Video Screencast Help

Is Symantec Scan Engine Native Protocol documented anywhere?

Created: 16 Dec 2011 • Updated: 27 Dec 2011 | 1 comment
This issue has been solved. See solution.

Executive Summary: Is SSE's native protocol outlined in sufficient detail somewhere for developers to write clients for it?

The Complete Details:

I'm evaluating approaches for using SSE 5.2 in our enterprise for scanning files uploaded to applications implemented with various server technologies: java and VM based languages, .net, xquery servers like Mark Logic app server, and so on. To support all in a standard way I'm considering providing an HTTP based restful web service implemented in java to which a client application can POST a file to be scanned via standard HTTP, receive back a redirect to a job specific resource indicating the progress of the request and ultimately its result once the scan is completed, and an HTTP rest endpoing for purging any relics that remain for that job. This web service could be co-located with each SSE instance or could be clustered in front of an SSE cluster. 

The SSE Implementation Guide discusses three protocol options for such an application communicating with SSE: ICAP, native, and RPC.

- RPC: this appears to be tied closely to securing microsoft client machines and doesn't appear to be a good match as my restful web service will most likely be running on linux. 

- ICAP: I'm not familiar with ICAP but am going through RFC 3507 and at first perusal it appears to be focused on HTTP proxies and scanning content for proxies before the proxies pass the content onward in either direction depending on configuration. This still might be an option depending on further perusal of the RFC.

- Native: I can find no detailed specification on what the native protocol is beyond the miniscule amount of information in the 5.2.11 version of the Implementation Guide,

  • page 76 "Symantec Scan Engine includes its own native protocol. The native protocol is a TCP/IP protocol. It is text-based like HTTP or SMTP. It uses ASCII commands and responses to communicate between the client and the server."
  • page 82 "Symantec Scan Engine implements a TCP/IP protocol to provide scanning functionality to client applications. It is text-based like HTTP or SMTP. It uses ASCII commands and responses to communicate between the client and the server. To submit a file for scanning, a client connects to the specified IP port and sends the file to Symantec Scan Engine to be scanned. Symantec Scan Engine scans the file and sends the results to the client. After the client receives these results, the connection is closed. The client opens a new connection for each file that it sends to Symantec Scan Engine."

Is there any detail regarding the ASCII commands and the format of the requests and responses for the native protocol? 

Comments 1 CommentJump to latest comment

BenDC's picture

The native protocol has been depricated and remains in the current version the handful of legacy connectors that still use it.

If you will be developing your own connector you will want to use ICAP or RPC.

The Scan Engine can work with proxies and other systems via the ICAP protocol which it self resembles the http protocol.