126 lines
3.5 KiB
TypeScript
126 lines
3.5 KiB
TypeScript
/*
|
|
* Copyright (C) 2026 Fluxer Contributors
|
|
*
|
|
* This file is part of Fluxer.
|
|
*
|
|
* Fluxer is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Fluxer is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
import fs from 'node:fs/promises';
|
|
import {createConnection} from 'node:net';
|
|
import type {IVirusScanProvider} from '@fluxer/virus_scan/src/IVirusScanProvider';
|
|
import type {VirusScanProviderResult} from '@fluxer/virus_scan/src/VirusScanProviderResult';
|
|
|
|
export interface ClamAVConfig {
|
|
host: string;
|
|
port: number;
|
|
streamChunkBytes?: number;
|
|
}
|
|
|
|
export class ClamAVProvider implements IVirusScanProvider {
|
|
private readonly streamChunkBytes: number;
|
|
|
|
constructor(private config: ClamAVConfig) {
|
|
this.streamChunkBytes = config.streamChunkBytes ?? 2048;
|
|
}
|
|
|
|
async scanFile(filePath: string): Promise<VirusScanProviderResult> {
|
|
const buffer = await fs.readFile(filePath);
|
|
return this.scanBuffer(buffer);
|
|
}
|
|
|
|
async scanBuffer(buffer: Buffer): Promise<VirusScanProviderResult> {
|
|
return new Promise((resolve, reject) => {
|
|
const socket = createConnection(this.config.port, this.config.host);
|
|
let response = '';
|
|
let isResolved = false;
|
|
|
|
function cleanup() {
|
|
if (!socket.destroyed) {
|
|
socket.destroy();
|
|
}
|
|
}
|
|
|
|
function doReject(error: Error) {
|
|
if (isResolved) return;
|
|
isResolved = true;
|
|
cleanup();
|
|
reject(error);
|
|
}
|
|
|
|
function doResolve(result: VirusScanProviderResult) {
|
|
if (isResolved) return;
|
|
isResolved = true;
|
|
cleanup();
|
|
resolve(result);
|
|
}
|
|
|
|
socket.on('connect', () => {
|
|
try {
|
|
socket.write('zINSTREAM\0');
|
|
|
|
const chunkSize = this.streamChunkBytes;
|
|
let offset = 0;
|
|
|
|
while (offset < buffer.length) {
|
|
const remainingBytes = buffer.length - offset;
|
|
const bytesToSend = Math.min(chunkSize, remainingBytes);
|
|
|
|
const sizeBuffer = Buffer.alloc(4);
|
|
sizeBuffer.writeUInt32BE(bytesToSend, 0);
|
|
socket.write(sizeBuffer);
|
|
|
|
socket.write(buffer.subarray(offset, offset + bytesToSend));
|
|
offset += bytesToSend;
|
|
}
|
|
|
|
const endBuffer = Buffer.alloc(4);
|
|
endBuffer.writeUInt32BE(0, 0);
|
|
socket.write(endBuffer);
|
|
} catch (error) {
|
|
doReject(new Error(`ClamAV write failed: ${error instanceof Error ? error.message : String(error)}`));
|
|
}
|
|
});
|
|
|
|
socket.on('data', (data) => {
|
|
response += data.toString();
|
|
});
|
|
|
|
socket.on('end', () => {
|
|
const trimmedResponse = response.trim();
|
|
|
|
if (trimmedResponse.includes('FOUND')) {
|
|
const threatMatch = trimmedResponse.match(/:\s(.+)\sFOUND/);
|
|
const threat = threatMatch ? threatMatch[1] : 'Virus detected';
|
|
|
|
doResolve({
|
|
isClean: false,
|
|
threat,
|
|
});
|
|
} else if (trimmedResponse.includes('OK')) {
|
|
doResolve({
|
|
isClean: true,
|
|
});
|
|
} else {
|
|
doReject(new Error(`Unexpected ClamAV response: ${trimmedResponse}`));
|
|
}
|
|
});
|
|
|
|
socket.on('error', (error) => {
|
|
doReject(new Error(`ClamAV connection failed: ${error.message}`));
|
|
});
|
|
});
|
|
}
|
|
}
|