franckverrot / clamav-client Goto Github PK

Adjusting the warning level should print some debugging data to the user.

Constraints:

• The logger should be injectable.
• There should be only one logger instantiated for a single client object (and its underlying connection, wrappers, etc.)

Not sure if this is something that could be altered. But GPL does limit my ability to make use of this gem.

http://stackoverflow.com/questions/3902754/mit-vs-gpl-license

"if you DO distribute it, then your entire project that is using the GPL code also becomes GPL automatically. Which means, it must be open-sourced"

I am planning to use clamav for scanning uploaded files and was planning to create a ruby wrapper for clamav command line utilities. On searching I found your gem.
So I just wanted to know is this production ready setup. I wanted to use this badly on my production servers.

I have a Clamav instance, and I want to scan the file by using a TCP socket. In the latest version, the Clamav Client has a safe? method with one argument. In my case, I passed the argument as a File object from my client like the following:

ClamAV::Client.new.safe?(File.open(File.expand_path('test.png')))

And I expect the above execution will raise an exception like No such file or directory because that file does not exist in the Clamav instance, but it returns true instead.

First thing I tried to investigate it by using the send_request method of connection object directly.

clamav_client = ClamAV::Client.new
connection = clamav_client.instance_variable_get('@connection')
connetion.send_request("SCAN #{File.open(File.expand_path('test.png'))}")
=> "1: #<File:0x000056329b00c9d0>: lstat() failed: No such file or directory. ERROR"

The second thing, I tried with get_status_from_response method:

str = "1: #<File:0x000056329b00c9d0>: lstat() failed: No such file or directory. ERROR"
ClamAV::Commands::Command.new.send(:get_status_from_response, str)
=> #<ClamAV::ErrorResponse:0x000056329b0a3c90 @error_str="1: #<File:0x000056329b00c9d0>: lstat() failed: No such file or directory. ERROR">

As you can see, it returns my expectation. Then, I think the problem comes from the safe? method. Let verify it again, and I see it missed one the condition to make sure the file is safe.

scan(target).all? { |file| file.virus_name.nil? }
=> scan(target).all? { |file| file.virus_name.nil? && file.error_str.nil? }

And the last, I have a PR to fix this issue at #13.
Please help me to review this PR, and thank you for your effort in building this gem. It helps my work a lot, and I appreciate it very much.

Changing the defaults requires to build the whole connection object manually.

Let's do something a bit easier like defining a environment variable, say CLAMAV_SERVER.

export CLAMAV_SERVER=tcp://<address>:<port>
# or 
export CLAMAV_SERVER=unix://some/path/to/the.socket

and ensure the ClamAV::Client is taking this value into account if it exists.

Because it's possible but not documented.

When you use ClamAV::Commands::ScanCommand.new, it returns an array of objects like the example in README.md.

client.execute(ClamAV::Commands::ScanCommand.new('/tmp/path/foo.c'))
# => [#<ClamAV::SuccessResponse:0x007fbf314b9478 @file="/tmp/foo.c">]

It'd be nice to have another method that simply returns whether the virus was found in the given file.

# returns `true` if no virus was found in the given file and returns `false` if it detected any virus.
client.safe?('/tmp/path/foo.c') #=> true

If you think this is a good implementation, I would love to work on this issue.
What's your view on this ???