Anonymous | Login | Signup for a new account | 2024-10-10 05:55 CEST |
My View | View Issues | Change Log | Roadmap | Search |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000950 | FL5 | 2.2 Subprogram FLUC (CONV) | public | 2018-10-18 14:53 | 2018-10-24 15:51 | ||||
Reporter | Falk Reichbott | ||||||||
Assigned To | Falk Reichbott | ||||||||
Priority | normal | Severity | feature | Reproducibility | N/A | ||||
Status | resolved | Resolution | fixed | ||||||
Platform | General | OS | General | OS Version | General | ||||
Product Version | 5.1.18 | ||||||||
Target Version | 5.1.19 | Fixed in Version | 5.1.19 | ||||||
Summary | 0000950: Support anti virus scanning at read and write with FLAM | ||||||||
Description | Like hashing and signature generation and verification it would be usefule to integrate anti virus scanning (AVS) into FLAM. Especially for flucFS it woud be use fule to scann for viruses before write a file. But also for the mainframes a server based solution for virus scanning are useful, especially if data read from remote systems like windows. The solution must support a service provider interface (FAVE) to integrate with different AV solutions (Avira, Kaperski, Symantec, ...) | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0001198) Falk Reichbott (administrator) 2018-10-18 14:56 edited on: 2018-10-18 16:52 |
ClamAV (http://www.clamav.net [^]) would be the first and standard FAVE implementation by limes datentechnik gmbh. Other anti virus solutions requires licenses and must be implemented by customers it self. libclamav is GLP based, but we plan to support simply the clamd deamon with the instream command below. The client part are written by our self (uses IDSESSION is with non-blocking sockets, and a select()/poll() loop) and the deamon must be available behind a IPv4/6 address and port. The main configuration are done for the deamon and is not related to the client. The client (FLAM) will support a command like this: CNVAVS/AVSCAN(METHOD=DELETE/ERROR/WARNING/REMSEG,LIBRARY='favelib',FUNC='clamav',PARAMETER="HOST='ClamAV.server',PORT='4711'") The default method will be "DELETE", the default library will be "favelib", the default function "clamav" and the DNS and port number for cmald can be configured over a new environment variable FL_CLAMAV_CONNECTION=host:port. INSTREAM It is mandatory to prefix this command with n or z. Scan a stream of data. The stream is sent to clamd in chunks, after INSTREAM, on the same socket on which the command was sent. This avoids the overhead of establishing new TCP connections and problems with NAT. The format of the chunk is: <length><data> where <length> is the size of the following data in bytes expressed as a 4 byte unsigned integer in network byte order and <data> is the actual chunk. Streaming is terminated by sending a zero-length chunk. Note: do not exceed StreamMaxLength as defined in clamd.conf, otherwise clamd will reply with INSTREAM size limit exceeded and close the connection. |
(0001199) Falk Reichbott (administrator) 2018-10-24 15:51 |
FLAM supports a new conversion component (CNVAVS) The anti virus component can be used at read or write to scan the data stream for malware. Over the method you can define the handling if a virus was found. The default handling will result in an error if suspicious code was found in the data. You can activate the remove switch of the corresponding I/O component to delete the written part of this file. The whole component was implemented as exit driver to integrate FLAM with each kind of AV technology. To address a certain implementation you can define the library and function name and you can provide a specific parameter string for this implementation. You can also define these values over the environment variables below: * FL_FAVE_LIBRARY - Set default library for anti virus scanning (default is 'libfave') * FL_FAVE_FUNCTION - Set default function for anti virus scanning (default is 'CLAMAVC') * FL_FAVE_PARAMETER - Set default parameter for anti virus scanning (default is 'clamav.daemon:3310') If non of these variables defined, then the FLAM default implementation against the ClamAV daemon (clamav.deamon:3310) will be used, if the AVS converter activated (see http://www.clamav.net/ [^] for more information). To write your own service provider the SPI documentation is published as 'FLAM Anti Virus Exit (FAVE) Service provider Interface'. Additional you can activate the trace flag for the service provider to request trace information and or a statistic flag which indicates the service provider to produce a statistic information at close. |
Issue History | |||
Date Modified | Username | Field | Change |
2018-10-18 14:53 | Falk Reichbott | New Issue | |
2018-10-18 14:53 | Falk Reichbott | Status | new => assigned |
2018-10-18 14:53 | Falk Reichbott | Assigned To | => Falk Reichbott |
2018-10-18 14:56 | Falk Reichbott | Note Added: 0001198 | |
2018-10-18 16:42 | Falk Reichbott | Note Edited: 0001198 | View Revisions |
2018-10-18 16:52 | Falk Reichbott | Note Edited: 0001198 | View Revisions |
2018-10-24 15:49 | Falk Reichbott | Target Version | 5.1.20 => 5.1.19 |
2018-10-24 15:51 | Falk Reichbott | Note Added: 0001199 | |
2018-10-24 15:51 | Falk Reichbott | Status | assigned => resolved |
2018-10-24 15:51 | Falk Reichbott | Fixed in Version | => 5.1.19 |
2018-10-24 15:51 | Falk Reichbott | Resolution | open => fixed |
Copyright © 2000 - 2024 MantisBT Team |