Node.js has become a popular choice for running javascript code across a wide range of applications that need to scale well. It’s especially great for building web applications, where you often have to deal with files uploaded by users. However, those files can be sometimes hide dangerous code that could harm your system or compromise users’ personal information. That’s where ClamAV comes into play. This powerful and free antivirus software helps you spot viruses in files and get rid of them. In this blog post, I’ll walk you through how to use ClamAV to scan files within your Node.js applications, step by step. Read more about Node Js
Installing ClamAV
Before we start, we need to install ClamAV tool on our system. You can follow the below instructions which is provided in the official ClamAV documentation to install on your operating system.
Once you have installed ClamAV, you can verify that it’s working by running the following command in your terminal:
$ clamscan --version
The following command will tell you the version of ClamAV installed in your system Currently.
Installing the ClamAV library for Node.js
In order to have ClamAV in Node.js, a node clamscan module clamscan has to be installed as it is a scanner created on top of the ClamAV engine. You can install it using the npm package manager as follows:
$ npm install clamscan
This command will install the clamscan module and put it in the list of the project dependencies.
Scanning files for viruses using ClamAV in Node.js
The clamscan module is used for virus scanning of files and now that ClamAV and the clamscan module is installed, we can now use Node.js to do this. Here’s an example code snippet that shows how to do this:
const clamav = require(‘clamscan’);
const options = {
remove_infected: true,
quarantine_infected: true,
scan_log: ‘/var/log/clamav/clamscan.log’,
debug_mode: true
};
const scanner = clamav.createScanner(‘/usr/bin/clamscan’, options);
scanner.scan(‘/path/to/your/file’, function(err, file, isInfected) {
if (err) {
console.log(‘Error scanning file:’, err);
} else if (isInfected) {
console.log(‘File is infected:’, file);
} else {
console.log(‘File is clean:’, file);
}
});
Let’s break down the code:
- First, we initialize the clamscan module and we define the options object with some clamscan configuration. Some of these parameters determine the behavior of the scanner, for instance, purge the infected files, place them in quarantine or log the findings into a file, display debugging messages.
- After that, we create a scanner object calling createScanner method with the path of clamscan in binaries param and our options object.
- Lastly, we use the scan method from the scanner object with the path to the file that we would like to scan passed through it. This method is done with a callback function that executes once the scan is complete. The callback function gives us three things: an error object (if there’s an issue), the path to the scanned file, and a boolean that tells us whether the file is infected.
