Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Java API Example Not Working...

Created: 23 Aug 2012 | 3 comments

I've am having issues running the JavaAPICheck Java SDK example provided with "SymantecScanEngine_5.2.13_Linux_IN.zip".  I have tried running it in my eclipse environment (scan engine remote) as well as directly from the command line (scan engine local).  No matter which options/switches I use I cannot get file scanning to work, it just fails with an ambiguous error that gives no detail (.  What gives?

[user@host logs]$ cat /tmp/eicar.txt
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

[user@host tmp]$ /usr/j2se160/bin/javac -cp .:/tmp/SymJavaAPI.jar JavaAPICheck.java
Note: JavaAPICheck.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
[user@host tmp]$ /usr/j2se160/bin/java -cp .:/tmp/SymJavaAPI.jar JavaAPICheck -streambased:1 -streamFileLocal:0 -server:10.28.96.200:7777 -policy:scan -output:/tmp/file.out -file:/tmp/eicar.txt
Problem encountered! Scanning Failed!!
[user@host tmp]$ /usr/j2se160/bin/java -cp .:/tmp/SymJavaAPI.jar JavaAPICheck -streambased:1 -streamFileLocal:1 -server:10.28.96.200:7777 -policy:scan -output:/tmp/file.out -file:/tmp/eicar.txt
Problem encountered! Scanning Failed!!
[user@host tmp]$ /usr/j2se160/bin/java -cp .:/tmp/SymJavaAPI.jar JavaAPICheck -streambased:0 -streamFileLocal:1 -server:10.28.96.200:7777 -policy:scan -output:/tmp/file.out -file:/tmp/eicar.txt
Problem encountered! Scanning Failed!!
[user@host tmp]$ /usr/j2se160/bin/java -cp .:/tmp/SymJavaAPI.jar JavaAPICheck -streambased:0 -streamFileLocal:0 -server:10.28.96.200:7777 -policy:scan -output:/tmp/file.out -file:/tmp/eicar.txt
Problem encountered! Scanning Failed!!

 

I have verified my scan engine process is indeed running:

[user@host1 tmp]$ ps -ef | grep 'symcscan'
    root  2973  2972   0   Aug 16 ?          80:05 /opt/SYMCScan/bin/symcscan -config:/opt/SYMCScan/bin -daemon
    root  2972     1   0   Aug 16 ?           0:00 /opt/SYMCScan/bin/symcscan -config:/opt/SYMCScan/bin -daemon

[user@host tmp]$ telnet 10.28.96.200 7777
Trying 10.28.96.200...
Connected to 10.28.96.200.
Escape character is '^]'.
220 Symantec AntiVirus Scan Engine ready.
2
 

It appears to be throwing an exception (java.lang.NullPointerException) at the following code:

JavaAPICheck.java - Line 241: Result result = streamScanReq.scanFile();
JavaAPICheck.java - Line 248: Result result = fileScanReq.scanFile();

I can't step into that code to see what is going on because the source code is not attached to 'SymJavaAPI.jar".

Comments 3 CommentsJump to latest comment

TSE-JDavis's picture

The ssecls binary is always the best tool for verifying that Scan Engine is up and functional. I noticed that you telnetted to port 7777, but that is the port for Native mode. The API only works when Scan Engine is in ICAP.

BenDC's picture

by default icap will be listening on 1344. Unless you changed the option in the Scan Engine it should be in icap mode by default.

we350z's picture

Thanks guys.  You were right, I was not running in ICAP protocol mode.  Once I fixed that and adjusted the connection string port I am good to go.