Full review

[peternowee]

No description provided.

[cecemel]

Nitpick: not per se. Other files may ingest and store files too.

[cecemel]

maybe mention if you need to trigger a scan through the API directly

[cecemel]

Given the current scope, I am very much inclined to keep the API in the documentation for 'debugging' purposes only. Although it could be potentially useful, it needs thorough consideration before making it available to production clients (mainly the frontend). I do not consider this as part of the scope for this iteration."

[cecemel]

The initial problems I see:

• what about long running jobs
• inconsistency how the virus scanner needs to be triggered vs the malware analysis data model
• json:api compatible spec
• ...
  It's very close; but i would mention in the documentation that this is not meant for public exposure YET

[cecemel]

not now

[cecemel]

I thought we'd go for skos:Concepts

[cecemel]

To be compatible with json:api, i think it should be releationships. (https://jsonapi.org//)

[cecemel]

Here, it would be better to have a try-catch block for each iteration of the loop. Currently, if something fails in the first file, it could potentially cause the remaining files to not be scanned properly

[cecemel]

Ok; this is too elaborate for me. But anyway; if you want to keep such a report; maybe abstract it away in a 'printReport' function that you call here, so the 'controller' logic is less cluttered and easier to follow.

[cecemel]

I think this is really too much. At some point we should trust the system and the corresponding error codes if stuff fails.

[cecemel]

Here I think that's the good response, for now.
Currently this is a silent fail; meaning; no one will get notified if we have a general exception. And here is a bit a problem of convention; there is no general way of dealing with these kind of situations.
In loket apps for instance; it's gonna write an error to the database and that will be picked up by another service who will send a mail. But unsure what others do ATM.
Anyway; i would keep for this iteration the handling as is. Maybe use console.error instead

[cecemel]

Btw: https://github.com/mu-semtech/mu-javascript-template#error-handling

[cecemel]

Before making this API public we should see how json:api-compatible it can be made. Again not for this iteration. Very good it's there

[cecemel]

also here again what with long runnig requests. (not for now)

[cecemel]

for me a bit overkill. but ok

[cecemel]

no that's too much :-)

[cecemel]

You're extremely kind to your users :-)

[cecemel]

Since I didn't see it being used on physical files, i would scrap this to keep code a bit simpler

[cecemel]

Nitpick; maybe consider it calling 'viruses' or something. cause was not immediately clear to me what it was.

[cecemel]

Hi,
Very good start. Very well documented too. That's very nice.

If testing proves success (still have to do this); then the only changes i would make for release v0.1.0

• Update Readme: and mention the API is not ready for public consumption yet.
• https://github.com/peternowee/virus-scanner-service/pull/3/files#r1417514505

All the rest can be picked up in next iterations. Some stuff might be breaking (like e.g. the concept scheme status) but nothing we cannot explain in a migration guid

[cecemel]

I would make the query a tad more precise. Saying you expect your physical file to be a nfo:Filedataobject

[cecemel]

use a distinct here

[cecemel]

using distinct won't need this comment. I can also image a lot of other egde cases (e.g. derived files) but let's not dwell upon that.

[cecemel]

you can just use ?graph directly

[cecemel]

Side note: extra reason why i am reluctant to expose as API: it uses a sudo query. so everyone with access could write to the db.

[cecemel]

I don't understand the question

[cecemel]

Btw: https://github.com/mu-semtech/mu-javascript-template#error-handling

[cecemel]

AFAIK: i don't think this is picked up during build.

[peternowee]

@cecemel Could you still answer this question about the IRI format http://data.gift/virus-scanner/analysis/id/{id} ?

• It seems uncommon to let the service name be the first path segment (/virus-scanner/). Often, the first path segment seems to be more generic, like /id/ (or /concepts/, /concept-schemes/, /services/, /vocabularies/, etc.)
• The hostname often has a prefix, like redpencil.data.gift, lblod.data.gift, kanselarij.vo.data.gift, (or own domain, like data.lblod.info).

Some examples from other services:

• http://lblod.data.gift/id/subsidie/bicycle-infrastructure/{id}
• http://redpencil.data.gift/id/dataContainers/{id}
• http://data.lblod.info/id/dataContainers/${id}
• http://kanselarij.vo.data.gift/id/indieningsactiviteiten/${id}
• http://kanselarij.vo.data.gift/id/personen/${id}

But there are many different variations, perhaps there is no hard rule. I could look into this myself or ask around more later.

[cecemel]

Two questions here:

1. do we need to persist these signatures?
2. if we do, can't this not be in a simple mounted volume. (It's one of these implicit assumptions of the stack we DON'T work with docker-volumes)

[peternowee]

1. do we need to persist these signatures?

