Tests for connect over TLS were bypassed due to the unix socket path being populated

.github/workflows/test.yml

@@ -18,16 +18,21 @@ jobs:
         run: sudo apt-get install clamav clamav-daemon
       - name: Restart Freshclam
         run: sudo systemctl restart clamav-freshclam
-      - name: Chill for 30 seconds
-        run: sleep 30
-      - name: Restart ClamD
-        run: sudo systemctl restart clamav-daemon
-      - name: Chill for 30 seconds again
-        run: sleep 30
+      - name: Wait for freshclam to be up to date
+        run: |
+          until sudo grep "$(date | cut -c -10)" /var/log/clamav/freshclam.log | grep -Eq 'Clamd was NOT notified|Clamd successfully notified about the update.'; do sleep 1; done;
+          sudo tail /var/log/clamav/freshclam.log
+      - name: Remove Syslog from ClamD Config & Restard ClamD
+        run: |
+          sudo systemctl stop clamav-daemon;
+          sudo sed -i /syslog/d /lib/systemd/system/clamav-daemon.service;
+          sudo systemctl daemon-reload;
+          cat /lib/systemd/system/clamav-daemon.service;
+          sudo systemctl start clamav-daemon;
       - name: Install OpenSSL
         run: sudo apt-get install openssl
       - name: Generate Key Pair for TLS
-        run: openssl req -new -sha256 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -newkey ed25519 -keyout key.pem -nodes -x509 -days 365 -out cert.pem
+        run: openssl req -new -sha256 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -addext "subjectAltName = DNS:localhost,IP:127.0.0.1,IP:::1" -newkey ed25519 -keyout key.pem -nodes -x509 -days 365 -out cert.pem
       - name: Install stunnel
         run: sudo apt-get install stunnel4
       - name: Install / Trust certificate
@@ -39,9 +44,13 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
       - name: Set stunnel config
-        run: sudo cp tests/stunnel.conf /etc/stunnel/
+        run: |
+          sudo cp tests/stunnel.conf /etc/stunnel/
+          sudo sed -i "s/\/var\/run\/clamd.scan\/clamd.sock/$(sudo cat /etc/clamav/clamd.conf |grep "LocalSocket "|cut -d " " -f 2 | sed 's/\//\\\//g')/" /etc/stunnel/stunnel.conf
       - name: Restart stunnel
-        run: sudo /etc/init.d/stunnel4 restart
+        run: |
+          sudo systemctl restart stunnel4;
+          sudo ss -tlnp;
       - name: Open ~ for all users to read
         run: chmod 755 ~
       - name: Use Node.js ${{ matrix.node-version }}
@@ -50,5 +59,17 @@ jobs:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies
         run: npm ci
+      - name: Wait for ClamD Socket
+        run: |
+          sudo systemctl status clamav-daemon
+          until [ -S $(cat /etc/clamav/clamd.conf |grep "LocalSocket "|cut -d ' ' -f 2) ]; do sleep 1; done
       - name: Run tests
         run: npm test
+        env:
+          NODE_EXTRA_CA_CERTS: /usr/local/share/ca-certificates/snakeoil.crt
+      - name: debug?
+        if: ${{ failure() }}
+        run: |
+          sudo journalctl -e -u stunnel4;
+          sudo journalctl -e -u clamav-daemon;
+          echo 'PING' | openssl s_client --connect localhost:3311 -ign_eof;

API.md

@@ -73,6 +73,7 @@ Initialization method.
 | [options.clamdscan.reloadDb] | <code>boolean</code> | <code>false</code> | If true, will re-load the DB on ever call (slow) |
 | [options.clamdscan.active] | <code>boolean</code> | <code>true</code> | If true, this module will consider using the `clamdscan` binary |
 | [options.clamdscan.bypassTest] | <code>boolean</code> | <code>false</code> | If true, check to see if socket is avaliable |
+| [options.clamdscan.tls] | <code>boolean</code> | <code>false</code> | If true, connect to a TLS-Termination proxy in front of ClamAV |
 | [options.preference] | <code>object</code> | <code>&#x27;clamdscan&#x27;</code> | If preferred binary is found and active, it will be used by default |
 | [cb] | <code>function</code> |  | Callback method. Prototype: `(err, <instance of NodeClam>)` |
 
@@ -357,7 +358,7 @@ use of a TCP or UNIX Domain socket. In other words, this will not work if you on
 have access to a local ClamAV binary.
 
 **Kind**: instance method of [<code>NodeClam</code>](#NodeClam)  
-**Returns**: <code>Promise.&lt;object&gt;</code> - Object like: `{ file: String, isInfected: Boolean, viruses: Array }`  
+**Returns**: <code>Promise.&lt;object&gt;</code> - Object like: `{ file: String, isInfected: Boolean, viruses: Array } `  
 
 | Param | Type | Description |
 | --- | --- | --- |

Makefile

@@ -10,7 +10,7 @@ test: all
 	@mkdir -p tests/mixed_scan_dir/folder1
 	@mkdir -p tests/mixed_scan_dir/folder2
 	@touch tests/clamscan-log
-	@./node_modules/.bin/mocha --exit --trace-warnings --trace-deprecation --retries 0 --full-trace --timeout 5000 --check-leaks --reporter spec $(TESTS)
+	@./node_modules/.bin/mocha --exit --trace-warnings --trace-deprecation --retries 1 --full-trace --timeout 5000 --check-leaks --reporter spec $(TESTS)
 
 clean:
 	rm -rf node_modules

index.js

@@ -545,7 +545,7 @@ class NodeClam {
                     }
                 }
                 // Host can be ignored since the default is `localhost`
-                else if (this.settings.tls) {
+                else if (this.settings.clamdscan.tls) {
                     client = tls.connect({ port: this.settings.clamdscan.port, timeout });
                 } else {
                     client = net.createConnection({ port: this.settings.clamdscan.port, timeout });
@@ -713,7 +713,7 @@ class NodeClam {
                         else reject(err);
                     }
                 });
-
+                client.on('error', (err) => reject(err));
                 client.on('data', (data) => {
                     if (data.toString().trim() === 'PONG') {
                         dataReceived = true;