Configure ICAP in ORDS for virus scan

Hello Every one,
Please advice how we can configure ICAP in ORDS for scanning virus. We want to scan a uploaded file for virus and I was told that we can use the ICAP but we don't know how.
I appreciate your help.
Thanks,

Any idea!!

Similar Messages

In have installed AVG for virus scanning yet NORTON scans the downloaded files

I have installed AVG for virus scanning. Yet, attached files from other users are scanned by Norton Internet security (which I have removed). How do you notify Firefox to use AVG?

Norton may not have been completely removed from your system, the built-in uninstaller is notorious for not removing everything. Norton has a number of removal tools for complete removal of their various programs. <br />
http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

How to configure and save presets for custom scanning?

There are 5 presets in Acrobat XI for scanning files: "Autodetect...", "Black &White...", "Grayscale...", "Color Doc...", and "Color Image".
There is also an option to to do a "Custom Scan..." and "Configure Presets" (modify the 5 above).
However, I could not find any way to create my own custom presets.. is that not possible?
I was hoping to at least save my configuration(and/or possibly create a few different custom scan templates) in the Custom Scan for future scans but that was also not an option.
I would gladly use the 5 presets and configure them to how I want them but its unfortunate there are no output options there to automatically append a scan to an existing file or create multiple files from a continuous scan.
So... 1) Can you create custom presets for scanning? 2) Is there a way to configure output options in the existing scan presets? Thanks!

Pavanmeet,
you have to set all activities in the workflow to "general task" as well, not only for WS12300111 itself (doubleclick on each symbol with the "triangle").
check the status of the sent leave request in transaction PTARQ (Display Documents). Here the "next agent" & the "pers. no" of the next agent is of interest.
logon with the user, that is saved in infotype 0105 of the above mentioned pers.no. there should be the approve request.
you can check the status of the workitems with SWI1 (i assume your system is prepared for workflows , check SWU3)
Message was edited by: Achim Hauck

Proxy upgrade from SP1 to SP5 doesn't work anymore for virus scanning.

Upgraded from SP1 to SP5 and the virus scanning updates no longer work. No changes have been made it is a complete carbon copy using the migrate button. No ip addresses have been altered nor has the ports been changed. I've tried SP2, 3 & 4 and they too fail with a 504 error log. I turned SP1 back on and it works first time.
If you can solve this I'll be so impressed because its driving me crazy. I've checked all config files and everything is as it should be.

Hi
This thread was interesting as I have many customer sites using virus scanning without any problems together with this proxy.. Some sites are really huge as well.
Can the author of this thread explain how the scanning that now refuse to work is done with the proxyserver... Through an API or as forwarded requests to another scanning proxy (trend micro etc.) or what ? Maybe this is done in some way I am not aware of. Then I am really interested in your problem.
We mostly use it "user->proxy->vscanner->site" where the proxy and the scanner often run at the same host. This in huge installations together with load balancers infront and behind.
/Per-Olov

Can't find virus scanning API JARs for J2EE application

Hello, dear WebAS experts.
There is an example usage code [in help.sap.com] for Virus Scan Provider usage but no mention which SAP WebAS JARs should be used to compile this example.
I have manually found three JARs by trial and error (under j2ee/cluster/server/bin) which I needed to compile the example, however I am kinda reluctant to copy them over into our build environment since I am not sure if these are official API JARs.
Also, there is nothing on the official WebAS API list.
If you could please point me to some official SDK I would really appreciate it.
Thanks!

The Deploytool for App Server 7 shipped after the App Server as a seperate download.
it is available here:
http://wwws.sun.com/software/download/products/3ec10b05.html
vbk

VSI error: The virus scan adatper load failed

Hi Team,
I am working on Configuration of the Virus Scan Interface in SRM ABAPServer.
As a first Step I tried configuring Virus Scan Adapter by keeping the
vssap.dll on the server location D:\usr\sap\SID\SYS\exe\uc\NTAMD64\.
When I start Virus Scan Adapter after configuration, its failing with
the follwoing error.
Could not start the engine of VSA_hostname. Error: "VSI error:
The virus scan adatper load failed."
We are on the latest kernel patch level
Can you please help into the issue.
REgards
Ponnusamy

Hello,
your problem is not related to SRM but to Basis Components: check OSS notes for Virus Scan Interface.
Regards.
Laurent.

CG36 - No virus scan profile is selected as the "default profile"

When running transaction CG36 - Import Reports, I'm getting this message in the job log:
"No virus scan profile is selected as the "default profile" VSCAN 034 I"
Do I have to set up a default profile for virus scan? I have never seen this error until recent upgrade. Is there a way to by pass this virus scan if we choose not to activate it?
Thanks!

I encountered the same problem during the CG36 transaction.
"Error during virus scan in file "...\usr\sap\.....\xixoxoxioxo.pdf" with Message class "CM_REPORT_IMP_EXP" 010 E
Job cancelled after system exception ERROR_MESSAGE.
This may be due to BASIS security level virus scan checks on the files being imported to the application server. Is BASIS assistance required on this or any workaround to bypass?
Thank you.

Msg server 5.2 virus scanning

Hello All,
I've evaluated NAI's uvscan for virus scanning on our mailserver. The testing went well. I was wondering if anyone is using uvscan in a production environment and if they're having good results. Also, I'd be interested in hearing about any reasons why I should not go with this product.
We're running iMS 5.2 hf1.21 on an E450/E250 Sun Cluster in failover mode. We are a medium size university with about 20k mailboxes.
thanks

We are currenlty using nai's virusscan on our mailserver. It works rather well, but just to warn you it adds quit a bit of load. For example if your cpu's are running at about 50% you may find that turning on virus scanning will raise them to 75% utilization. And then you have to deal with what happens when a new virus out break occurs. We just added another CPU and 2 GB of memory and the mail server keeps up much better with new viruses come out.

