Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Socket potentially closed too early after "INSTREAM: Size limit reached ..." is logged #1210

Open
origooo opened this issue Mar 22, 2024 · 3 comments
Open

Socket potentially closed too early after "INSTREAM: Size limit reached ..." is logged #1210

origooo opened this issue Mar 22, 2024 · 3 comments
Labels
🐛bug clamd

Comments

@origooo
Copy link

origooo commented Mar 22, 2024

Describe the bug

I have an issue scanning a stream through a node library (clamscan). I know the library itself is non of your concerns, but I believe the issue exist with other languages/libs as well.

I have clamd running locally through the command /opt/homebrew/opt/clamav/sbin/clamd --foreground and it's listening on port 3310. Scanning works fine most of the times but I start running into issues when testing a stream/file size limit (might not be isolated to that limit check though).

I read a too large file and pipe it to the socket, and ish 5/10 times (in node) I do receive the expected output INSTREAM size limit exceeded. \x00 from the TCP socket. Other times I receive either EPIPE or ECONNRESET, but the size limit message is still logged within clamd.

The code in server-th.c at line 859 logs the message properly every time even if node receives the EPIPE/ECONNRESET errors. I can see that an error code is set in server-th.c and -1 is returned to recvloop. handle_stream() also calls conn_reply_error() before returning -1, and my question is wether or not the socket might be closed before conn_reply_error() has a chance to send the message back to node? Might it be a timing issue somewhere?

How to reproduce the problem

I have stripped out a lot of the code from the library to get a minimal viable code to reproduce the error. The code can be found here and run through node <script name>.

Replace this text with the output from the ClamAV command:
Config file: clamd.conf

LocalSocket = "/opt/homebrew/var/run/clamd.sock"
TCPSocket = "3310"

Config file: freshclam.conf

DatabaseMirror = "database.clamav.net"

clamav-milter.conf not found

Software settings

Version: 1.3.0
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR

Database information

Database directory: /opt/homebrew/var/lib/clamav
bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 16:37:24 2024
Total number of signatures: 86

Platform information

uname: Darwin 23.2.0 Darwin Kernel Version 23.2.0: Wed Nov 15 21:53:18 PST 2023; root arm64
OS: Darwin, ARCH: arm64, CPU: arm64
zlib version: 1.2.12 (1.2.12), compile flags: 2a9
platform id: 0x0403c8c80800000000040201

Build information

Clang: Apple LLVM 15.0.0 (clang-1500.1.0.2.5) (4.2.1)
sizeof(void*) = 8
Engine flevel: 200, dconf: 200
@micahsnyder
Copy link
Contributor

We have some flakiness in the windows clamd tests relating to clamd responses sometimes missing the error message. I wonder if this is the same issue.

@origooo origooo mentioned this issue Mar 26, 2024
Open
@origooo
Copy link
Author

origooo commented Mar 28, 2024

Aha, okok. Do we have an expected timeline on a fix for this issue?

@micahsnyder
Copy link
Contributor

@origooo we're not working on it at the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛bug clamd
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@origooo @micahsnyder