Implementing an Anti-Virus File Scan in JEE Applications
I added a new response string from the SSE server—ICAP/1.0 558—to designate expired license. The main ones you should care about are: two and three which indicate a virus, and four which means the file is clean.
Please see the Symantec Scan Engine Software Developers Guide (page 30, Table 3-4 Status codes) for a compete list of the definitions of the response codes.
Example code to send email to the administrator if license in invalid:
if (server_response.equals(fourteen) ||
server_response.equals(sixteen)) {
// license is bad
// if you want to let files through without actually scanning
the_return = "clean";
// send email this must be working if option is "clean"
String body = "Note the license for Symantec Scan Engine is
invalid or has expired!\n\rPlease see - class
AVRespond for more info.\n\rThis email is sent
every time a client uploads an un-scanned file";
try {
sendMail("symantec_scan_engine@mycompany.com",
"YOU@mycompany.com", "Invalid or expired license for
Symantec Scan Engine", body);
}
catch (Exception ex) {
logger.error("AV client could not send email notification\nMake
sure properties has \"mail.smtp.host\" entry in
it \n " + ex);
}
}
Download the Source Code
Conclusion
In this article, I have discussed how to do anti-virus file scanning from JEE applications. Surprisingly, not many developers know about this mechanism, even though leaving external files un-scanned can be a potential security risk. The scanning implementations currently available on the market are proprietary to the third-party vendors that provide custom Java APIs. For Java developers, it would be better for Sun to develop one standard protocol for the scanning APIs and enforce it among the vendors, similarly as it did with the Java Messaging Service (JMS) protocol. Even though scanning is not as large as the JMS is in the enterprise world, it's still and important aspect for some enterprise applications.
References
- http://www4.symantec.com/Vrt/offer?a_id=20026
- http://eval.symantec.com/mktginfo/enterprise/fact_sheets/ ent-factsheet_scan_engine_5.0_06-2005.en-us.pdf
About the Author
Vlad Kofman works on enterprise-scale projects for the major Wall Street firms. He has also worked on defense contracts for the U.S. government. His main interests are object-oriented programming methodologies, UI, and design patterns.
Page 3 of 3
This article was originally published on November 15, 2007