Configuring Virus Scan Service for KM in EP7.0 18

Dear gurus,
I did virus scan configurations in ep7.0 18 but I couldn't do the configurations in KM.
Is there a blog or document? All the blogs and documents are about Configuring Virus Scan Service for KM in EP 6.0.
Best regards
Tolga

Hi Tolga,
The configuration should be much the same, the only difference is that since SP13 you don't need to create profiles or groups any more, this is done automatically, you just need to activate two profiles in the AS Java. See the following link for more information:
http://help.sap.com/saphelp_nw70/helpdata/EN/b8/f5af401efd8f2ae10000000a155106/frameset.htm
Regards,
Lorcan.

Virus Scan for SAP XI , J2EE configuration

Hi Experts,
We have a virus scan interface NW-VSI provided by SAP. Different AV products are now producing and certifying for this and providing the Virus Scan Adapter and Virus scan engine integrated with SAP NW system.
We can use this to scan viruses. I have gone through so many documents for this.
Can any one please help me how can do this ?
A step by step guide or complete scenario will be very helpful.
We have installed McAfee antivirus in an other different server.
our requirement is before picking up the file by XI from FTP location , a virus scan should run.
Please help me how can I achive this and what are the requirements for this in J2EE engine side etc.
Thanks
Viny

Hi Vineet,
yes this can be possible. I have implemented this in our project.
you can have a look in to this -
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/f0096909-7121-2e10-ad89-8e08b609bf4b
Thanks
Sugata B Majumder

How to SCAN uploaded files for VIRUS in APEX

part 1:
Goal:
Do a virus scan of the uploaded file from APEX application prior to storing the file in custom tables.
The process:
Followed the document from www.developer.com:
Implementing an Anti-Virus File Scan in JEE Applications
By Vlad Kofman
Go to page: 1 2 3 Next
This article will discuss one of the ways to implement antivirus file scanning in Java, particular in the JEE applications. Viruses, Trojan Horses, and different malware and spyware are a real problem for current computer environments, and especially for the Windows operating system. If you are designing any application in Java that has a requirement to be able to upload external files, you have a potential security risk. By uploading, I mean any way to get the external file inside of the corporate firewall be it via HTTP protocol or any other means. It is quite common to have this type of requirement in an enterprise application and with Java being one of the most popular web development platforms, it is unfortunate that this type of gaping security risk is quite often overlooked.
Java's Development Kit (JDK) does not have any means to do the antivirus scan right out of the box. This is primarily because Java is a programming language, and does not have any virus scanning packages. Furthermore, anti-virus software is not Sun's area of expertise or business model. Developing this type of software (or Java package), and more importantly maintaining it, would be a huge task for Sun. Mainly because viruses are constantly evolving and keeping virus definitions up-to-date is a daunting task. Large companies such as McAffee, Symantec, or Zone Labs develop virus detecting and combating products and spend a lot of resources to maintain them.
Application Environment
To implement a virus file scan in Java, a third-party package needs to be used. For the purposes of this article, I will use Symantec Scan Engine (SSE) package, which comes with Java APIs. This package is an application that serves as a TCP/IP server and has a programming interface and enables Java applications to incorporate support for content scanning technologies. For this article, I used Symantec Scan Engine 5.1, which is available as a Unix or Windows install.
If you are using an anti-virus package from the different vendor, you will need to investigate what kind of APIs are available; however, the general approach should be similar. Also, note that my implementation can be used with JEE technology and any modern MVC framework such as Struts or Spring.
The architecture is as follows: A server machine needs to have SSE running at all times. This can be the same machine that hosts your Application Server, but in an enterprise environment this should be a different machine. The Default Port needs to be open through the firewall to allow communication with the scan engine. All JEE applications that need to do file scanning can talk to the SSE server machine through a default port. Also, multiple applications running on different application servers can re-use the same scanning server. For more information, you should refer to the Symantec Scan Engine (SSE) Installation Guide, available on the Symantec web site.
When an external file that needs to be scanned is sent to the SSE via its programming interface (Java APIs using the default port), before any other operation on the file is performed, the SSE returns a result code. For instance, a file is uploaded by an external user into the web email type application as an attachment; then, the SSE API is invoked by the application and the return code of pass or fail determines the outcome of the upload and whether that email can actually be sent. If you have an account on Yahoo mail, you probably have seen that Yahoo is using Norton Antivirus to scan all attachments, although no Java.
Click here for a larger image.
Figure 1: Screen shot from Yahoo
For details on the Scan Engine Server Installationm please see the Symantec Scan Engine (SSE) Implementation Guide from Symantec.
Here are some key things to remember about SSE:
•     Java 2 SE Runtime (JRE) 5.0 Update 6.0 or later must be installed on the server before the SSE installation is done.
•     After installation, verify that the Symantec Scan Engine daemon is running. At the Unix command prompt (if it's a Unix install), type the following command:
ps –ea | grep sym.
A list of processes similar to the following should appear:
o     5358 ? 0:00 symscan
o     5359 ? 0:00 symscan
If nothing is displayed the SSE process did not start.
If the SSE process did not start, type the following command to restart SSE:
/etc/init.d/symscan restart
•     Keeping the virus definition up to date is the most important task and if new updates are not installed, the whole scan becomes ineffective. Symantec automatically downloads the most current file definitions through LiveUpdate. Please make sure that firewall rules are in place to allow the host server to connect to the Symantec update service.
Project Setup
For the purposes of this article, I included a wrapper for the Symantec SSE APIs, av.jar, which has Symantec Java APIs and serves as a client to the SSE server and takes care of all communications with the server. Please refer to the download source section. The av.jar should be included in the Java CLASSPATH to work with the SSE. This jar contains a class called AVClient that takes care of actually sending the files to SSE as byte arrays and returning the result.
In my project setting, I added three variables to be accessed via the System.getProperty mechanism. For example:
AV_SERVER_HOST=192.168.1.150
AV_SERVER_PORT=1344
AV_SERVER_MODE=SCAN
The AV_SERVER_HOST is the host name or IP of the machine where Scan Engine is installed.
The AV_SERVER_PORT is the port where Scan Engine listens for incoming files.
The AV_SERVER_MODE is the scan mode which can be:
•     NOSCAN: No scanning will be done (any keyword that does not start with "SCAN" will result in ignoring the call to the Scan Engine and no files will be transferred for scanning).
•     SCAN: Files or the byte stream will be scanned, but the scan engine will not try to repair infections.
•     SCANREPAIR: Files will be scanned, the scan engine will try to repair infections, but nothing else will be done.
•     SCANREPAIRDELETE: Files will be scanned, the scan engine will try to repair infections, and irreparable files will be deleted.
Note: For the file stream (byte array) scanning, the only meaning full values are "SCAN" and "NOSCAN".
Using the SSE Scanning Java APIs
In any class where scan is required, call the scanning API provided in the AVClient object located in the av.jar. The AVClient object will establish connection to the Scan Engine server and has the following APIs:
Figure 2: The significant APIs for the communication with to the Scan Engine Server.
If scanning a file on the file system, in SCAN only mode, use the call that accepts filename only.
If scanning a file on the file system, with SCANREPAIR or SCANREPAIRDELETE, use the call that accepts input and output file names.
If scanning an in-memory file (byte array), use the call accepting byte array.
For example:
import com.av.*;
Initialize setup parameters:
static String avMode =
(System.getProperty("AV_SERVER_MODE") != null)
? (String) System.getProperty("AV_SERVER_MODE") : "NOSCAN";
static boolean scan = avMode.startsWith("SCAN");
static String avServer =
(String) System.getProperty("AV_SERVER_HOST");
static int avPort =
Integer.parseInt( (String) System.getProperty("AV_SERVER_PORT"));
Scan check example for an in-memory file byte array:
public void scanFile(byte[] fileBytes, String fileName)
throws IOException, Exception {
if (scan) {
AVClient avc = new AVClient(avServer, avPort, avMode);
if (avc.scanfile(fileName, fileBytes) == -1) {
throw new VirusException("WARNING: A virus was detected in
your attachment: " + fileName + "<br>Please scan
your system with the latest antivirus software with
updated virus definitions and try again.");
Note that if you are using this code inside of the MVC handler, you can throw a custom VirusException and check for it in the calling method and perform any necessary cleanup. I have included the class in the AV Jar as well.
For example:
catch (Exception ex) {
logger.error(ex);
if (ex instanceof VirusException) {
// do something here
else {
// there was some other error – handle it
For more details on the Scan Engine Client API, please see Symantec Scan Engine Software Developers Guide.
Continuation in part2

