Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Scanning files with passthrough times out

See original GitHub issue

Describe the bug

I’m implementing a function that receives a file URL, creates a readable stream with axios, and then pipes that stream to clamscan with the passthrough method. However, I always receive COMMAND READ TIMED OUT in the debug logs and is_infected is null. It usually takes around 3 minutes to respond.

Code to reproduce

This is the simplified code.

const nodeClam = new NodeClam()
const clam = await nodeClam.init(clamScanOptions)

const scanRemoteFile = async (url: string): Promise<ScanResult> => {
  let fileStream: ReadStream
  try {
    // Get a readable stream from this URL
    const res = await axios({
      method: 'GET',
      url,
      responseType: 'stream',
    })
    fileStream = res.data
  } catch (e) {
    console.error(e)
  }
  
  // Send output of this file stream to ClamAV
  const av = clam.passthrough()
  fileStream.pipe(av)

  return new Promise((resolve, reject) => {
    av.on('scan-complete', (result) => {
      resolve(result)
    })
    // other listeners
  })
}

Debug logs

node-clam: DEBUG MODE ON
node-clam: Could not verify the clamdscan binary. [Error: ENOENT: no such file or directory, access '/usr/bin/clamdscan'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'access',
  path: '/usr/bin/clamdscan'
}
node-clam: Could not verify the clamscan binary. [Error: ENOENT: no such file or directory, access '/usr/bin/clamscan'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'access',
  path: '/usr/bin/clamscan'
}
node-clam: Initially testing socket/tcp connection to clamscan server.
node-clam: using remote server: xxx.xxx.xxx.xxx:3310
node-clam: Established connection to clamscan server!
node-clam: PONG!
node-clam: Established connection to clamscan server!
node-clam: Socket/Host connection closed.
node-clam: using remote server: xxx.xxx.xxx.xxx:3310
node-clam: ClamAV Socket Initialized...
node-clam: Doing initial transform!
node-clam: Got result! COMMAND READ TIMED OUT

node-clam: Error Response:  COMMAND READ TIMED OUT
node-clam: File may be INFECTED!
node-clam: Processed Result:  {
  is_infected: null,
  viruses: [],
  file: null,
  resultString: 'COMMAND READ TIMED OUT'
} COMMAND READ TIMED OUT

node-clam: ClamAV socket has received the last chunk!
node-clam: Error Response:  COMMAND READ TIMED OUT
node-clam: File may be INFECTED!
node-clam: Result of scan: {
  is_infected: null,
  viruses: [],
  file: null,
  resultString: 'COMMAND READ TIMED OUT'
}
node-clam: It took false seconds to scan the file(s).

Expected behavior

Files can be scanned normally.

Other information

  • clamscan: v1.3.3
  • docker-clamav: ClamAV 0.102.4/26090/Wed Feb 24 12:09:42 2021 that comes with this image mkodockx/docker-clamav@sha256:498cc6f2d2b56974f1cdcb8e15267cc736576f960ce99ce862b7b82ff7aa6a4d (sorry I retagged the image so I lost the original tag, but still have this hash and it’s pullable from Docker Hub).

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:6 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
kylefarriscommented, May 7, 2021

@hellovietduc Also, for what it’s worth, you don’t need to use the passthrough method if you are not sending the requested file somewhere else (Examples: writing to disk, sending to S3, etc…). If you want to just scan a stream, use the scan_stream method as it’s much simpler to implement.

1reaction
kylefarriscommented, May 5, 2021

I’m not sure what’s causing the timeout–haven’t seen this before.

I’m not going to be able to accept your PR since it’s not going to work the way you think. I have a new branch and draft PR I’m working on that will properly emit a timeout event when expected. but Travis-CI just isn’t cooperating (the tests run fine locally). I’ve tried to switch to GitHub Actions but I’m having different issues there. Very difficult issues to solve since they have to do with ClamAV configuration the CI VMs and there’s really no easy way to debug it.

Read more comments on GitHub >

github_iconTop Results From Across the Web

AV scan FTP traffic, want " passthrough" on large files
I am trying to work out whether it is possible to: * have AV scanning/protection on traffic to/from our FTP server; AND *...
Read more >
Read timed out' of scanning a docker image...
Solution. 1. Set `--detect.docker.passthrough.service.timeout=600000` in Detect CLI #600 seconds. This will set it to 10 ...
Read more >
Explanation of why scan time-outs occur - Trellix
The scan time-out message is logged when a scan stops before the file has been scanned. The scanning software has no way to...
Read more >
Avoid lengthy "Scanning for unlocked files ..." - git-annex
Benchmarking here, a repo with 100,000 annexed files (all locked): the git ls-tree ran in 3 seconds; the init took 17 seconds overall,...
Read more >
scan docker images failed with blackduck-docker-inspector ...
we're using synopsys-detect 5.5.1 to scan our docker images. it worked well. but it ... --detect.docker.passthrough.service.timeout=1200000 ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Premature end of ClamAV socket stream behind telepresence proxy

Next page

Generating `daysOfTheWeek` array with only first character