Viruses and Java

Discussions

Performance and scalability: Viruses and Java

  1. Viruses and Java (10 messages)

    Hello All Experts,

    Though my question is about Viruses , but I use this forum extensively and so thought that I shud b asking this question here.

    Well , I have made an application using servlets.
    The application supports uploading and downloading of .DOC files. I have used the Jakarta Commons FileUpload tool to accomplish this.

    Now the question is , "Is there any way to impose a check for viruses on the uploaded file during uploading ?

    I've seen Yahoo do it while attaching files...it uses Norton Scan...BUT HOW ??

    Any suggessions will be appreciated.

    Thanx alot.

    Threaded Messages (10)

  2. Few Thoughts[ Go to top ]

    Hi,

    I never tried it myself however I am putting few thoughts which might help you.

    1. You need to look for Antivirus package that provides Java APIs to invoke their functionality. There must be Antivirus software that can scan Java Stream for the virus infect.

    2. Alternatively you store file in a particular folder with a specific name and invoke command line exe to look for virus in the document. You can redirect the output to a separate file, whcih you will be continuously polling.

    3. Another possibility is to write a COM component that will load the Antivirus ActiveX control in the memory and will accept your java request in form of Doc's full path and will return you back the result of the scanning. You can use JAVA-COM bridge to access these features.

    To me except first method, rest are not scalable methods.

    So your choice has to be based on your requirement ie. How many uploads are you expecting through your website.

    Another way to do this is to write a WebService in .Net which will access the functionality of Antivirus component and you can invoke this webservice using your Servlet.

    Hope this will help.

    Cheers,
    Shiv
  3. Few Thoughts[ Go to top ]

    McAfee has an API. Othere so as well. They are a bit $$$$. If you have a low userbase I would consider the system command. (of course abstracting this so you could drop in the MCAfee API if needed)

    Another approach is to enable real-time file system protection, Symantic has this option, it will scan the file as soon as it hits the disk.
  4. Few Thoughts[ Go to top ]

    Another approach is to enable real-time file system protection, Symantic has this option, it will scan the file as soon as it hits the disk.
    Any self-respecting AV tool has that :)
    Trick is getting the process automated to such an extent that the servlet can detect the virus detection/removal and take appropriate action.
  5. Hi,
    I have see your message that McAfee has an interface for recieving a call for AntiVirus Check, can you please let me know if it is a Java API or not and which product of McAFee got this API interface.
  6. I think what you need is Internet Gateway like this one from Mcafee...

    http://www.mcafeesecurity.com/uk/local_content/datasheets/ds_webshield_appliances.pdf

    I think it can scan for virus on incoming files that uses HTTP, then redirect to a "Virus detected page" if virus is found.
  7. Few Thoughts[ Go to top ]

    As another poster mentioned, there isn't a silver bullet that you can use to scan for viruses. You'd ultimately have to rely on native interfaces, Runtime.exec() (and examining return values redirected to a file most always) or ActiveX wrapper over the Anti-virus executable.

    Have a look at http://sourceforge.net/projects/openantivirus/. The project is in beta stage, so it'd not be production quality yet, but it should get you started.
  8. Viruses and Java -- Help[ Go to top ]

    Hi Sherbirand rest of great experts,

    I was wondering if you have been able to find the solution, I would like to know about that. As I am also facing the similar problem. If you can reply back to me at dvishnoid at yahoo dot com will be erally nice.

    I went through the answers , but I am unable to find any such APIs, also how does one call a 'C' executable Like scan.exe and handels all the I/O issues in java programme.


    Thankyou
    Dushyant
  9. Scanning uploaded files[ Go to top ]

    Hi Sherbirand rest of great experts,I was wondering if you have been able to find the solution, I would like to know about that. As I am also facing the similar problem. If you can reply back to me at dvishnoid at yahoo dot com will be erally nice.I went through the answers , but I am unable to find any such APIs, also how does one call a 'C' executable Like scan.exe and handels all the I/O issues in java programme.ThankyouDushyant
  10. Scanning uploaded files[ Go to top ]

    PLease find the programme, I used command line scanner.

