-
Bug
-
Resolution: Not an Issue
-
P4
-
24
-
x86_64
-
linux_ubuntu
ADDITIONAL SYSTEM INFORMATION :
Ubuntu 25 open jdk 24.0.2, tomcat 10.1.46 with virtual threads enabled, clamav 0.104 running under kubernetes. Also happens when application runs openjdk / alpine 3.2 in kubernetes
A DESCRIPTION OF THE PROBLEM :
Have been using the library at https://github.com/cdarras/clamav-client/ to scan files since JDK11. The logic is very simple (https://github.com/cdarras/clamav-client/blob/master/src/main/kotlin/xyz/capybara/clamav/commands/scan/InStream.kt) open socketchannel and send frames in the format <length><data> to clamav.
The max frame size is 4(length) + 262144 (data) (but the same problem happens with smaller frame sizes)
After activating virtual threads on tomcat (the scan is happening on the http handler thread) the scan started failing, with the logs on clamav indicating that maximum scan size exceeded even with small files (a Mb or higher). With logs it has been confirmed that 2 sometimes three frames get sent before ClamAv returns the error. Using smaller frames, more of them get sent successfully but the problem always arises after ~ 600Kb of data sent. We did not look at the actual frames being sent but it "feels" like the length of the frame is being overwritten with data.
Some observations
1. Adding a Thread.sleep(20) in the while loop or putting a breakpoint causes the scanning to work correcly
2. Disabling virtual threads causes the scanning to work correcly
3. Starting a platform thread to perform the scan also causes the scan to work correctly
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
We could reproduce this only under tomcat with clamav running in a kubernetes container. Using the library to perform that scan on >1mb file
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Code running under virtual / platform threads should behave the same
ACTUAL -
Clamav logs (the requested is different every time which leads to think that the length header is being corrupted)
^INSTREAM: Size limit reached, (requested: 2778113013, max: 156762112)
WARNING: INSTREAM: Size limit reached, (requested: 2778113013, max: 156762112)
Ubuntu 25 open jdk 24.0.2, tomcat 10.1.46 with virtual threads enabled, clamav 0.104 running under kubernetes. Also happens when application runs openjdk / alpine 3.2 in kubernetes
A DESCRIPTION OF THE PROBLEM :
Have been using the library at https://github.com/cdarras/clamav-client/ to scan files since JDK11. The logic is very simple (https://github.com/cdarras/clamav-client/blob/master/src/main/kotlin/xyz/capybara/clamav/commands/scan/InStream.kt) open socketchannel and send frames in the format <length><data> to clamav.
The max frame size is 4(length) + 262144 (data) (but the same problem happens with smaller frame sizes)
After activating virtual threads on tomcat (the scan is happening on the http handler thread) the scan started failing, with the logs on clamav indicating that maximum scan size exceeded even with small files (a Mb or higher). With logs it has been confirmed that 2 sometimes three frames get sent before ClamAv returns the error. Using smaller frames, more of them get sent successfully but the problem always arises after ~ 600Kb of data sent. We did not look at the actual frames being sent but it "feels" like the length of the frame is being overwritten with data.
Some observations
1. Adding a Thread.sleep(20) in the while loop or putting a breakpoint causes the scanning to work correcly
2. Disabling virtual threads causes the scanning to work correcly
3. Starting a platform thread to perform the scan also causes the scan to work correctly
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
We could reproduce this only under tomcat with clamav running in a kubernetes container. Using the library to perform that scan on >1mb file
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Code running under virtual / platform threads should behave the same
ACTUAL -
Clamav logs (the requested is different every time which leads to think that the length header is being corrupted)
^INSTREAM: Size limit reached, (requested: 2778113013, max: 156762112)
WARNING: INSTREAM: Size limit reached, (requested: 2778113013, max: 156762112)
- relates to
-
-
- Resolved
-