Thanks for the response Steven. I will get the information that you are looking for.
What I have done in the meantime, is setup a retry of the scan with a 50 ms delay until I receive an expected response (i.e. non FIN packet). What I have found is that I always eventually get the expected response within 10 tries. *Is There A Timing Issue?* I am immediately sending data after I get an ack back that I am connected on the socket. So I don't think there is a timing issue but it would be nice to find a way to test this. Do you know if there is a configuration I can set to increase this wait time? I haven't seen one in the configurations. Thanks again for your help!! On Mon, May 8, 2017 at 4:32 PM, Steven Morgan <[email protected]> wrote: > Cory, > > If you can capture the tcp network traffic for a successful and a failed > session and send me the pcap files, I'd be glad to take a look at them. > > I have noticed that clamd only allows a short delay following tcp > connection establishment before receiving a clamd command or else it sends > a fin. Is it possible that there is a timing issue? > > Steve > > On Mon, May 8, 2017 at 11:35 AM, Cory Parrish <[email protected] > > > wrote: > > > Hello, I'm trying to stream a file to clamav (V 0.99.2) using the TCP > > Connection from a NodeJS server. Sometimes data is being sent back but > > other times I am receiving the "FIN" packet before any data. Every time I > > send a stream to be scanned, I see the result in the clamav logs, but for > > some reason the result is not getting sent back on the socket > consistently. > > Oddly enough, if I make clamav send back an error response, I will get > the > > response 100% of the time. I only see inconsistency when clamav executes > > the scan successfully, both when it finds a virus and when it does not > find > > a virus. > > > > *A couple things that I have tried:* > > > > 1. I was wondering if this happens on very small files. So I increased > the > > size of the file to over 500k and I still saw the same results. > > > > 2. Next I was wondering if it might happen when clamav uses its cache to > > determine that a file has already been scanned. So I changed the > > DisableCache configuration to 'yes' and still saw the same thing. > > > > Has anyone seen a problem like this in the past? Are there tests proving > > the socket communication is working correctly? Please let me know what > > information you would need to assist. > > > > *Attachments* > > clamd.conf - configuration used for the clam daemon. > > test-file.txt - the file I am streaming to clamav. > > > > Thanks so much for any help you can provide! > > > > -- > > Cory Parrish > > Owner, Developer, and Fellow Geek > > StriveNine > > > > _______________________________________________ > > clamav-users mailing list > > [email protected] > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Cory Parrish Owner, Developer, and Fellow Geek StriveNine _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
