From 18af4fcd933dc9f036d0976005e250d69a4043b4 Mon Sep 17 00:00:00 2001 From: Eugene Goloubitsky Date: Tue, 2 Dec 2025 12:45:54 -0800 Subject: [PATCH 1/4] SO-4011 throw exception in case of unexpected response --- src/ClamAV/ClamAV.php | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/src/ClamAV/ClamAV.php b/src/ClamAV/ClamAV.php index 83630ac..2d6f506 100644 --- a/src/ClamAV/ClamAV.php +++ b/src/ClamAV/ClamAV.php @@ -130,14 +130,39 @@ public function fileScanInStream(string $file): bool */ public function fileScan(string $file): bool { - $out = $this->sendCommand('SCAN ' . $file); + $response = $this->sendCommand('SCAN ' . $file); - $out = \explode(':', $out); - $stats = \end($out); + if (!is_string($response) || trim($response) === '') { + throw new \RuntimeException('Empty or invalid response from ClamAV daemon.'); + } - return \trim($stats) === 'OK'; + // Expected format: "/path/to/file: STATUS" + $parts = explode(':', $response); + + if (count($parts) < 2) { + throw new \RuntimeException( + 'Unexpected ClamAV response format: ' . $response + ); + } + + $status = trim(end($parts)); + + if ($status === 'OK') { + return true; // Clean + } + + if ($status === 'FOUND') { + return false; // Infected + } + + // Any other output (e.g. "ERROR", "UNKNOWN", empty, etc.) → exception + throw new \RuntimeException( + 'Unexpected ClamAV status: ' . $status . ' | Full response: ' . $response + ); } + + /** * Scan file or directory (recursively) with archive support * enabled, and don't stop the scanning when a virus is found. From fb06d391c377bc864752951983e190ce8cfd214f Mon Sep 17 00:00:00 2001 From: Eugene Goloubitsky Date: Tue, 2 Dec 2025 12:59:12 -0800 Subject: [PATCH 2/4] Revert "SO-4011 throw exception in case of unexpected response" This reverts commit 18af4fcd933dc9f036d0976005e250d69a4043b4. --- src/ClamAV/ClamAV.php | 33 ++++----------------------------- 1 file changed, 4 insertions(+), 29 deletions(-) diff --git a/src/ClamAV/ClamAV.php b/src/ClamAV/ClamAV.php index 2d6f506..83630ac 100644 --- a/src/ClamAV/ClamAV.php +++ b/src/ClamAV/ClamAV.php @@ -130,39 +130,14 @@ public function fileScanInStream(string $file): bool */ public function fileScan(string $file): bool { - $response = $this->sendCommand('SCAN ' . $file); + $out = $this->sendCommand('SCAN ' . $file); - if (!is_string($response) || trim($response) === '') { - throw new \RuntimeException('Empty or invalid response from ClamAV daemon.'); - } - - // Expected format: "/path/to/file: STATUS" - $parts = explode(':', $response); - - if (count($parts) < 2) { - throw new \RuntimeException( - 'Unexpected ClamAV response format: ' . $response - ); - } - - $status = trim(end($parts)); - - if ($status === 'OK') { - return true; // Clean - } - - if ($status === 'FOUND') { - return false; // Infected - } + $out = \explode(':', $out); + $stats = \end($out); - // Any other output (e.g. "ERROR", "UNKNOWN", empty, etc.) → exception - throw new \RuntimeException( - 'Unexpected ClamAV status: ' . $status . ' | Full response: ' . $response - ); + return \trim($stats) === 'OK'; } - - /** * Scan file or directory (recursively) with archive support * enabled, and don't stop the scanning when a virus is found. From 6a9f6aab4598a5ec72b4a648b80e739ea5b5ccf1 Mon Sep 17 00:00:00 2001 From: Eugene Goloubitsky Date: Tue, 2 Dec 2025 13:00:28 -0800 Subject: [PATCH 3/4] SO-4011 throw exception in case of unexpected response --- src/ClamAV/ClamAV.php | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/src/ClamAV/ClamAV.php b/src/ClamAV/ClamAV.php index 83630ac..8779551 100644 --- a/src/ClamAV/ClamAV.php +++ b/src/ClamAV/ClamAV.php @@ -130,12 +130,35 @@ public function fileScanInStream(string $file): bool */ public function fileScan(string $file): bool { - $out = $this->sendCommand('SCAN ' . $file); + $response = $this->sendCommand('SCAN ' . $file); - $out = \explode(':', $out); - $stats = \end($out); + if (!is_string($response) || trim($response) === '') { + throw new \RuntimeException('Empty or invalid response from ClamAV daemon.'); + } - return \trim($stats) === 'OK'; + // Expected format: "/path/to/file: STATUS" + $parts = explode(':', $response); + + if (count($parts) < 2) { + throw new \RuntimeException( + 'Unexpected ClamAV response format: ' . $response + ); + } + + $status = trim(end($parts)); + + if ($status === 'OK') { + return true; // Clean + } + + if ($status === 'FOUND') { + return false; // Infected + } + + // Any other output (e.g. "ERROR", "UNKNOWN", empty, etc.) → exception + throw new \RuntimeException( + 'Unexpected ClamAV status: ' . $status . ' | Full response: ' . $response + ); } /** From 7040df55de8d7aabd071f2fdc47187a25fecfb0a Mon Sep 17 00:00:00 2001 From: Eugene Goloubitsky Date: Wed, 3 Dec 2025 09:37:32 -0800 Subject: [PATCH 4/4] fix for FOUND with virus status --- src/ClamAV/ClamAV.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ClamAV/ClamAV.php b/src/ClamAV/ClamAV.php index 8779551..e0d54d6 100644 --- a/src/ClamAV/ClamAV.php +++ b/src/ClamAV/ClamAV.php @@ -151,7 +151,7 @@ public function fileScan(string $file): bool return true; // Clean } - if ($status === 'FOUND') { + if (str_ends_with($status, 'FOUND')) { return false; // Infected }