    For mul;itiple file scanning
    *************************************


    import java.io.BufferedReader;
    import java.io.FileReader;
    import java.util.HashMap;
    import java.util.Map;


    public class MultiScan {

    /**
    *
    *
    */

    public Map performScan(String dir, String file) {

    StringBuffer command = null;
    dir = dir.replace('/','
    ');
    StringBuffer outputFile = new StringBuffer(dir).append(file).append("virusOutput.txt");

    if (CommonUtils.isWindows()) {
    command = new StringBuffer("C:\\apps\\ecorp\\virusScan
    SCAN.EXE ");
    command.append(dir).append(file).append(" /del /badlist ").append(outputFile);
    }
    else
    {
    command= new StringBuffer("/apps/ecorp/virusScan/./uvscan ");
    command.append(dir).append(file).append(" --delete --badlist ").append(outputFile);
    }

    try {

    Runtime rt = Runtime.getRuntime();
    //System.out.println(command.toString());
    Process proc = rt.exec(command.toString());//executing the virus scan by cmd line
    proc.waitFor();
    }catch(Exception e) {
    e.printStackTrace();
    }

    if (FileUtils.isFilePresent(outputFile.toString()))
    return getInfectedFilesList(outputFile.toString());
    else
    return null;

    }

    private Map getInfectedFilesList(String file) {
    Map m = new HashMap();
    BufferedReader br = null;
    String line=null;
    String fileName = null;
    String lastIndexOf = CommonUtils.isWindows() ? "
    " : "/";
    try {

    br = new BufferedReader(new FileReader(file));
    while ( (line = br.readLine()) != null)
    {
    line=line.trim();
    fileName = (line.substring(line.lastIndexOf(lastIndexOf)+1,line.indexOf("... F"))).trim();
    m.put(fileName,fileName);
    }
    }
    catch(Exception e) {
    }

    if (m.size() == 0)
    m = null;

    return m;

    }

    }
    *********************************************
    for single file scanning



    ******************************


    import gov.dti.sos.ecorp.beans.*;
    import gov.dti.sos.ecorp.utils.*;

    import java.util.*;
    import java.io.*;



    public class Scan
    {

    public Scan()
    {

    }

    public Scan(String pdf_f0,String virus_f1)
    {

    }


    //function

    public boolean commandEcecute(String pdffilename,String virusoutput)

           {
    ELog elog = (ELog)ELog.getLogger(DuffsConstants.WEB_LOGGER);

            String command = null;
            String commandAppend1 = null;
            String commandAppend2 = null;
            InputStream is=null;
    OutputStream os=null;
    BufferedReader br=null;
    InputStreamReader isr=null;
    PrintWriter pw = null;
    FileOutputStream fos = null;
    boolean returnValue=false;

            String env = System.getProperty("os.name");
    int flag = env.indexOf("Windows",0);

    if(flag != -1)
    {
    System.out.println("its windows");
    elog.debug("Its windows");
    commandAppend1 = "C:\\apps\\ecorp\\virusScan
    SCAN.EXE "+ "" + pdffilename ;
    commandAppend2 = commandAppend1.replace('/','
    ');
    System.out.println("commandAppend2"+commandAppend2);
    command = commandAppend2 +" " +"/del " + "/report" + " C:\\apps\\ecorp\\tempImageFolder
    " + virusoutput;
    //System.out.println("command "+command);
    //System.out.println("pdffilename "+pdffilename);
    elog.debug("Windows scanner pdffilename"+pdffilename);
    elog.debug("Windows scanner command"+command);

