This Services provides actions for testing files for malicious virus threats using ClamAV. It utilizes the file streaming capabilities of the moleculer framework
The following List details which features are implemented
- Scan a file for malicious virus content
This service relies on clamscan which itself relies on clamav being installed. This repository includes a Dockerfile which installes clamav. The examples folder includes a docker-compose file which includes launching clamd as a separate connected container and making use of a shared mount and tcp connectivity between the clamav deamon and client.
This service is not expected to work on a windows host.
This package is available in the npm-registry. In order to use it simply install it with yarn (or npm):
yarn add moleculer-antivirusTo make use of this Service, simply require it and create a new service:
const fs = require("fs");
let { ServiceBroker } = require("moleculer");
let AVService = require("moleculer-antivirus");
let broker = new ServiceBroker({ logger: console });
// Create a service
broker.createService({
mixins: AVService
});
// Start server
broker.start().then(() => {
const data = fs.createReadStream('./suspicious.exe');
broker.call('antivirus.scan', data);
broker.call('antivirus.scan', './this/suspicious.exe');
});For a more indepth example checkout out the examples folder. It includes a docker-compose file, running docker-compose up will boot a broker with an antivirus service, a connected clamav deamon
and an API Gateway to upload files to. This project includes a published postman collection enabling you to quickly explore the service in your local environment.
EICAR signatures for testing are available here.
| Property | Type | Default | Description |
|---|---|---|---|
temporaryStorage |
String |
null |
In case you pass a redable stream, we have to store the stream somewhere. This path is to location of this storage. |
scan_log |
String |
null |
Path to a writeable log file to write scan results into |
debug_mode |
Boolean |
null |
Whether or not to log info/debug/error msgs to the console |
clamscan |
Object |
null |
clamdcan configuration |
clamscan.path |
String |
null |
Path to the clamscan binary |
clamscan.db |
String |
null |
Path to a custom virus definition database |
clamscan.scan_archives |
Boolean |
null |
If true, scan archives (ex. zip, rar, tar, dmg, iso, etc...) |
clamscan.active |
Boolean |
null |
If true, this service will consider using the clamscan binary |
clamdscan |
Object |
null |
clamdscan configuration |
clamdscan.path |
String |
null |
Path to the clamdscan binary |
clamdscan.config_file |
String |
null |
Path to the clamdscan configuration |
clamdscan.multiscan |
Boolean |
null |
Scan using all available cores! Yay! |
clamdscan.reload_db |
Boolean |
null |
If true, will re-load the DB on every call (slow) |
clamdscan.active |
Boolean |
null |
If true, this service will consider using the clamdscan binary |
preference |
String |
null |
Which scan client to prefer (clamdscan or clamscan) |
Scans a given file or stream
| Property | Type | Default | Description |
|---|---|---|---|
the |
String, ReadableStream |
required | file to scan, can be a path or a |
stream |
Type: Object
The Scan result.
Scan a file for a virus
| Property | Type | Default | Description |
|---|---|---|---|
path |
String |
required | The stream or file to scan |
Type: Promise.<(AntiVirusScanError|{file: {String}, infected: {Boolean}})>
Persists a stream to the file system before scanning it (clamav has
no interface for nodejs streams) The location can be configured via
the temporaryStorage setting. In case of clamdscan being used, it
is your responsiblility that the temporary storage location is
available to the clamd host. Check the examples folder, where docker
mounts are used.
| Property | Type | Default | Description |
|---|---|---|---|
data |
ReadableStream |
required | the stream to persist |
Type: PromiseLike.<(String|AntiVirusScanError)>
resolved promise contains the path of the file.
$ docker-compose exec package yarn test
In development with watching
$ docker-compose up
moleculer-antivirus is available under the MIT license.
