Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

\Sineflow\ClamAV\Socket\Socket sends to ClamAV Server only file path instead data #7

Open
svinohod opened this issue Jan 26, 2024 · 2 comments
Open

\Sineflow\ClamAV\Socket\Socket sends to ClamAV Server only file path instead data #7

svinohod opened this issue Jan 26, 2024 · 2 comments

Comments

@svinohod
Copy link

PHP 8.1
Symfony 6.3
sineflow/clamav 1.1.1

Configuration:

sineflow_clam_av:
  strategy: clamd_network
  host: '%env(CLAMAV_HOST)%'
  port: '%env(CLAMAV_PORT)%'

Inside \Sineflow\ClamAV\Socket\Socket::sendCommand contains $dataIn value SCAN /var/www/html/tests/resources/test-1-original.jpg instead file data.
@MatthiasKuehneEllerhold
Copy link

The network strategy only works locally and if the clamav-daemon has access to the file.
If the clamav-daemon is on another host (or in another docker container) or runs as non-root with no permission to read the file this wont work.
You'd have to stream the file content to the daemon to get it to work.

@jorismak
Copy link

jorismak commented Dec 1, 2024

Basically, a mode that works like clamdscan --fdpass (indeed, streaming the contents) would be nice.

It's a good way to bypass permissions errors on servers (like scanning an incoming file upload, which is in /tmp owned by the server process, and clamav-daemon cannot access it directly).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@svinohod @MatthiasKuehneEllerhold @jorismak