Comments (2)
Hey, no problem... it's not a bad question. You have a couple options. You can either allow the file to upload fully to your server like you normally would and then scan the file in place (wherever the location is that your app uploads to) or you can use the passthrough
method to scan the raw file stream as it's being uploaded and pipe it on to the final destination (example: S3).
For the passthrough option, I have an example gist that will work with ExpressJS that will show you how to use it (it's a bit more complicated but has some benefits): https://gist.github.com/kylefarris/f6867b611fc5a3139a361afeb22a51b7
As for the first option, if you're using Express, you'll just need to use something like connect-multiparty
(or any other multipart form-data parser) to get the uploaded files and put them in either a permanent or temporary location (I'd recommend the latter until after scanning).
Here's an extremely abridged/contrived example that might point you in the right direction:
const express = require('express');
const app = express();
const http = require('http').Server(app);
const bodyParser = require('body-parser');
const os = require('os');
const mkdirp = require('mkdirp');
const multipart = require('connect-multiparty');
const NodeClam = require('clamscan');
const clam_config = {
debug_mode: false,
remove_infected: true,
scan_recursively: false,
clamdscan: {
socket: '/var/run/clamd.scan/clamd.sock', // Change to whatever works for you...
timeout: 300000, // 5 minutes
local_fallback: true,
},
preference: 'clamdscan'
};
const upload_dir = os.tmpdir() + '/cms_uploads';
// Middleware for checking for file uploads
const multiparty = (req, res, next) => {
// Create upload directory if it doesn't already exist
mkdirp(upload_dir, err => {
if (err) {
console.error(err);
return res.status(500).send({error: "Sorry, but your file could not be uploaded at this time."});
}
multipart({
uploadDir: upload_dir,
maxFilesSize: 2000 * 1024 * 1024, // Change to whatever makes sense for you
autoFiles: true
})(req, res, next);
});
};
app.post('/upload', multiparty, async (req, res) => {
if (!req.files || !req.files.file || !Object.keys(req.files.file).length)
return res.status(400).send({error: "No files found!"});
// Get a reference to the uploaded file
const tmp_file = req.files.file;
// Try and scan the file, fail if something bad happens or if the file is infected.
try {
// Initialize a clamscan instance
const clamscan = await new NodeClam().init(clam_config);
// Scan the file
const is_infected = await clamscan.is_infected(tmp_file.path);
// Yep, file is infected...
if (is_infected) {
const error = "Sorry, the file you tried to upload was rejected because it is infected with a virus or malware. We recommend performing a virus scan on your computer immediately.";
return res.status(400).send({error});
}
} catch (err) {
// Something unexpected happened (ex. bad clamscan config)
console.error(err);
const error = "There was an error processing the validity of one of your files. Please try again.";
return res.status(400).send({error});
}
// Now you can do what you want with the file (ex. move it to a permanent location, send to S3, email it, etc...)
});
// Start the webserver
http.listen(3000);
from clamscan.
Awesome! Thanks a lot @kylefarris for the detailed options & solutions. It was a great help! 👍
from clamscan.
Related Issues (20)
- Frequent failed clamAV scan fails HOT 2
- Premature end of ClamAV socket stream behind telepresence proxy HOT 18
- Clamav file size limit - throw custom error HOT 10
- Socket times out when remote scanning EICAR test file HOT 7
- node-clam: Could not verify the clamdscan binary HOT 2
- scanStream returning isInfected = true even when its not HOT 4
- Receiving null response from ScanFile HOT 2
- Missing error handler for tcp client
- TypeError: clamscan.isInfected is not a function HOT 1
- Retry on ECONNREFUSED for ClamAV using TCP sockets HOT 1
- No/Empty Response HOT 1
- Virus analysis tools should use local heuristical analysis/sandboxes plus artificial CNS HOT 4
- 3.8 GB file gives issue - RangeError [ERR_OUT_OF_RANGE]: The value of "value" is out of range HOT 2
- node 16 and aws-sdk HOT 2
- Clam API Server HOT 1
- Occasionally getting the 502 Proxy error while running this clamscan service on the Prod server. HOT 3
- scanDir do not return an array of files HOT 10
- Fix code scanning alert - Inefficient regular expression
- execFile & Clamdscan result parsing HOT 4
- Chunked passthrough? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clamscan.