Pompelmi ClamAV Scanner
Version updated for https://github.com/pompelmi/pompelmi to version v1.7.0.
- This action is used across all versions by 5 repositories.
Action Type
This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The “pompelmi” GitHub Action provides ClamAV antivirus scanning for Node.js, enabling developers to easily scan files, directories, streams, or in-memory buffers for malicious content. It simplifies virus scanning by offering a single async function (scan()) with clear verdicts (Clean, Malicious, ScanError) and supports both local scanning (using ClamAV’s clamscan command) and remote scanning via TCP or UNIX sockets without requiring regex parsing, native bindings, or runtime dependencies. This tool automates antivirus integration for upload pipelines or HTTP frameworks like Express and Fastify, reducing complexity and maintenance overhead.
What’s Changed
What’s New
GitHub Action
pompelmi is now available as a zero-dependency GitHub Action.
Add ClamAV virus scanning to any repository in 3 lines:
- uses: pompelmi/pompelmi@v1.7.0
with:
path: .
fail-on-virus: true
- Bundles ClamAV + clamd inside Docker — no setup required
- Updates virus definitions automatically at every run via freshclam
- Posts a scan summary to the GitHub Actions job summary
- Outputs:
status(clean/infected) andinfected-files
📚 Full Documentation
A complete docs/ site has been added:
UNIX Socket Support (from v1.6.0)
Connect to clamd via UNIX socket instead of TCP:
const result = await scan('file.txt', { socket: '/var/run/clamav/clamd.sock' });
Changes
action.yml+action/— Docker-based ClamAV GitHub Actiondocs/— full documentation siteREADME.md— updated with Action section and docs linkssrc/ClamdScanner.js,BufferScanner.js,StreamScanner.js— UNIX socket supportsrc/ClamAVScanner.js— routing updated to recognizesocketoption
Full Changelog
https://github.com/pompelmi/pompelmi/compare/v1.6.0...v1.7.0