Node.js has become popular for running JavaScript code across various applications that must scale well. It's especially great for building web applications, where you often have to deal with files uploaded by users. However, those files can sometimes hide dangerous code that could harm your system or compromise users' personal information. That's where ClamAV comes into play. This powerful and free antivirus software helps you spot viruses in files and eliminate them. In this blog post, I'll walk you through step-by-step instructions on how to use ClamAV to scan files within your Node.js applications. Read more about Node.js.
Installing ClamAV
Before we start, we need to install the ClamAV tool on our system. You can follow the instructions below, which are provided in the official ClamAV documentation to install on your operating system.
Once you have installed ClamAV, you can verify that it's working by running the following command in your terminal:
$ clamscan --versionThe following command will tell you the current version of ClamAV that has been installed on your system.
Installing the ClamAV library for Node.js
To have ClamAV in Node.js, a node clamscan module has to be installed, as it is a scanner created on top of the ClamAV engine. You can install it using the npm package manager as follows:
$ npm install clamscanThis command will install the clamscan module and put it in the list of project dependencies.
Scanning files for viruses using ClamAV in Node.js
The clamscan module is used for virus scanning of files, and now that ClamAV and the clamscan module are installed, we can use Node.js to do this. Here's an example code snippet that shows how to do this:
Clamav nodejs example:
const clamav = require('clamscan');
const options = {
remove_infected: true,
quarantine_infected: true,
scan_log: '/var/log/clamav/clamscan.log',
debug_mode: true
};
const scanner = clamav.createScanner('/usr/bin/clamscan', options);
scanner.scan('/path/to/your/file', function (err, file, isInfected) {
if (err) {
console.log('Error scanning file:', err);
} else if (isInfected) {
console.log('File is infected:', file);
} else {
console.log('File is clean:', file);
}
});Let's break down the code:
- First, we initialise the clamscan module and define the options object with some clamscan configuration. Some parameters determine the bscanner's behaviour, such as purging the infected files, placing them in quarantine, logging the findings into a file, or displaying debugging messages.
- After that, we create a scanner object by calling the createScanner method with the path of clamscan in the binaries parameter and our options object.
- Lastly, we use the scan method from the scanner object with the path to the file we would like to scan passed through it. This method uses a callback function that executes once the scan is complete. The callback function gives us three things: an error object (if there's an issue), the path to the scanned file, and a boolean that tells us whether the file is infected.