Comments (16)
I ran into the same issue while playing with a k8s deployment. Seems to be memory related on clamav side, not starting properly even if nothing is shown in logs.
What seems to have solved my issue was allowing more memory to clamav (allowed 2048m) and setting this parameter to reduce clamav footprint.
ConcurrentDatabaseReload no
Hope this helps someone.
from clamav-rest-api.
It's probably because there is no (yet) clamavd-service
ready to respond to request. Have a look at discussion on this PR #23.
Try to define command
for a pod in CRA deployment:
<snip>
spec:
containers:
- name: clamav-rest-api
# Run this image
image: benzino77/clamav-rest-api
command: ['/usr/bin/wait-for-it', '-h', '<replace-with-clamavd-service-name>', '-p', '3310', '-s', '-t', '60', '--', 'npm', 'start']
<snip>
Are you using NetworkPolices
in your cluster? Could you please provide your ConfigMap
definition? How many replicas of clamavd and CRA do you start in your deployment?
from clamav-rest-api.
Thank you for your reply,
i m using almost default settings from your repository. clamavd-service
is running. I start 1 replica of both, clamavd and CRA. No NetworkPolicies
. Here is my ConfigMap
.
apiVersion: v1
kind: ConfigMap
metadata:
name: cra-configmap
data:
# property-like keys; each key maps to a simple value
node-env: 'development'
clamd-ip: 'clamavd-svc'
app-form-key: 'FILES'
Almost everything is default. Only custom labels, matchLabels and namespace were added.
from clamav-rest-api.
Try with changed command
in CRA deployment...
If you have only one replica of clamavd
and get 50% failed calls this is a very strange behavior. I would suspect that:
- there is something wrong with
clamavd
itself - there is something wrong with network in your setup
Do you use clamav/clamav:0.104.1
image as an clamavd
instance?
from clamav-rest-api.
I have read (but I cant find it again) that 0.104 version of clamavd has a bloking problem when database is updated. It does not accept any connections during update. Try with the 0.104.2, wait for 0.105 to be available on dockerhub or use other clamav docker image based on version 0.103.
from clamav-rest-api.
we switched our images to 0.105 version of clamav. And problem is still the same. It looks same in local cluster and remote k8s cluster where is this app deployed. We could not tried 0.103 version because it is not available on docker hub nowadays. Do you have some clues what might be wrong with network setup or anything else?
Thank you very much
from clamav-rest-api.
Have you tried the configuration with changed command
in CRA deployment? Are you deploying CRA and Clamavd in the same namespace?
If you are using manifests provided with CRA, the service name assign to clamavd
is called clamavd-service
not clamavd-svc
as yours ConfigMap
shows.
from clamav-rest-api.
Manifests were changed, so service name is ok(if not i assume that no request would be succesfull), it is not even clamavd-svc these days:) CRA and clamavd are in the same namespace. No i did not test changed command. If i understand it correctly, that command just delayed start of the CRA when CLAMAV is accessible. When clamav is up and running there should be no reason to fail in 50% of requests. Or am i missing something?
from clamav-rest-api.
Yes, the changed command in CRA deployment should force CRA to wait for Clamavd to be accessible.
Here is the full description of wait-for-it
command: link
from clamav-rest-api.
Thank you for link, i'll check it but main issue is why cca 50% call for /version endpoint failed when clamavd is up and running. Do you have any ideas? I'm using /version endpoint as liveness probe in our k8s cluster and those failed requests are causing restarting of the pod. Thank you very much.
from clamav-rest-api.
You are right. You should talk with someone from your DevOps team to help you troubleshoot this problem.
On my side I can tell that I have performed some tests. One on my local minikube installation (kubernetes version v1.23.3) and the other one on the remote "full blown cluster" version v1.22.4. On both environments I have no problems at all. I have tested setup with two different clamavd versions (clamav/clamav:0.104.1
and clamav/clamav:stable
). I have also tested the with livenessProbe
defined for CRA:
apiVersion: apps/v1
kind: Deployment
metadata:
# Unique key of the Deployment instance
name: cra-deployment
labels:
app: cra
spec:
replicas: 1
selector:
matchLabels:
app: cra
template:
metadata:
labels:
# Apply this label to pods and default
# the Deployment label selector to this value
app: cra
spec:
containers:
- name: clamav-rest-api
# Run this image
image: benzino77/clamav-rest-api
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 2
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 1
httpGet:
host:
scheme: HTTP
path: /api/v1/version
port: 3000
env:
- name: NODE_ENV
valueFrom:
configMapKeyRef:
name: cra-configmap
key: node-env
- name: CLAMD_IP
valueFrom:
configMapKeyRef:
name: cra-configmap
key: clamd-ip
- name: APP_FORM_KEY
valueFrom:
configMapKeyRef:
name: cra-configmap
key: app-form-key
ports:
- containerPort: 3000
protocol: TCP
name: cra-port
To summarize - I can not unfortunately reproduce your problem. What comes to my mind is that maybe you have some other parts involved in your setup: some kind of service mesh (ie. Istio), specific to your CNI network configuration (like Global Calico NetworkPolicies), etc..
from clamav-rest-api.
OK, interesting. Thank you for your time, help and quick responses!
from clamav-rest-api.
I have the same issue and clam av is not working after a day
from clamav-rest-api.
curl -s -XPOST http://20.82.64.96:3000/api/v1/scan -F [email protected]
{"success":false,"data":{"error":"connect ECONNREFUSED 10.0.0.86:3310"}}[
from clamav-rest-api.
Check your logs why clamavd stops working after a day. There is a comment above pointing that assigning more memory to clamavd deployment solves the problem.
from clamav-rest-api.
Clamav is not stopping, , nothing in the logs
from clamav-rest-api.
Related Issues (18)
- [Question] Could I use this API to scan another pod? HOT 2
- Why forcing filenames to have APP_FORM_KEY name ? HOT 1
- ECONNREFUSED 127.0.0.1:3310 HOT 14
- what is host name when i use clamd-rest-api within the container.On juypter host name is localhost and its working, but when i run python code within the container its not working . Please help HOT 1
- File storage path
- [Feature] Check if the database signature its up to update in the version endpoint HOT 5
- TypeError: req.files.hasOwnProperty is not a function HOT 19
- CRA returns `"is_infected": null` HOT 6
- a few suggestions and fixes HOT 3
- "is_infected":null returned on any request, even if virus is found HOT 4
- Limited File Types HOT 3
- got error when file too large HOT 11
- Open vulnerabilities for express-fileupload HOT 6
- Error when calling / HOT 3
- Testing Endpoints /version works /scan doesn't HOT 2
- Changelog available HOT 2
- Typo on the readme HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clamav-rest-api.