clamscan - npm Package Compare versions

Comparing version 1.2.0 to 1.3.0

HISTORY.md

		@@ -304,1 +304,12 @@ # Changes
		```

		## 1.2.0

		### SECURITY PATCH
		An important security patch was released in this version which fixes a bug causing false negatives in specific edge cases. Please upgrade immediately and only use this version from this point on.

		All older versions of this package have been deprecated on NPM.

		## 1.3.0

		This just has some bug fixes and updates to dependencies. Technically, a new `'timeout'` event was added to the `passthrough` stream method, but, its not fully fleshed out and doesn't seem to work so it will remain undocumented for now.

NodeClamTransform.js

		@@ -36,5 +36,7 @@ /*
		if (this._debug_mode) console.log("node-clam: Received final data from stream.");
		const size = Buffer.alloc(4);
		size.writeInt32BE(0, 0);
		this.push(size);
		if (!this._readableState.ended) {
		const size = Buffer.alloc(4);
		size.writeInt32BE(0, 0);
		this.push(size);
		}
		cb();
		@@ -41,0 +43,0 @@ }

package.json

		{
		"name": "clamscan",
		"version": "1.2.0",
		"version": "1.3.0",
		"author": "Kyle Farris <kfarris@chomponllc.com> (http://chomponllc.com)",
		@@ -11,3 +11,4 @@ "description": "Use Node JS to scan files on your server with ClamAV's clamscan/clamdscan binary or via TCP to a remote server or local UNIX Domain socket. This is especially useful for scanning uploaded files provided by un-trusted sources.",
		"urg <Patrick McAndrew>",
		"SaltwaterC <Ștefan Rusu>"
		"SaltwaterC <Ștefan Rusu>",
		"Sjord <Sjoerd Langkemper>"
		],
		@@ -14,0 +15,0 @@ "scripts": {

README.md

		@@ -9,5 +9,5 @@ [![NPM Version][npm-version-image]][npm-url] [![NPM Downloads][npm-downloads-image]][npm-url] [![Node.js Version][node-image]][node-url] [![Build Status][travis-image]][travis-url]

		If you are using a version prior to 0.8.2, please upgrade! There was a security vulnerability in previous versions that allows a malicious user to execute code on your server. Specific details on how the attack could be implemented will not be disclosed here. Please update to 0.8.2 or greater ASAP. No breaking changes are included, only the security patch.
		If you are using a version prior to 1.2.0, please upgrade! There was a security vulnerability in previous versions that can cause false negative in some edge cases. Specific details on how the attack could be implemented will not be disclosed here. Please update to 1.2.0 or greater ASAP. No breaking changes are included, only the security patch.

		All other versions in NPM have been deprecated.
		All older versions in NPM have been deprecated.

		@@ -14,0 +14,0 @@ # Version 1.0.0 Information:

tests/test_config.js

		@@ -14,3 +14,3 @@ const fs = require('fs');

		module.exports = {
		const config = {
		remove_infected: false, // don't change
		@@ -23,9 +23,15 @@ quarantine_infected: __dirname + '/infected', // required for testing
		clamdscan: {
		socket: '/var/run/clamav/clamd.ctl', // required for testing (change for your system e.g. '/var/run/clamd.scan/clamd.sock') - can be set to null
		socket: '/var/run/clamd.scan/clamd.sock', // required for testing (change for your system e.g. '/var/run/clamd.scan/clamd.sock') - can be set to null
		host: '127.0.0.1', // required for testing (change for your system) - can be set to null
		port: 3310, // required for testing (change for your system) - can be set to null
		path: which('clamdscan'), // required for testing
		//config_file: '/etc/clamd.d/scan.conf' // set if required
		timeout: 1000,
		// config_file: '/etc/clamd.d/scan.conf' // set if required
		},
		debug_mode: false
		debug_mode: false,
		};

		// Force specific socket when on travis CI.
		if (process.env.CI) config.clamdscan.socket = '/var/run/clamav/clamd.ctl';

		module.exports = config;

index.js

Sorry, the diff of this file is too big to display

tests/index.js

Sorry, the diff of this file is too big to display

New alerts