Video Screencast Help

How to use Symantec Scan Engine 5.2 content scanning technologies for direct integration with your applications or devices

Created: 01 Oct 2009 • Updated: 05 Oct 2009 | 124 comments
Language Translations
Guido Sanchidrian's picture
+9 11 Votes
Login to vote

One of the "best hidden secrets" in Symantes's portfolio is likely the Symantec Scan Engine. This product emerged many years ago from our integration work with large Internet carriers to provide a high-scalable, high-performance antivirus scan engine, that was easy to integrate into any kind of third party application and devices. Some people might remember a product called "Carrier Scan Server" which was the first evolution of this product. Now - in version 5.2 - Symantec Scan Engine is one of the most matured products in our portfolio, and foundation for several other products in our portfolio, i.e. Symantec AntiVirus for Caching and Symantec AntiVirus for Network Attached Storage are products based on Scan Engine development.

Symantec Scan Engine itself is also a stand-alone product in our portfolio. First of all, it offers antivirus, spyware/adware blocking and URL filtering technologies, that can be easily integrated into applications from third party independent software vendors, into network attached storage devices from many hardware vendors, proxy/caching and messaging systems, as well as into the infrastructure from Internet Service Providers.
Scan Engine integrates easily into network-enabled devices via the Internet Content Adaptation Protocol (ICAP 1.0) protocol, which is a very common interface for content scanning, i.e. used in BlueCoat, NetCache or Cisco Caching systems, as well as in proxy applications such as SQUID. In addition, Scan Engine includes an SDK for client-side ICAP to allow C++, Java and C# (for .NET integrations) to quickly link Symantec Scan Engine with your own application. This provides a very flexible and scalable implementation - and it runs on Sun Solaris, Red Hat Linux, Microsoft Windows 2000/2003 and SuSE Enterprise Linux platforms.

It includes a Command Line Scanner for on demand scanning of files on Unix/Linux systems, and it is - of course and like all other Symantec antivirus products - backed by Symantec Security Response, including updates via Symantec LiveUpdate technology on all platforms.

In general, Symantec Scan Engine 5.2 is well suited for third-party independent software/hardware vendors requiring content scanning technologies for direct integration with their applications or devices (across proxy/caching, storage and messaging, etc.) that need antivirus, spyware/adware blocking and URL filtering technologies.
It is also attractive for large internet service providers who have proprietary systems (for example, email) and wish to offer antivirus, spyware/adware blocking and/or URL filtering as a value added service to subscribers.
Last but not least, Symantec Scan Engine 5.2 is ideal for OEMs, who wish to offer their customers the option to purchase Antivirus or URL filtering for their applications. We provide a SDK which allows you to code in C++, or JAVA for Windows, LINUX, or Solaris. Microsoft RPC is also a supported protocol on Windows, which is used i.e. for NetApp Filer integration.

Over the years, we have already seen many partners using Symantec Scan Engine for various integrations. One of the most active partners in this arena is PCS AG in Germany, Solingen, which is not just famous for high-quality knife-blades, but also for Connector Development around Symantec Scan Engine. PCS AG is a longstanding Symantec Technology Partner, responsible for high-quality "knife-blade" development of Symantec Scan Engine connectors i.e. for MS ISA Server and MS Sharepoint Portal Server. Their latest connector releases now covers Scan Engine connectors for MS SQL databases and MS Internet Information Server - called UNIQUE SQL Protector and UNIQUE IIS Protector. You can watch the following two videos to see how the MS SQL and MS IIS integration works:
UNIQUE SQL Protector video: http://www.pcs-ag.de/index.php?id=285
UNIQUE IIS Protector video: http://www.pcs-ag.de/index.php?id=279

PCS AG is one of the best examples on how flexible, scalable, and fast Symantec Scan Engine integrates with any third-party application, system or device. On Google you will find many other examples such as integration for Sun StorageTek or Hitachi NAS devices, Open-Source application integrations, etc. Just look for "Symantec Scan Engine" and "ICAP"...

So if you need to scan files for a specific applications, or need to scan files submitted to a web server from outside your company, Symantec Scan Engine could be your product of choice. You can simply give it a try and download a 30 day trialware version from http://www.symantec.com/business/scan-engine.