part 4:
c)     Clienttester.java – This is the gui app set to test if the configuration is working or not. This gui uses the method scanfile(inputfile, outputfile) as you can see the result in the outputpane of the jframe.
* clienttester.java
* Created on April 12, 2005, 2:37 PM
* @author george_maculley
package com.av;
import java.io.*;
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
public class clienttester
implements ActionListener {
// private String ipaddress = "127.0.0.1";
private String ipaddress = "199.209.150.58";
//private String ipaddress = "192.168.0.55";
static JFrame frame;
JFileChooser chooser = new JFileChooser();
TextField pathtofile = new TextField(System.getProperty("user.home"), 30);
// TextField pathtooutfile= new TextField(System.getProperty("user.home"),30);
private int port = 1344;
JButton filechooser = new JButton("Browse to file"); ;
private String originalfilename;
private String outputfilename;
JButton scanbutton = new JButton("Scan");
TextArea outputarea = new TextArea(20, 40);
TextField iptext = new TextField("127.0.0.1", 16);
TextField porttext = new TextField("1344", 5);
AVClient mine;
JRadioButton choosescan = new JRadioButton("SCAN");
// JRadioButton choosedelete= new JRadioButton("SCANREPAIRDELETE");
/** Creates a new instance of gui */
public clienttester() {
public clienttester(java.lang.String ip, java.lang.String infile, java.lang.String outfile, int port) {
this.ipaddress = ip;
this.port = port;
this.originalfilename = infile;
this.outputfilename = outfile;
boolean setValues(java.lang.String ip, java.lang.String infile, java.lang.String outfile, int port) {
this.ipaddress = ip;
this.port = port;
this.originalfilename = infile;
this.outputfilename = outfile;
return (true);
public void actionPerformed(java.awt.event.ActionEvent actionEvent) {
JComponent c = (JComponent) actionEvent.getSource();
if (c == filechooser) {
int retval = chooser.showDialog(frame, null);
if (retval == JFileChooser.APPROVE_OPTION) {
File theFile = chooser.getSelectedFile();
if (theFile != null) {
pathtofile.setText(theFile.getPath());
// pathtooutfile.setText(theFile.getPath());
JOptionPane.showMessageDialog(frame, "You chose this file: " + theFile.getPath());
if (c == scanbutton) {
//return object that can be passed to AVClient
String policy;
int thisport;
int scanresult;
String thisip;
String inputfile;
String outputfile;
outputarea.append("Server: " + iptext.getText() + "\r\n");
if (choosescan.isSelected()) {
policy = "SCAN";
else {
policy = "SCANREPAIRDELETE";
thisport = new Integer(porttext.getText()).intValue();
thisip = iptext.getText();
//mine= new AVClient(iptext.getText(),porttext.getText(),policy);
mine = new AVClient(iptext.getText(), thisport, policy);
if (mine.test() == 1) {
outputarea.append("Sorry. Incorrect parameters specified.\r\n");
System.exit(1);
else {
outputarea.append("Connection to SAVSE initialized.\r\n");
inputfile = pathtofile.getText();
// outputfile=pathtooutfile.getText();
outputfile = "/tmp";
outputarea.append("Scanning file " + inputfile + " \r\n");
if (policy == "SCAN") {
scanresult = mine.scanfile(inputfile);
else {
scanresult = mine.scanfile(inputfile, outputfile);
if (scanresult == 0) {
outputarea.append("File is clean.\r\n");
else if (scanresult == -1) {
outputarea.append("File is infected. \r\n");
else {
outputarea.append("Scan error.\r\n");
void display() {
Frame f = new Frame("SAVSE JAVA ICAP Client");
f.setLayout(new GridLayout(1, 2));
JPanel lpanel = new JPanel(new GridLayout(7, 1));
JPanel ippanel = new JPanel();
JPanel portpanel = new JPanel();
JPanel rpanel = new JPanel();
JPanel outputpanel = new JPanel();
JPanel buttonpanel = new JPanel();
JPanel pathpanel = new JPanel();
// JPanel outpathpanel= new JPanel();
JPanel policypanel = new JPanel();
ButtonGroup policygroup = new ButtonGroup();
filechooser.addActionListener(this);
scanbutton.addActionListener(this);
choosescan.setSelected(true);
policygroup.add(choosescan);
// policygroup.add(choosedelete);
buttonpanel.setBorder(BorderFactory.createTitledBorder("Scan Policy"));
buttonpanel.add(choosescan);
// buttonpanel.add(choosedelete);
pathpanel.setBorder(BorderFactory.createTitledBorder("Path to File"));
pathpanel.add(pathtofile);
f.setSize(new Dimension(650, 400));
f.setBackground(Color.white);
f.setResizable(true);
ippanel.setBorder(BorderFactory.createTitledBorder("SAVSE IP Address"));
ippanel.add(iptext);
outputpanel.setBorder(BorderFactory.createTitledBorder("OUTPUT"));
outputpanel.add(outputarea);
portpanel.setBorder(BorderFactory.createTitledBorder("ICAP Port"));
portpanel.add(porttext);
// outpathpanel.setBorder(BorderFactory.createTitledBorder("Path to Repair File"));
// outpathpanel.add(pathtooutfile);
lpanel.add(ippanel);
rpanel.add(outputpanel);
lpanel.add(portpanel);
lpanel.add(buttonpanel);
lpanel.add(pathpanel);
// lpanel.add(outpathpanel);
lpanel.add(filechooser);
lpanel.add(scanbutton);
f.add(lpanel);
f.add(rpanel);
f.setVisible(true);
public static void main(String[] args) {
clienttester g = new clienttester();
g.display();
d)     my2.java – This is the class file I wrote to test that I am able to send a file and scan it and see the output in the JDEVELOPER. In this case the file is stored on the filesystem of the client machine. JDEVELOPER should be able to see the file.
