Interactive Demo

Experience pompelmi's terminal output without installing anything. Drop a file below (or use the file picker) and watch the simulated scan run — showing exactly what you'd see in a real Node.js application.

Simulation only — the browser cannot run a ClamAV daemon. This demo faithfully reproduces the UX and terminal output of pompelmi. For real scanning, install pompelmi in your Node.js project.

1. Choose a verdict to simulate

2. Drop a file (or click to select)

Drop any file here

or click to browse — the file is never uploaded or sent anywhere

3. Terminal output

pompelmi scan
Waiting for file…

EICAR Test File

The EICAR test string is a safe, inert file used to verify that antivirus software is working correctly. It is not a real virus — every reputable AV engine recognises it and reports it as infected.

EICAR test string

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Save this string (exactly as shown, no trailing newline) to a file named eicar.com, then pass it to pompelmi: 

const { scan, Verdict } = require('pompelmi');
const result = await scan('./eicar.com', { host: 'localhost', port: 3310 });
// result === Verdict.Malicious  ✓

pompelmi will return Verdict.Malicious for this file.

How pompelmi actually works

In a real Node.js application, pompelmi communicates with a running clamd daemon over TCP or a UNIX socket using the INSTREAM protocol:

  1. Your app calls await scan(filePath, { host, port })
  2. pompelmi opens a TCP connection to clamd
  3. The file is streamed in 64 KB chunks — no disk writes, no temp files
  4. clamd inspects each chunk and responds with stream: OK or stream: <name> FOUND
  5. pompelmi returns one of three Symbols: Verdict.Clean, Verdict.Malicious, or Verdict.ScanError

Get started — scan your first file in under 5 minutes.