Please don't hesitate to contact me for any further question.

Comments 124 CommentsJump to latest comment

vanita's picture

Hello,

I want to scan a content of file before uploading it to server.

so can't we pass a byte array of file whic is to be upload to scan engin for scanning and then save a file on server if it's virus free.

0
Login to vote
vanita's picture

Hello All,

Kindly let me know how to open an admin console of Symentec scan engin 5.2 which is installed on Solaris System.

I had tried with http://serverip:8004/

but its not opening.

Regards,

Vanita

0
Login to vote
vanita's picture

Thanks for Your Reply,

But sir I used https://serverip:8004 still its not opening admin console of scan engin.

Regards,

Vanita

0
Login to vote
vanita's picture

Dear All,

Can you please tell me , where will i get detailed report of scanning of an file (date and timeof scanning, kb scanned , virus found...etc ) through scan engin.

Regrads,

Vanita

0
Login to vote
TSE-JDavis's picture

You can get these reports by running a Detail report under the Reports tab. If you need more detailed data, you will want to increase your logging level in the Monitors tab.

+1
Login to vote
resmy's picture

Have anyone used Java api's with scan engine for file scanning. Also anyone has integrated it with any java based application.

My requirement is to use symantec scan engine before uploading files to server.Requirement is to integrate it with a portal based application.

Any sample code/docs would be really helpful. Thanks in advance

0
Login to vote
vanita's picture

Hello All,

Can you please tell me  what does the SSE means by returning below ICAP Status as response

"ICAP/1.0 100";

"ICAP/1.0 200"; 

"ICAP/1.0 201";
 "ICAP/1.0 204";
"ICAP/1.0 400";
"ICAP/1.0 403";
"ICAP/1.0 404";
 "ICAP/1.0 405";
"ICAP/1.0 408";
"ICAP/1.0 500";
"ICAP/1.0 503";
 "ICAP/1.0 505";
"ICAP/1.0 533";
"ICAP/1.0 539";
"ICAP/1.0 551";
"ICAP/1.0 558";

regards

Vanita

0
Login to vote
TSE-JDavis's picture

If you read the Software developer's guide that comes with Scan Engine in the SDK folder, you will find these defined on page 29 in Table 3-4.

+1
Login to vote
vanita's picture

Thanks For your Kind response,

I have seen following status code in SSE pdf guide.

204          No content necessary              Scanning is not required, and the client sent
                                                             an Allow: 204 header, which indicates that
                                                             Symantec Scan Engine does not need to return
                                                             data to the client.

does it means SSE has scanned the whole file and found ok and give respons as Virus free file????

Regards,

Vanita

0
Login to vote
TSE-JDavis's picture

No, it means we didn't scan it becuase the client doesn't care

+1
Login to vote
TSE-JDavis's picture

Everyone should be advised that we now have a Scan Engine forum, please visit and post any questions or concerns there:

https://www-secure.symantec.com/connect/security/f...

+1
Login to vote
vanita's picture

Hello Sir,

But the Scan engin admin console show  no. of files scanned tab,    in that tab count increments whenever i get response as Icap:1.0 204 response from server. then what does that mean if u r saying server is not scanning file.

Regards,

VAnita

0
Login to vote
sachin.pawar's picture

public static ScanEngine createScanEngine(java.util.List<ScanEngine.ScanEngineInfo> scanEngInfo,
                                          int readWriteTime,
                                          int failRetryTime)

how readWriteTime and failRetryTime works

0
Login to vote
Anil143's picture

Hi,

I am getting ERR_INITIALIZING_STREAM_REQUEST error while calling the below method. Can you please suggest what could be the issue. Able to open the connection successfully.

objStreamScanRequest.Start(objFileScanEntity.fileForScan, objFileScanEntity.scanFileOriginalName);

 
Thanks,
Anil.

0
Login to vote
NavAH's picture

I am getting "ERR_SOCKET_ERROR"

Parameters: "file: C://All Naveen'sDocument//CM2K Documents//SetUp_Indonesia.txt", "streamFileLocal: 1"

Please help ASAP.