NOTE:
“EICAR.com” is the test file downloaded from Symantec site to test a non malicious virus file. I n order to be able to test it like this, the Antivirus program running on your machine should be disabled, or else Antivirus will kick in and delete the file. In the first place you will not be able to download the test virus file either with anti virus running on the machine you are downloading to.
package com.av;
import java.io.*;
public class my2 {
static int my_return = 0;
* @param fileBytes
* @param fileName
* @return
public static int scanfile(String fileName){
String avMode = "SCAN";
boolean scan = avMode.startsWith("SCAN");
String avServer = "xx";--avserver ip address
int avPort = 1344;
int the_return = 0;
if (scan) {
AVClient avc = new AVClient(avServer,avPort,avMode);
the_return = avc.scanfile(fileName);
if (the_return == -1) {
return (the_return);
} else
return (the_return);
//my_return = the_return;
return (the_return);
public static void main(String[] args) throws Exception {
System.out.println("Hi there in Main");
byte[] b1 = new byte[4];
b1[1] = 68;
my_return = scanfile("c:\\eicar.com");
System.out.println(my_return);
e)     Then finally we have my1.JAVA, which takes the filename, and it’s contents in the bytes form and scans the file. The reason for this method is we are not storing the file on the filesystem, it is read into the memory and only if it is clean, it is put into the database or else notify the user.
package com.av;
import java.io.*;
public class my1 {
static int my_return = 0;
static int a_length = 0;
* @param fileBytes
* @param fileName
* @return
public static int scanfile(String fileName,byte[] fileBytes) throws IOException {
String avMode = "SCAN";
boolean scan = avMode.startsWith("SCAN");
String avServer = "xxx";--avserver’s ip address
int avPort = 1344;
int the_return = 0;
if (scan) {
AVClient avc = new AVClient(avServer,avPort,avMode);
// File file = new File(fileName) ;
//byte[] fBytes = getBytesFromFile(file);
the_return = avc.scanfile(fileName, fileBytes);
if (the_return == -1) {
return (the_return);
} else
{return (the_return);}
my_return = the_return;
return (the_return);
// Returns the contents of the file in a byte array.
* @param file
* @return
* @throws IOException
public static byte[] getBytesFromFile(File file) throws IOException {
InputStream is = new FileInputStream(file);
// Get the size of the file
long length = file.length();
// You cannot create an array using a long type.
// It needs to be an int type.
// Before converting to an int type, check
// to ensure that file is not larger than Integer.MAX_VALUE.
if (length > Integer.MAX_VALUE) {
// File is too large
// Create the byte array to hold the data
byte[] bytes = new byte[(int)length];
// Read in the bytes
int offset = 0;
int numRead = 0;
while (offset < bytes.length
&& (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) {
offset += numRead;
// Ensure all the bytes have been read in
if (offset < bytes.length) {
throw new IOException("Could not completely read file "+file.getName());
// Close the input stream and return bytes
is.close();
return bytes;
// public static void main(String[] args) throws Exception {
//System.out.println("Hi there in Main");
// File file = new File() ;
// byte[] b1 = getBytesFromFile(file);
//System.out.println(b1);
// my_return = scanfile(,b1);
//System.out.println(my_return); }
Finally , you have the exceptions file,
e) package com.av;
public class VirusException
extends Exception {
public VirusException() {
super();
public VirusException(String text) {
super(text);
Once you have all these classes, you can use JDEVELOPER , to load these classes into the database: This is as follows:
Right click on the project, which has all these classes.
NEW -> deployment profiles -> load java and stored procedures.
When you are created deployment profile, you have to specify,
Loadjava options.
-f, -v (check the check boxes)
Under privileges:
-s – specify database schema these classes are loaded into
-s – create sysnonym check box
-g – grant to public or any specific users per your policy.
Under Resolver,
-r and –o (check the check boxes)
I accepted the default name storedproc1. Then you right click on the storedproc1.deploy, deploy to whichever database connection you created.
And then, In order to access this java class we need a pl/sql wrapper as follows:
create or replace package my1 is
function mycheck (pfilename in varchar2, psize in number)
return number;
end my1;
create or replace package body my1 is
     function mycheck (pfilename in varchar2, psize in number)
return number is
language java
     name 'com.av.my1.scanfile(java.lang.String, byte[]) return int';
     end my1;
And the code is invoked from sql plus as follows:
Select my1.mycheck(“filename”, “filebytes”) from dual;
One important catch in the above method is to send the filename and filecontents in bytes form. In order to send the file contents as filebytes, you will need another java class and load into the data base as described above.
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
* This program demonstrates how to read a file into a byte array. This method
* reads the entire contents of the file into a byte array.
* @version 1.0
