limit my ability to make use of this gem.
http://stackoverflow.com/questions/3902754/mit-vs-gpl-license
"if you DO distribute it, then your entire project that is using the GPL code also becomes GPL automatically. Which means, it must be open-sourced"
I am planning to use clamav for scanning uploaded files and was planning to create a ruby wrapper for clamav command line utilities. On searching I found your gem.
So I just wanted to know is this production ready setup. I wanted to use this badly on my production servers.
I have a Clamav instance, and I want to scan the file by using a TCP socket. In the latest version, the Clamav Client has a safe?
method with one argument. In my case, I passed the argument as a File object from my client like the following:
ClamAV::Client.new.safe?(File.open(File.expand_path('test.png')))
And I expect the above execution will raise an exception like No such file or directory
because that file does not exist in the Clamav instance, but it returns true
instead.
First thing I tried to investigate it by using the send_request
method of connection object directly.
clamav_client = ClamAV::Client.new
connection = clamav_client.instance_variable_get('@connection')
connetion.send_request("SCAN #{File.open(File.expand_path('test.png'))}")
=> "1: #<File:0x000056329b00c9d0>: lstat() failed: No such file or directory. ERROR"
The second thing, I tried with get_status_from_response method:
str = "1: #<File:0x000056329b00c9d0>: lstat() failed: No such file or directory. ERROR"
ClamAV::Commands::Command.new.send(:get_status_from_response, str)
=> #<ClamAV::ErrorResponse:0x000056329b0a3c90 @error_str="1: #<File:0x000056329b00c9d0>: lstat() failed: No such file or directory. ERROR">
As you can see, it returns my expectation. Then, I think the problem comes from the safe?
method. Let verify it again, and I see it missed one the condition to make sure the file is safe.
scan(target).all? { |file| file.virus_name.nil? }
=> scan(target).all? { |file| file.virus_name.nil? && file.error_str.nil? }
And the last, I have a PR to fix this issue at #13.
Please help me to review this PR, and thank you for your effort in building this gem. It helps my work a lot, and I appreciate it very much.
Changing the defaults requires to build the whole connection object manually.
Let's do something a bit easier like defining a environment variable, say CLAMAV_SERVER
.
export CLAMAV_SERVER=tcp://<address>:<port>
# or
export CLAMAV_SERVER=unix://some/path/to/the.socket
and ensure the ClamAV::Client
is taking this value into account if it exists.
Because it's possible but not documented.
When you use ClamAV::Commands::ScanCommand.new
, it returns an array of objects like the example in README.md.
client.execute(ClamAV::Commands::ScanCommand.new('/tmp/path/foo.c'))
# => [#<ClamAV::SuccessResponse:0x007fbf314b9478 @file="/tmp/foo.c">]
It'd be nice to have another method that simply returns whether the virus was found in the given file.
# returns `true` if no virus was found in the given file and returns `false` if it detected any virus.
client.safe?('/tmp/path/foo.c') #=> true
If you think this is a good implementation, I would love to work on this issue.
What's your view on this ???
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.