Implementing an Anti-Virus File Scan in JEE Applications

I added a new response string from the SSE server—ICAP/1.0 558—to designate expired license. The main ones you should care about are: two and three which indicate a virus, and four which means the file is clean.

Please see the Symantec Scan Engine Software Developers Guide (page 30, Table 3-4 Status codes) for a compete list of the definitions of the response codes.

Example code to send email to the administrator if license in invalid:

if (server_response.equals(fourteen) ||
   server_response.equals(sixteen)) {
   // license is bad
   // if you want to let files through without actually scanning
   the_return = "clean";
   // send email – this must be working if option is "clean"
   String body = "Note the license for Symantec Scan Engine is
                 invalid or has expired!\n\rPlease see - class
                 AVRespond for more info.\n\rThis email is sent
                 every time a client uploads an un-scanned file";
   try {
      sendMail("symantec_scan_engine@mycompany.com",
               "YOU@mycompany.com", "Invalid or expired license for
               Symantec Scan Engine", body);

   }
   catch (Exception ex) {
      logger.error("AV client could not send email notification\nMake
                    sure properties has \"mail.smtp.host\" entry in
                    it \n " + ex);
   }
}

Download the Source Code

• Av.jar: required lib
• Av.zip: full source

Conclusion

In this article, I have discussed how to do anti-virus file scanning from JEE applications. Surprisingly, not many developers know about this mechanism, even though leaving external files un-scanned can be a potential security risk. The scanning implementations currently available on the market are proprietary to the third-party vendors that provide custom Java APIs. For Java developers, it would be better for Sun to develop one standard protocol for the scanning APIs and enforce it among the vendors, similarly as it did with the Java Messaging Service (JMS) protocol. Even though scanning is not as large as the JMS is in the enterprise world, it's still and important aspect for some enterprise applications.

References

• http://www4.symantec.com/Vrt/offer?a_id=20026
• http://eval.symantec.com/mktginfo/enterprise/fact_sheets/ ent-factsheet_scan_engine_5.0_06-2005.en-us.pdf

About the Author

Vlad Kofman works on enterprise-scale projects for the major Wall Street firms. He has also worked on defense contracts for the U.S. government. His main interests are object-oriented programming methodologies, UI, and design patterns.

Page 3 of 3



This article was originally published on November 15, 2007