* @author Jeffrey M. Hunter ([email protected])
* @author http://www.idevelopment.info
public class ReadFileIntoByteArray {
* method to convert a byte to a hex string.
* @param data the byte to convert
* @return String the converted byte
public static String byteToHex(byte data) {
StringBuffer buf = new StringBuffer();
buf.append(toHexChar((data >>> 4) & 0x0F));
buf.append(toHexChar(data & 0x0F));
return buf.toString();
* Convenience method to convert an int to a hex char.
* @param i the int to convert
* @return char the converted char
public static char toHexChar(int i) {
if ((0 <= i) && (i <= 9)) {
return (char) ('0' + i);
} else {
return (char) ('a' + (i - 10));
* Returns the contents of the file in a byte array
* @param file File this method should read
* @return byte[] Returns a byte[] array of the contents of the file
private static byte[] getBytesFromFile(File file) throws IOException {
InputStream is = new FileInputStream(file);
System.out.println("\nDEBUG: FileInputStream is " + file);
// Get the size of the file
long length = file.length();
System.out.println("DEBUG: Length of " + file + " is " + length + "\n");
* You cannot create an array using a long type. It needs to be an int
* type. Before converting to an int type, check to ensure that file is
* not loarger than Integer.MAX_VALUE;
if (length > Integer.MAX_VALUE) {
System.out.println("File is too large to process");
return null;
// Create the byte array to hold the data
byte[] bytes = new byte[(int)length];
// Read in the bytes
int offset = 0;
int numRead = 0;
while ( (offset < bytes.length)
( (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) ) {
offset += numRead;
// Ensure all the bytes have been read in
if (offset < bytes.length) {
throw new IOException("Could not completely read file " + file.getName());
is.close();
return bytes;
* @param filename
public static byte[] chk_file(String filename) {
byte[] fileArray = null;
try {
fileArray = getBytesFromFile(new File( filename));
} catch (IOException e) {
e.printStackTrace();
if (fileArray != null) {
for (int i=0; i<fileArray.length; i++) {
System.out.println(
"fileArray[" + i + "] = " +
((int)fileArray[i] < 9 ? " " : "") +
( ((int)fileArray[i] > 9 && (int)fileArray[i] <= 99) ? " " : "") +
fileArray[i] + " : " +
" HEX=(0x" + byteToHex(fileArray) + ") : " +
" charValue=(" + (char)fileArray[i] + ")");
return fileArray;
* Sole entry point to the class and application.
* @param args Array of String arguments.
public static void main(String[] args) {
byte[] fileArray = null;
try {
fileArray = getBytesFromFile(new File("c:\\eicar.com"));
} catch (IOException e) {
e.printStackTrace();
if (fileArray != null) {
for (int i=0; i<fileArray.length; i++) {
System.out.println(
"fileArray[" + i + "] = " +
((int)fileArray[i] < 9 ? " " : "") +
( ((int)fileArray[i] > 9 && (int)fileArray[i] <= 99) ? " " : "") +
fileArray[i] + " : " +
" HEX=(0x" + byteToHex(fileArray[i]) + ") : " +
" charValue=(" + (char)fileArray[i] + ")");
Having main method helps you to run the file in JDEVELOPER or using JAVA.
DO not forget to load this class into the database.
And you create the pl/sql wrapper again as follows:
create or replace FUNCTION TOBY (pfilename in varchar2) RETURN VARCHAR2 iS
language java name
'ReadFileIntoByteArray.chk_file(java.lang.String) return byte[]';
And you call the function from sqlplus as follows:
Sql>Set serveroutput on size 20000;
Sql> call dbms_java.set_output(20000);
Sql> Select toby(“filename”) from dual; --
this file should be accessible, I mean you will not be able to send a file on your pc, from sql plus as sql/plus is running on your db server.
You will be able to see the output in sql plus:
If you are running it from the APEX:
When we use file browser widget from APEX, the file is stored in APEX_APPLICATION_FILES table. And we retrieve that into a variable and pass this variable to the function as follows:
DECLARE
scan_failed EXCEPTION;
x varchar2(400);
z number;
BEGIN
select filename into x from wwv_flow_files where name = :P1_FILE_NAME;
select my1.mycheck(x,toby(x)) into z from dual;
if z = 0 then
:P1_SUBJECT:= 'PASSED';
else
:P1_SUBJECT:= 'FAILED';
end if;
:P1_SCAN_RESULT := '** Scanning File **';
IF UPPER(:P1_SUBJECT) = 'PASSED' THEN
BEGIN
:P1_SCAN_FLAG := 'PASSED';
:P1_SCAN_RESULT := :P1_SCAN_RESULT || ' ** File passed scan **';
END;
ELSIF UPPER(:P1_SUBJECT) = 'FAILED' THEN
BEGIN
:P1_SCAN_FLAG := 'FAILED';
:P1_SCAN_RESULT := :P1_SCAN_RESULT || ' ** File failed scan **';
END;
ELSE
BEGIN
:P1_SCAN_FLAG := 'UNKNOWN';
:P1_SCAN_RESULT := :P1_SCAN_RESULT || ' ** Scan Is Not Conclussive **';
END;
END IF;
--IF :P1_SCAN_FLAG = 'FAILED'
-- THEN RAISE scan_failed;
--END IF;
EXCEPTION
WHEN OTHERS THEN
DELETE from APEX_APPLICATION_FILES WHERE name = :P1_FILE_NAME;
RAISE_APPLICATION_ERROR (-20000, 'seb OTHERS error encountered - file upload not allowed. Possible virus detected !');
raise;
END;
ACKNOWLEDMENTS:
1) JOHN SCOTT – who suggested this ICAP API in one of the threads which is my initial starting point in this direction.
2) VLAD KOFMAN who wrote the article on WWW.DEVELOPER.com
3) Mr. KIRAN –One of the engineers from Metalink, who helped me at every step of getting this java programs and pl/sql wrappers working. But for him, I would have not completed my project.

