Antivirus Server

The Cloud CMS Antivirus Server is a Node.js application that exposes a HTTP interface to allow an application to remotely scan files by submitting them via HTTP. Submitted files are passed through TCP to a ClamAV daemon process.

API

GET /

If the server is online, this will always return:

{
    "ok": true
}

POST /status

This checks the status of the daemon process and returns whether the Antivirus service is working nominally. If everything is working well, you will get back something like:

{
    "ok": true,
    "ping": true,
    "version": "ClamAV 0.100.3/25405/Sun Mar 31 07:55:25 2019\u0000"
}

POST /scan

This must be a multipart post. Each post should contain one or more named files. Each file will be scanned and the aggregated results will be returned.

Here is an example of a successful scan where no infections were found:

{
    "ok": true,
    "infected": false,
    "files":[{
        "filename": "test.pdf",
        "mimetype": "application/octet-stream",
        "infected": false,
        "ok":true
    }]
}

And here is an example where an infection was found:

{
    "ok": false,
    "infected": true,
    "files":[{
        "filename": "eicar.txt",
        "mimetype": "text/plain",
        "infected": true,
        "ok": false,
        "message": "Eicar-Test-Signature FOUND\u0000"
    }]
}

Docker Compose

Here is a sample docker-compose.yml file that shows how to use this server in conjunction with another container that hosts the ClamAV daemon process.

version: "2.2"

services:

  clamav:
    image: mkodockx/docker-clamav
    container_name: clamav
    restart: unless-stopped

  antivirus:
    image: cloudcms/antivirus-server:3.2.31
    container_name: antivirus
    restart: unless-stopped
    env_file:
      - antivirus.env
    links:
      - clamav:clamav
    depends_on: 
      - clamav
    privileged: true
    ports:
      - "80:8080"

In this case, the ClamAV daemon process is provided by mkdockx/docker-clamav. This is optional. There are other Docker images out there that provided the same service.

Environment file

The antivirus.env file defines environment variables that get passed into the Cloud CMS Antivirus Server.

The following parameters must be supplied to describe how to connect to the ClamAV daemon over TCP:

  • CLAMD_HOST
  • CLAMD_PORT

You can also specify the port that the HTTP routes should be run on:

  • PORT

And you must specify the username and password required for basic authentication to the scan and status routes:

  • USERNAME
  • PASSWORD

Here is an example of an antivirus.env file that works with the docker-compose.yml above:

CLAMD_HOST=clamav
CLAMD_PORT=3310
USERNAME=myuser
PASSWORD=mypassword
PORT=8080

This starts up the Node HTTP interface on port 8080. Scan and status calls will require basic authentication to be supplied with the username myuser and the password mypassword. The HTTP server will connect to ClamAV on host clamav (see the docker compose file) and port of 3310.

Note that 3310 is the default TCP port for the ClamAV daemon.