    }else if(flag == -1)
    {
    elog.debug("Its UNIX");
    command= "/apps/ecorp/virusScan/./uvscan --summary --verbose --delete " + pdffilename;//command to scan
    elog.debug("command"+" "+command);
    }

    try
             {

    if(flag != -1)
    {//windows
    fos = new FileOutputStream("C:\\apps\\ecorp\\tempImageFolder
    " +virusoutput);//file where virus scan writes output
    Runtime rt = Runtime.getRuntime();
    System.out.println("command"+command);
    Process proc = rt.exec(command);//executing the virus scan by cmd line
    elog.debug("Process Executed");
    int exitVal = proc.waitFor();
    System.out.println("ExitValue: " + exitVal);
    elog.debug("ExitValue: " + exitVal);
    fos.flush();
    fos.close();//file closed
    elog.debug("Files Closed ");
    returnValue = viruscheck(virusoutput);
    elog.debug("Virus Found ?: "+returnValue);
    System.out.println("returnValue" + " " + returnValue);


    }else if(flag == -1)
    {
    Runtime rt = Runtime.getRuntime();
    System.out.println("command"+command);
    Process proc = rt.exec(command);//executing the virus scan by cmd line
    elog.debug("Process Executed");
    is= proc.getInputStream();//geting the output from virus scan


    isr = new InputStreamReader(is);
    br = new BufferedReader(isr);//wrapping process inputstream in bufferedreader
    elog.debug("BufferedReader ");
    String line=null;
    while ( (line = br.readLine()) != null)
    {
    elog.debug("virus output line"+" "+line);
    line=line.trim();

    System.out.println(line);


    if(line.startsWith("Clean",0))
    {
    if(line.endsWith("1"))
    {
    elog.debug("line.startsWith Clean");
    System.out.println("12345"+"clean"+"NOVIRUS");
    returnValue=false;
    }

    }
    if(line.startsWith("Possibly",0))
    {
    if(line.endsWith("1"))
    {
    elog.debug("line.startsWith Possibly");
    System.out.println("ALERT"+ " " + "POSSIBLY INFECTED" + " "+ "VIRUS FOUND");
    returnValue=true;
    }
    }

    }

    int exitVal = proc.waitFor();
    elog.debug("ExitValue: " + exitVal);

    System.out.println("ExitValue: " + exitVal);
    }


    } catch (Exception t)
               {
                 //elog.error("Exception in commandexecute during virus scanning "+t);
                 //t.printStackTrace();
                 try
                 {
                 fos.flush();
    fos.close();
                 }
                 catch (IOException te)
                 {
                 //elog.error("File Closing Exception in commandexecute during virus scanning "+te);
                 System.out.println("File Closing Exception in commandexecute"+te);
                 }
                 System.out.println("Exception in commandexecute"+t);

               }

    //elog.debug("returnValue "+returnValue);
    return returnValue;

    }//commandExecute closed


    private boolean viruscheck(String virusoutput)
    {


    try
             {
    BufferedReader brr;
    brr = new BufferedReader(new FileReader("C:\\apps\\ecorp\\tempImageFolder
    " + virusoutput));
    String line=null;
    String clean="Clean";

    while ( (line = brr.readLine()) != null)
    {

    line=line.trim();
    //System.out.println("line"+"\n"+line);

    if(line.startsWith("Clean",0))
    {

    if(line.endsWith("1"))
    {
    System.out.println("12345"+clean+"NOVIRUS");
    ////elog.debug("Clean
    return false;

    }

    }

    if(line.startsWith("Possibly",0))
    {

    if(line.endsWith("1"))
    {

    System.out.println("ALERT"+ " " + "POSSIBLY INFECTED" + " "+ "VIRUS FOUND");
    return true;

    }

    }

         }//while closed



    } catch (Exception t)
               {
                 //t.printStackTrace();
                 System.out.println("file reading exception");
               }

    return false;
    }


    }//class closed
    **********************************
  11. Viruses and Java[ Go to top ]

    there is a generic Java api for managing antivirus packages called Metascan.

    A list of supported AV packages is at http://www.opswat.com/products/metascan/supported-applications

    There are versions of Metascan that include up to 8 licensed AV engines, built-in.  The general product overview is at http://www.opswat.com/products/metascan

    A free evaluation package is offered