ClamAV fails to scan for viruses in emails [CLAWS MAIL]

I've recently switched from Thunderbird to Claws Mail and ran into one small, but annoying, problem.
I want to use ClamAV + the clamav extension for claws mail to scan for viruses, however it does seem to have permission problems.
clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
Scanning error:
/home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
Here's my clamd.conf:
## Please read the clamd.conf(5) manual before editing this file.
# Comment or remove the line below.
#Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamav/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
# Default: no
LogTime yes
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes
# Use system logger (can work together with LogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Log additional information about the infected file, such as its
# size and hash, together with the virus name.
#ExtendedDetectionInfo yes
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
TemporaryDirectory /tmp
# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav
# Only load the official signatures published by the ClamAV project.
# Default: no
OfficialDatabaseOnly yes
# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/lib/clamav/clamd.sock
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
LocalSocketGroup clamav
# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
#LocalSocketMode 660
# Remove stale socket after unclean shutdown.
# Default: yes
#FixStaleSocket yes
# TCP port address.
# Default: no
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 200
#MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 25M
#StreamMaxLength 10M
# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000
# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20
# Waiting for data from a client socket will timeout after this time (seconds).
# Default: 120
#ReadTimeout 300
# This option specifies the time (in seconds) after which clamd should
# timeout if a client doesn't provide any initial command after connecting.
# Default: 5
#CommandReadTimeout 5
# This option specifies how long to wait (in miliseconds) if the send buffer is full.
# Keep this value low to prevent clamd hanging
# Default: 500
#SendBufTimeout 200
# Maximum number of queued items (including those being processed by MaxThreads threads)
# It is recommended to have this value at least twice MaxThreads if possible.
# WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
# the following condition should hold:
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
# Default: 100
#MaxQueue 200
# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60
# Don't scan files and directories matching regex
# This directive can be used multiple times
# Default: scan all
#ExcludePath ^/proc/
#ExcludePath ^/sys/
# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes
# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes
# Scan files and directories on other filesystems.
# Default: yes
#CrossFilesystems yes
# Perform a database check.
# Default: 600 (10 min)
#SelfCheck 600
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
User clamav
# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes
# Detect Possibly Unwanted Applications.
# Default: no
#DetectPUA yes
# Exclude a specific PUA category. This directive can be used multiple times.
# See http://www.clamav.net/support/pua for the complete list of PUA
# categories.
# Default: Load all categories (if DetectPUA is activated)
#ExcludePUA NetTool
#ExcludePUA PWTool
# Only include a specific PUA category. This directive can be used multiple
# times.
# Default: Load all categories (if DetectPUA is activated)
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes
## Executable files
# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite. If you turn off this option, the original files will still be
# scanned, but without additional processing.
# Default: yes
#ScanPE yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanELF yes
# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes
## Documents
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanOLE2 yes
# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros no
# This option enables scanning within PDF files.
# If you turn off this option, the original files will still be scanned, but
# without decoding and additional processing.
# Default: yes
#ScanPDF yes
## Mail files
# Enable internal e-mail scanner.
# If you turn off this option, the original files will still be scanned, but
# without parsing individual messages/attachments.
# Default: yes
#ScanMail yes
# Scan RFC1341 messages split over many emails.
# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: no
#ScanPartialMessages yes
# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes
# Scan URLs found in mails for phishing attempts using heuristics.
# Default: yes
#PhishingScanURLs yes
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
# Default: no
#PhishingAlwaysBlockSSLMismatch no
# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
# Default: no
#PhishingAlwaysBlockCloak no
# Allow heuristic match to take precedence.
# When enabled, if a heuristic scan (such as phishingScan) detects
# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
# scan-time.
# When disabled, virus/phish detected by heuristic scans will be reported only at
# the end of a scan. If an archive contains both a heuristically detected
# virus/phish, and a real malware, the real malware will be reported
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
# differently from "real" malware.
# If a non-heuristically-detected virus (signature-based) is found first,
# the scan is interrupted immediately, regardless of this config option.
# Default: no
#HeuristicScanPrecedence yes
## Data Loss Prevention (DLP)
# Enable the DLP module
# Default: No
#StructuredDataDetection yes
# This option sets the lowest number of Credit Card numbers found in a file
# to generate a detect.
# Default: 3
#StructuredMinCreditCardCount 5
# This option sets the lowest number of Social Security Numbers found
# in a file to generate a detect.
# Default: 3
#StructuredMinSSNCount 5
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxx-yy-zzzz
# Default: yes
#StructuredSSNFormatNormal yes
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxxyyzzzz
# Default: no
#StructuredSSNFormatStripped yes
## HTML
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
#ScanHTML yes
## Archives
# ClamAV can scan within archives and compressed files.
# If you turn off this option, the original files will still be scanned, but
# without unpacking and additional processing.
# Default: yes
#ScanArchive yes
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no
## Limits
# The options below protect your system against Denial of Service attacks
# using archive bombs.
# This option sets the maximum amount of data to be scanned for each input file.
# Archives and other containers are recursively extracted and scanned up to this
# value.
# Value of 0 disables the limit
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 100M
#MaxScanSize 150M
# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Note: setting this limit too high may result in severe damage to the system.
# Default: 16
#MaxRecursion 10
# Number of files to be scanned within an archive, a document, or any other
# container file.
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10000
#MaxFiles 15000
## Clamuko settings
# Enable Clamuko. Dazuko must be configured and running. Clamuko supports
# both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
# is the preferred option. For more information please visit www.dazuko.org
# Default: no
#ClamukoScanOnAccess yes