0
Login to vote
Jibu's picture

Hello,

Could some one help me find the java API that will work for java 1.4. The SymJavaAPI.jar seems to work with java 5.

Thanks
Jibu

0
Login to vote
TSE-JDavis's picture

Please post future Scan Engine questions in our Scan Engine section of the forum:

https://www-secure.symantec.com/connect/security/f...

You would have to be using a very old version of Scan Engine 5.0 that would no longer be supported.

J2SE 1.4.2 is in its Java Technology End of Life (EOL) transition period. The EOL transition period began Dec, 11 2006 and will complete October 30th, 2008, when J2SE 1.4.2 will have reached its End of Service Life (EOSL). Customers interested in learning more about Sun's Java Technology Support and EOL policy

http://www.oracle.com/technetwork/java/javase/inde...

+1
Login to vote
saurabhsinghgkp's picture

Hi,

Is this Scan Engine a stad alone product or I need some other software with it to use it.

I have downlaoaded an .exe from this url http://definitions.symantec.com/defs/20130702-002-...

But its not working.Its just asking to update and can not find find suitable product on System.

Can any one suggest what products shall I choose?

+1
Login to vote
TSE-JDavis's picture

You downloaded a set of definition files.

If you want to download Protection Engine, go to this URL and choose Trialware:

http://www.symantec.com/protection-engine-for-clou...

Protection Engine is a standalone product, but you will need something to send the files to it for scanning. We include the command-line scanner for testing.

0
Login to vote
saurabhsinghgkp's picture

There are basically two products I think.

One is Scan Engine

http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=cs

and one is 

Symantec Protection Engine for Cloud Services

http://www.symantec.com/protection-engine-for-cloud-services

I need to download both the products or Symantec Protection Engine for Cloud Services includes all the feature of Scan Engine. Does this product incudes documentation and samples for .NET Application.

0
Login to vote
TSE-JDavis's picture

Scan Engine is version 5.2, Protection Engine is version 7 of the same product.

The URL you pasted clearly states that it is for virus definitions:

http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=cs

The trialware download of Protection Engine includes the SDK.

0
Login to vote
Dhamodar's picture

Hi Team,

We used to use Symantec scan engine in one our file share (NAS ).  Normally all the log files placed by our application to NAS will be sending to Scane engine.  It seems some times Scanners are disabling the NAS file share  while scanning the logs and we are facing some intermitant issues in our application end.  Later we have disabled the scanners not to scan log files. Now we are not at all facing the intermitant issues. 

Could you please suggest us wether we have any potential impact to our application, since we disabled the scan engines and also let us know why the scanners are disabling the file share(NAS) intermitantly while sacning log files

Thank you!

0
Login to vote
Guido Sanchidrian's picture

Hello Dhamodar, I will send you a private message to follow up. To investigate your issue we need more information about your configuration...

0
Login to vote
Rathna's picture

Hi,

I have installed trialversion of the scan engine from this link:

http://www.symantec.com/protection-engine-for-cloud-services. Now i have tried to do virus scan in the upload file.I am getting error like "Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: index " in the line of

testObj = requestManagerObj.CreateStreamScanRequest(scPolicy); . I took this code in the trial version of the csharp->dotnetapicheck.cs.

My realtime coding:

ScanRequestManager requestManagerObj = new ScanRequestManager();

requestManagerObj.PrepareForScan(scanEnginesForScanning, 20000, 20);

FileInfo fInfo = new FileInfo(LocalPath1);

long numBytes = fInfo.Length;

using (FileStream fStream = new FileStream(LocalPath1, FileMode.Open, FileAccess.Read))

{

using (BinaryReader br = new BinaryReader(fStream))

{

int dataRead = 0;

// Read file in bytes

byte[] data = new byte[512];

StreamScanRequest testObj;

testObj = requestManagerObj.CreateStreamScanRequest(scPolicy);  ---getting error here

testObj.Start(LocalPath1, FileName);

long bytesToRead = numBytes;

int buffCapRead = data.Length;

// Read file in bytes

do

{

if (bytesToRead >= buffCapRead)

