Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Premature end of ClamAV socket stream behind telepresence proxy

See original GitHub issue

Hello and thanks for providing this library!

I have an issue that is NOT very problematic per se, but still it might be useful to report it, because maybe it could help uncover a subtle (timing?) issue with the ClamAV socket connection

When I use the scanStream method like this …:

isInfected: async (contents: Buffer): Promise<void> => {
    let chunk: Buffer | null = contents
    const inputStream = new Readable()
    inputStream._read = () => {
        inputStream.push(chunk)
        chunk = null
    }

    const result = await clamscan.scanStream(inputStream)
    console.log(result)
}

… the scan fails with an empty response when I am behind a telepresence proxy:

node-clam: Provided stream is readable.
node-clam: Attempting to establish socket/TCP connection for "scanStream"
node-clam: using remote server: 10.96.253.36:3310
node-clam: Received final data from stream.
node-clam: The input stream has dried up.
node-clam: ClamAV is done scanning.
node-clam: Raw Response:   
node-clam: Error Response:  
node-clam: File may be INFECTED!
{
  isInfected: null,
  viruses: [],
  file: null,
  resultString: '',
  timeout: false
}
node-clam: Socket/Host connection closed.
node-clam: ClamAV socket has been closed! false

When running the samen within my minikube cluster, without the telepresence proxy, the scan works just fine:

node-clam: Provided stream is readable.
node-clam: Attempting to establish socket/TCP connection for "scanStream"
node-clam: using remote server: 10.96.253.36:3310
node-clam: Received final data from stream.
node-clam: The input stream has dried up.
node-clam: Received output from ClamAV Socket.
node-clam: ClamAV is done scanning.
node-clam: Raw Response:  stream: OK
node-clam: File is OK!
{
  isInfected: false,
  viruses: [],
  file: null,
  resultString: 'stream: OK\x00',
  timeout: false
}
node-clam: Socket/Host connection closed.
node-clam: ClamAV socket has been closed! false

What is also interesting is that the scan does complete successfully behind the telepresence proxy when I put a breakpoint on the chunk = null statement and let the debugger proceed step-by-step, which lets me think a timing issue might be the cause of a premature end of the ClamAV socket stream.

The behaviour is the same when I write the Buffer to a temporary file and then call the clamscan.isInfected method

I also tried using the passthrough method …:

isInfected: (contents: Buffer) =>
    new Promise<boolean>((resolve, reject) => {
        let chunk: Buffer | null = contents
        const inputStream = new Readable()
        inputStream._read = () => {
            inputStream.push(chunk)
            chunk = null
        }
        const clamAVStream = clamscan.passthrough();
        inputStream.pipe(clamAVStream)
        clamAVStream
            .on("scan-complete", (result) => {
                const infected = result.isInfected;
                if (infected !== null) {
                    logger.debug(`Scan complete; contents infected: ${infected}`)
                    resolve(infected)
                }
            })
            .on('error', (error) => {
                reject(error)
            })
            .on('timeout', (error) => {
                const timeoutError = error || new Error("Scan timed out")
                reject(timeoutError)
            })
    })

… and found that it consistently succeeds, both behind the telepresence proxy, and running within minikube without the proxy:

node-clam: Attempting to establish socket/TCP connection for "passthrough"
node-clam: using remote server: 10.96.253.36:3310
node-clam: ClamAV Socket Initialized...
node-clam: Doing initial transform!
node-clam: Done with the full pipeline.
node-clam: Got result! stream: OK
node-clam: File is OK!
node-clam: Processed Result:  {
  isInfected: false,
  viruses: [],
  file: null,
  resultString: 'stream: OK\x00',
  timeout: false
} stream: OK
node-clam: ClamAV socket has received the last chunk!
node-clam: File is OK!
node-clam: Result of scan: {
  isInfected: false,
  viruses: [],
  file: null,
  resultString: 'stream: OK\x00',
  timeout: false
}
node-clam: It took 0 seconds to scan the file(s).
node-clam: Socket/Host connection closed.
node-clam: ClamAV socket has been closed! Because of Error: false

Issue Analytics

State:
Created a year ago
Comments:14 (7 by maintainers)

Top GitHub Comments

1reaction

kylefarriscommented, Aug 1, 2022

Well, that stinks. At least your code is prettier now, haha.

0reactions

martijnvanderwoudcommented, Aug 15, 2022

As I said earlier, I need a shared debug session or at least some pointers from you before I can work on this. Un-assigning myself for now

Top Results From Across the Web

Issues · kylefarris/clamscan - GitHub

Premature end of ClamAV socket stream behind telepresence proxy bug edge case When there may be a bug but its in a rare...

Java socket giving premature end of stream - Stack Overflow

So here's where the problem come in. The client opens the connection and sends the proper XML to the XMPP server to start...

Untitled

Hawaii five o online episodes, Mobili tv legno, Spatiul cosmic poze, ... Lucha libre aaa fabi apache, Clamav-milter reject msg, Markas aldar, ...

http-shellshock NSE Script - Vulners

Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications. To detect this vulnerability the script executes a ...

Bug listing with status UNCONFIRMED as at 2022/12/28 19 ...

freeseer - a video capture utility capable of capturing and streaming ... GUI front-end to krpano from Kolor" status:UNCONFIRMED resolution: severity: ...