If you don't, you risk getting rate-limited for downloading the signature database too often:

WARNING: Tue Oct 24 18:08:37 2023 -> Can't download daily.cvd from https://database.clamav.net/daily.cvd
WARNING: Tue Oct 24 18:08:37 2023 -> FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).
WARNING: Tue Oct 24 18:08:37 2023 -> You are on cool-down until after: 2023-10-25 14:48:57
WARNING: Tue Oct 24 18:08:38 2023 -> Can't download main.cvd from https://database.clamav.net/main.cvd
WARNING: Tue Oct 24 18:08:38 2023 -> FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).
WARNING: Tue Oct 24 18:08:38 2023 -> You are on cool-down until after: 2023-10-25 14:48:57
Tue Oct 24 18:08:38 2023 -> This means that you have been rate limited by the CDN.
Tue Oct 24 18:08:38 2023 ->  1. Run FreshClam no more than once an hour to check for updates.
Tue Oct 24 18:08:38 2023 ->     FreshClam should check DNS first to see if an update is needed.
Tue Oct 24 18:08:38 2023 ->  2. If you have more than 10 hosts on your network attempting to download,
Tue Oct 24 18:08:38 2023 ->     it is recommended that you set up a private mirror on your network using
Tue Oct 24 18:08:38 2023 ->     cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
Tue Oct 24 18:08:38 2023 ->     CDN and your own network.
Tue Oct 24 18:08:38 2023 ->  3. Please do not open a ticket asking for an exemption from the rate limit,
Tue Oct 24 18:08:38 2023 ->     it will not be granted.

[peternowee]

2. if we do, can't this not be in a simple mounted volume. (It's one of these implicit assumptions of the stack we DON'T work with docker-volumes)

From my notes of that time:

Problem: When using a bind mount of a host directory to /var/lib/clamav, it is owned by user peter on the host and thus owned by root in the container (unless chowned, which is difficult because of uid and gid mapping between host and container). As a result, freshclam cannot download the database to /var/lib/clamav.

Finally got mounting volume with non-root owner to work.
Seems the following is required:

• In Dockerfile, in this order:
  1. Make sure the directory has desired owner and file mode.
     E.g. RUN mkdir && chown && chmod.
     In our case, the RUN apt-get install of clamav already created
     /var/lib/clamav owned by clamav:clamav.
  2. After that: VOLUME /var/lib/clamav
     See https://devops.stackexchange.com/questions/4540/how-to-change-the-owner-of-volume-directory-in-dockerfile
• Then in docker-compose.yml:
  • Seems that bind mount does not work, probably because
    "Copy modes are not supported for bind-mounted volumes.".
    -- https://stackoverflow.com/questions/68317294/docker-compose-volumes-mode-options

    • Actually, that could probably be solved by adding chown in
      boot-virus-scanner.sh, but given the discussion of 20231023 and
      20231024, I am trying to prevent that. Also, it would result in
      strange ownership uid/gid on host. See similar remark on ClamAV's
      own Docker image:

      Disclaimer: When using a Bind Mount, the container's
      entrypoint script will change ownership of this directory to
      its "clamav" user. This enables FreshClam and ClamD with the
      required permissions to read and write to the directory,
      though these changes will also affect those files on the
      host.
      -- https://github.com/Cisco-Talos/clamav-documentation/blob/main/src/manual/Installing/Docker.md

      Added todo-later item:

      • 20231024 15:30 Add chown in boot-virus-scanner.sh to have
        bind mount on /var/lib/clamav work as well?
  • Not specifying a volume for /var/lib/clamav at all: Works. It will
    create an anonymous volume.

    peter@potlood:~/rpio/mini-app/app-hardware
    $ docker-compose exec -- virus-scanner runuser -u clamav touch /var/lib/clamav/test
    $ docker-compose exec -- virus-scanner ls -al /var/lib/clamav
    drwxr-xr-x 2 clamav clamav 4096 Oct 24 15:32 .
    drwxr-xr-x 1 root   root   4096 Oct 24 14:53 ..
    -rw-r--r-- 1 clamav clamav    0 Oct 24 15:32 test
    root@potlood:~
    # ls -al /var/lib/docker/1000.1000/volumes/c41e4f3299bd29aa894241e18217783a3e12ecced4ea86ed77b95bc36caf316b/_data/
    drwxr-xr-x 2 1100 1103 4096 Oct 24 17:32 .
    drwx-----x 3 root root 4096 Oct 24 17:28 ..
    -rw-r--r-- 1 1100 1103    0 Oct 24 17:32 test
    

    However, anonymous volume is not very useful for persisting data,
    because a new anonymous volume is created on every down+up (not on
    restart).
  • Specify a named volume, e.g.:

        services:
          virus-scanner:
            volumes:
              - type: volume
                source: signature-database
                target: /var/lib/clamav
                volume:
                  nocopy: false
        volumes:
          signature-database:
    

    Note about nocopy:
    • nocopy: true does NOT work! (I tested it again.)
    • nocopy: false is not required, because
      "For named volumes, copy is the default mode."
      -- https://stackoverflow.com/questions/68317294/docker-compose-volumes-mode-options

[cecemel]

I noticed for large files the scan fails because it can't allocate sufficient memory. Would it be possible to add this through a parameter? (So we decide per app how large our files can be for scanning)