{

buffCapRead = data.Length;

}

else

{

buffCapRead = Convert.ToInt32(bytesToRead);

}

// Refresh data buffer.

data = new byte[buffCapRead];

dataRead = br.Read(data, 0, buffCapRead);

// Send the bytes to symantec protection engine

testObj.Send(data);

bytesToRead = bytesToRead - dataRead;

} while (bytesToRead > 0);

ScanResult scanResult = testObj.Finish(fStream);

}

}

0
Login to vote
ravi.tahilramani@tcs.com's picture

Dear Team,

I have donwloaded the Symantec_Protection_Engine_CS_7.5.0.34 (trail version) for POC of our one of the ASP.Net application. I can see the C# example class given in the SDK but, I am not able to get the working example of the same. Can you provide the working example or any URL from where I can get the example.

The above example from Rathna provides the idea but following are the two issues:

requestManagerObj.PrepareForScan(scanEnginesForScanning, 20000, 20);

testObj = requestManagerObj.CreateStreamScanRequest(scPolicy);

Marked in Bold are the compile time errors not able to get the above two Objects. What exactly they will contain. The server details of the Scan Engine, Policy ? Can some one clarify?

Regards,
Ravi

0
Login to vote
ravi.tahilramani@tcs.com's picture

Dear Team,

I am trying to run the SDK code DotNetAPICheck.cs. I am trying to scan using Stream Reader Option, its failing on the line no. 681 (testObj.Start(fileForScan, scanFileOriginName);) with following error.

ERR_INITIALIZING_STREAM_REQUEST
at com.symantec.scanengine.api.StreamScanRequestImpl.Start(String fileToScan, String fileNameOnDisk)

We searched for the above error one of the post says that we need to open the Port 8004 (default) on firewall (Inbound and Outbound). Tried the said option but it fails to deliver the expected result and throws out the error message mentioned above.

Request you to guide.

Regards,
Ravi

0
Login to vote
arieschiang's picture

We're currently using virus scan engine 5.2 and I need java api doc for development reference. I've searched on google but find nothing. Can someone please help? I also want to know whether we can redirect inputstream to StreamScanRequest directly withut holding file content in memory. Thanks

0
Login to vote
rajub's picture

Hi,

One of our clients want to implement Symantec Protection Engine7.0 and bought the license. 

color:#333333">All we want to do scan the file before uploading it into server.(using C#,.Net4.0).

color:#333333">we are able to scan the file inside the server. But not from client machine.

color:#333333">Could you please suggest which method we suppose to use to scan the files from end-user system?

 Example: If user uploads a file from his local machine using IE or Chrome then Scan Engine should scan the files before storing it in sever folder.

Could also give us the more details about belwo methods.

CreateFileScanRequest(Policy) 
CreateFileScanRequest(Policy, Boolean) 
CreateLocalStreamScanRequest(Policy) 
CreateLocalStreamScanRequest(Policy, Boolean)

CreateStreamScanRequest(Policy)

CreateStreamScanRequest(Policy, Boolean)

 

Kindly help us.

Thanks,

Raju

0
Login to vote
TSE-JDavis's picture

The files should be stored on the server in a quarantined area and then sent to Scan Engine. This will give you the best performance. You could use filescanrequest and provide Scan Engine with the URI to the file on the client's machine, but that would create a security risk since the client would have to be sharing files on the network for Scan Engine to pull down a copy of it.

+1
Login to vote
rajub's picture

Hi,

Continue to above thread.

Could you let us how to create the "quarantined area" inside the (IIS) server?

Is this area just a regular folder on the server?  Anything special about the folder

Thanks,

Raju

0
Login to vote
TSE-JDavis's picture

This would be a folder that would not be scanned by any local AV or it will cause issues. Other than that, it can be just a regular folder.

0
Login to vote
rahil's picture

Hi

I am trying to develop an application in java by which a file being uploaded into the server system is scanned even before it actually gets uploaded is it possible with Scan engine.

I am able to scan the local files with scan engine but is it really possible to scan the files on the client side before uploading it to the server.

Thanks in advance

0
Login to vote