# The number of scanner threads that will be started (DazukoFS only).
# Having multiple scanner threads allows Clamuko to serve multiple
# processes simultaneously. This is particularly beneficial on SMP machines.
# Default: 3
#ClamukoScannerCount 3
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M
# Set access mask for Clamuko (Dazuko only).
# Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes
# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line. (Dazuko only)
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
# Default: disabled
#ClamukoExcludePath /home/bofh
# With this option you can whitelist specific UIDs. Processes with these UIDs
# will be able to access all files.
# This option can be used multiple times (one per line).
# Default: disabled
#ClamukoExcludeUID 0
# With this option enabled ClamAV will load bytecode from the database.
# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
# Default: yes
#Bytecode yes
# Set bytecode security level.
# Possible values:
# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
# This value is only available if clamav was built with --enable-debug!
# TrustSigned - trust bytecode loaded from signed .c[lv]d files,
# insert runtime safety checks for bytecode loaded from other sources
# Paranoid - don't trust any bytecode, insert runtime checks for all
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
# Note that by default only signed bytecode is loaded, currently you can only
# load unsigned bytecode in --enable-debug mode.
# Default: TrustSigned
#BytecodeSecurity TrustSigned
# Set bytecode timeout in miliseconds.
# Default: 5000
# BytecodeTimeout 1000
My freshclam.conf:
## Please read the freshclam.conf(5) manual before editing this file.
# Comment or remove the line below.
#Example
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav
# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/clamav/freshclam.log
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
# Default: no
#LogTime yes
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Use system logger (can work together with UpdateLogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# This option allows you to save the process identifier of the daemon
# Default: disabled
#PidFile /var/run/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
#DatabaseOwner clamav
# Initialize supplementary group access (freshclam must be started by root).
# Default: no
#AllowSupplementaryGroups yes
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
# WARNING: Do not touch it unless you're configuring freshclam to use your
# own database verification domain.
# Default: current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# You can use db.XY.ipv6.clamav.net for IPv6 connections.
#DatabaseMirror db.XY.clamav.net
# database.clamav.net is a round-robin record which points to our most
# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
# not working. DO NOT TOUCH the following line unless you know what you
# are doing.
DatabaseMirror database.clamav.net
# How many attempts to make before giving up.
# Default: 3 (per mirror)
#MaxAttempts 5
# With this option you can control scripted updates. It's highly recommended
# to keep it enabled.
# Default: yes
#ScriptedUpdates yes
# By default freshclam will keep the local databases (.cld) uncompressed to
# make their handling faster. With this option you can enable the compression;
# the change will take effect with the next database update.
# Default: no
#CompressLocalDatabase no
# With this option you can provide custom sources (http:// or file://) for
# database files. This option can be used multiple times.
# Default: no custom URLs
#DatabaseCustomURL http://myserver.com/mysigs.ndb
#DatabaseCustomURL file:///mnt/nfs/local.hdb
# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24
# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd
# Send the RELOAD command to clamd.
# Default: no
NotifyClamd /etc/clamav/clamd.conf
# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command
# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command
# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Timeout in seconds when connecting to database server.
# Default: 30
#ConnectTimeout 60
# Timeout in seconds when reading from database server.
# Default: 30
#ReceiveTimeout 60
# With this option enabled, freshclam will attempt to load new
# databases into memory to make sure they are properly handled
# by libclamav before replacing the old ones.
# Default: yes
#TestDatabases yes
# When enabled freshclam will submit statistics to the ClamAV Project about
# the latest virus detections in your environment. The ClamAV maintainers
# will then use this data to determine what types of malware are the most
# detected in the field and in what geographic area they are.
# Freshclam will connect to clamd in order to get recent statistics.
# Default: no
#SubmitDetectionStats /path/to/clamd.conf
# Country of origin of malware/detection statistics (for statistical
# purposes only). The statistics collector at ClamAV.net will look up
# your IP address to determine the geographical origin of the malware
# reported by your installation. If this installation is mainly used to
# scan data which comes from a different location, please enable this
# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
# of the country of origin.
# Default: disabled
#DetectionStatsCountry country-code
# This option enables support for our "Personal Statistics" service.
# When this option is enabled, the information on malware detected by
# your clamd installation is made available to you through our website.
# To get your HostID, log on http://www.stats.clamav.net and add a new
# host to your host list. Once you have the HostID, uncomment this option
# and paste the HostID here. As soon as your freshclam starts submitting
# information to our stats collecting service, you will be able to view
# the statistics of this clamd installation by logging into
# http://www.stats.clamav.net with the same credentials you used to
# generate the HostID. For more information refer to:
# http://www.clamav.net/support/faq/faq-cctts/
# This feature requires SubmitDetectionStats to be enabled.
# Default: disabled
#DetectionStatsHostID unique-id
# This option enables support for Google Safe Browsing. When activated for
# the first time, freshclam will download a new database file (safebrowsing.cvd)
# which will be automatically loaded by clamd and clamscan during the next
# reload, provided that the heuristic phishing detection is turned on. This
# database includes information about websites that may be phishing sites or
# possible sources of malware. When using this option, it's mandatory to run
# freshclam at least every 30 minutes.
# Freshclam uses the ClamAV's mirror infrastructure to distribute the
# database and its updates but all the contents are provided under Google's
# terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
# and http://safebrowsing.clamav.net for more information.
# Default: disabled
#SafeBrowsing yes
# This option enables downloading of bytecode.cvd, which includes additional
# detection mechanisms and improvements to the ClamAV engine.
# Default: enabled
#Bytecode yes
# Download an additional 3rd party signature database distributed through
# the ClamAV mirrors. Here you can find a list of available databases:
# http://www.clamav.net/download/cvd/3rdparty
# This option can be used multiple times.
#ExtraDatabase dbname1
#ExtraDatabase dbname2
Any help is much appreciated.

