Harden Lambda scan temp-file and timeout handling by docwho2 · Pull Request #320 · docwho2/java-cdk-serverless-clamscan

docwho2 · 2026-02-20T12:28:29Z

Prevent file name collisions in /tmp when multiple scans use the same S3 object base name by using unique temp file names.
Avoid passing a negative or too-small timeout to Process.waitFor which can cause unexpected behavior near Lambda timeouts.
Improve correctness on interruption by restoring the thread interrupt status when InterruptedException is caught.

Replace deterministic /tmp path generation with a new helper createTempFilePath(String) that generates a UUID-based filename (preserving the original extension) and returns a Path under /tmp (file: lambda/src/main/java/cloud/cleo/clamav/lambda/ScanningLambda.java).
Add getClamScanWaitMillis(int) to compute a safe wait time (remainingMillis - 10000) and bail out if there is insufficient execution time, destroying the clamscan process and tagging the object ERROR when configured to do so.
Restore thread interrupt status inside the catch for InterruptedException to avoid swallowing the interrupt.
Add Paths import and ensure the temp file is deleted in the finally block after scanning.

Ran the project's test suite with mvn test -q and the tests completed successfully.

Harden scan temp file and timeout handling

2003bf0

docwho2 added the codex label Feb 20, 2026 — with ChatGPT Codex Connector

Provide feedback