It shouldn't be doing that. You sound like you have the wrong configuration option for clamscan npm package.
You need to be using the clamdscan configuration option. It sounds like you're using the clamscan option. Clamdscan uses the already running Daemon (only loads the database once). Clamscan loads the database every single time. Go read through the docs where it shows you all the options on the npm README. Let me know if that's not the issue. On Jul 5, 2024, 5:01 PM -0400, Khodor Barakat <khodor.bara...@outlook.com>, wrote: > Thanks for sharing this , > > I am currently using clamscan within my app, but the problem with clamscan > has to load the entire virus database and initialize the scanning engine from > scratch. > > Scanning a file with few kb took what a mb file would need for scanning > around 20 to 30s > From: Paul Silvestri <psilvest...@gmail.com> > Sent: Friday, July 5, 2024 4:54 PM > To: Paul Kosinski <clamav-us...@iment.com>; Matus UHLAR - fantomas via > clamav-users <clamav-users@lists.clamav.net>; Matus UHLAR - fantomas via > clamav-users <clamav-users@lists.clamav.net> > Cc: Khodor Barakat <khodor.bara...@outlook.com> > Subject: Re: [clamav-users] Inquiry About Security Measures for Remote > Scanning Using Clamdscan > > If I'm understanding your use case correctly you may want to use this tool: > > https://www.npmjs.com/package/clamscan > > Create an express app and run the daemon locally on the same server. The > express app is essentially a glorified local proxy. > On Jul 5, 2024, 4:46 PM -0400, Khodor Barakat via clamav-users > <clamav-users@lists.clamav.net>, wrote: > > Thanks Paul, > > > > This was something i was looking into, like building an ssh tunnel , but it > > is a burden as tunnel failure would broke the entire process , > > > > I might reconsider running clamdscan locally while tunning the config and > > using systemd unit param to limit the resources used by clamdscan service > > > > From: Paul Kosinski <clamav-us...@iment.com> > > Sent: Friday, July 5, 2024 4:29 PM > > To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>; Khodor > > Barakat <khodor.bara...@outlook.com> > > Subject: Re: [clamav-users] Inquiry About Security Measures for Remote > > Scanning Using Clamdscan > > > > I don't think there is anything builtin to clamd, but you might consider > > setting up a secure tunnel(s) from the client machine(s) to the scanning > > machine. > > > > For example, each client machine has a little daemon that listens on a UNIX > > socket and is connected securely (SSH, OpenVPN etc.) to the scanning > > machine. That machine has a (daemon) listener on the agreed upon port which > > forwards the (decrypted) traffic to clamd's local UNIX socket. (The > > responses must be sent back, of course.) > > > > This obviously adds some overhead, but so would a similar function builtin > > to clamd. > > > > > > On Fri, 5 Jul 2024 19:32:01 +0000 > > Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> wrote: > > > > > Anyone has encountered this, i can see the transfer is not encrypted and > > > secure when doing a remote scan , > > > > > > I captured the packet on the remote server and i can see the data as > > > clear text , > > > > > > > > > [Timestamps] > > > [Time since first frame in this TCP stream: 0.000209756 seconds] > > > [Time since previous frame in this TCP stream: 0.000037349 > > >seconds] > > > TCP payload (28 bytes) > > > Data (28 bytes) > > > > > > 0000 00 00 00 14 74 68 69 73 20 69 73 20 61 20 74 65 ....this is a te > > > 0010 73 74 20 66 69 6c 65 0a 00 00 00 00 st file..... > > > Data: 0000001474686973206973206120746573742066696c650a... > > > [Length: 28] > > > > > > > > > ________________________________ > > > From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of > > > Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> > > > Sent: Tuesday, July 2, 2024 4:03 PM > > > To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net> > > > Cc: Khodor Barakat <khodor.bara...@outlook.com> > > > Subject: [clamav-users] Inquiry About Security Measures for Remote > > > Scanning Using Clamdscan > > > > > > Hi, everyone > > > > > > I am writing to inquire about the security measures implemented when > > > using ClamAV's clamdscan for remote scanning, particularly when streaming > > > to port 3310. > > > > > > clamdscan -c /etc/clamd.d/remote-scan.conf --fdpass --stream > > > /tmp/testfile.txt > > > > > > cat /etc/clamd.d/remote-scan.conf > > > LogSyslog yes > > > StreamMaxLength 10M > > > User clamscan > > > TCPSocket 3310 > > > TCPAddr 192.168.1.100 > > > > > > > > > Does anyone have information on the security protocols and safeguards in > > > place in order to protect data during remote scans? > > > > > > Thank you for your assistance > > _______________________________________________ > > > > Manage your clamav-users mailing list subscription / unsubscribe: > > https://lists.clamav.net/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/Cisco-Talos/clamav-documentation > > > > https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