MatejLach wrote:
clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
Scanning error:
/home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane.

Scanning an uploaded file for viruses

Hi All,
I want scan an uploaded file for viruses.i there is any JAVA API where i can connect to Scan engine.
i have gone through the Symantic scan engine. where it provides the ICAP protocol to communicate with ScanEngine but i dont know how to communicate with that using java.
Please help me out with this.....
Thanks In Advance

Raghavendra_LR wrote:
Hi All,
I want scan an uploaded file for viruses.i there is any JAVA API where i can connect to Scan engine.
i have gone through the Symantic scan engine. where it provides the ICAP protocol to communicate with ScanEngine but i dont know how to communicate with that using java.
Well buddy i'm afraid there are no good open source solutions available for this however,we have commercial solutions provided by respective vendors.
[http://www.ciao.co.uk/McAfee_E_Business_Server_Java_API_Complete_package__5529793]
or the below provided a Java client / Local SDK libraries for which supports number of anti-virus softwares
[http://www.opswat.com/oesislocal.shtml ]
Hope that helps :)
REGARDS,
RaHuL

Virus Scan for KM

HI all,
i am configuring the Virus Scan for KM.
i downloaded the VS Adapter from the SAP and created group,providers and profile in the visual admin.
i checked in <server_name>:<serverpot>vscantest its working fine.
but i could view that services in the KM Framework. can anybody help me for this.
helpful answer will appreciated.
regards,
Kathiresan R

Hi
You can find the Virus scan services in Content Admin->KM content->Toolbox->Reports.Here You will find the Virus scan service with which You can scan the reports and can schedule the scanning.
Hope This Helps.
Regards
Hussain.

Scan emails for Viruses

We are looking into replacing Forefront Protection for Exchange with a 3rd party appliance that scans emails at the gateway for viruses and spam.
My one concern is that FPE scanned emails internally as well and this solution wouldn't address that.
On the clients, we currently use System Center 2012 Endpoint Protection and by default email scanning is disabled.
Is this something we should enable when we migrate away from FPE?
Heath

Hi,
Based on my understanding, if you wanted to prevent FPE from scanning emails, you can configure FPE to disable or bypass transport scanning of all e-mail messages. In addition, after you disable transport scanning, you need to stop and then
start the Exchange Transport service in order for changes to this setting to take effect. For more detailed information, please refer to the link below:
Configuring the transport scan
Best regards,
Susie

Configure ICAP in ORDS for virus scan

Similar Messages

Maybe you are looking for