FLAM® Issue Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000950FL52.2 Subprogram FLUC (CONV)public2018-10-18 14:532018-10-24 15:51
ReporterFalk Reichbott 
Assigned ToFalk Reichbott 
PlatformGeneralOSGeneralOS VersionGeneral
Product Version5.1.18 
Target Version5.1.19Fixed in Version5.1.19 
Summary0000950: Support anti virus scanning at read and write with FLAM
DescriptionLike hashing and signature generation and verification it would be usefule to integrate anti virus scanning (AVS) into FLAM. Especially for flucFS it woud be use fule to scann for viruses before write a file. But also for the mainframes a server based solution for virus scanning are useful, especially if data read from remote systems like windows.

The solution must support a service provider interface (FAVE) to integrate with different AV solutions (Avira, Kaperski, Symantec, ...)
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
Falk Reichbott (administrator)
2018-10-18 14:56
edited on: 2018-10-18 16:52

ClamAV (http://www.clamav.net [^]) would be the first and standard FAVE implementation by limes datentechnik gmbh. Other anti virus solutions requires licenses and must be implemented by customers it self.

libclamav is GLP based, but we plan to support simply the clamd deamon with the instream command below. The client part are written by our self (uses IDSESSION is with non-blocking sockets, and a select()/poll() loop) and the deamon must be available behind a IPv4/6 address and port. The main configuration are done for the deamon and is not related to the client. The client (FLAM) will support a command like this:


The default method will be "DELETE", the default library will be "favelib", the default function "clamav" and the DNS and port number for cmald can be configured over a new environment variable FL_CLAMAV_CONNECTION=host:port.

It is mandatory to prefix this command with n or z.
Scan a stream of data. The stream is sent to clamd in chunks, after INSTREAM,
on the same socket on which the command was sent. This avoids the overhead
of establishing new TCP connections and problems with NAT. The format of the
chunk is: <length><data> where <length> is the size of the following data in
bytes expressed as a 4 byte unsigned integer in network byte order and <data> is
the actual chunk. Streaming is terminated by sending a zero-length chunk. Note:
do not exceed StreamMaxLength as defined in clamd.conf, otherwise clamd will
reply with INSTREAM size limit exceeded and close the connection.

Falk Reichbott (administrator)
2018-10-24 15:51

FLAM supports a new conversion component (CNVAVS)

The anti virus component can be used at read or write to scan the data
stream for malware. Over the method you can define the handling if a
virus was found. The default handling will result in an error if
suspicious code was found in the data. You can activate the remove
switch of the corresponding I/O component to delete the written part of
this file.

The whole component was implemented as exit driver to integrate FLAM
with each kind of AV technology. To address a certain implementation you
can define the library and function name and you can provide a specific
parameter string for this implementation. You can also define these
values over the environment variables below:

 * FL_FAVE_LIBRARY - Set default library for anti virus scanning (default is 'libfave')
 * FL_FAVE_FUNCTION - Set default function for anti virus scanning (default is 'CLAMAVC')
 * FL_FAVE_PARAMETER - Set default parameter for anti virus scanning (default is 'clamav.daemon:3310')

If non of these variables defined, then the FLAM default implementation
against the ClamAV daemon (clamav.deamon:3310) will be used, if the AVS
converter activated (see http://www.clamav.net/ [^] for more information).

To write your own service provider the SPI documentation is published
as 'FLAM Anti Virus Exit (FAVE) Service provider Interface'.

Additional you can activate the trace flag for the service provider to
request trace information and or a statistic flag which indicates the
service provider to produce a statistic information at close.

- Issue History
Date Modified Username Field Change
2018-10-18 14:53 Falk Reichbott New Issue
2018-10-18 14:53 Falk Reichbott Status new => assigned
2018-10-18 14:53 Falk Reichbott Assigned To => Falk Reichbott
2018-10-18 14:56 Falk Reichbott Note Added: 0001198
2018-10-18 16:42 Falk Reichbott Note Edited: 0001198 View Revisions
2018-10-18 16:52 Falk Reichbott Note Edited: 0001198 View Revisions
2018-10-24 15:49 Falk Reichbott Target Version 5.1.20 => 5.1.19
2018-10-24 15:51 Falk Reichbott Note Added: 0001199
2018-10-24 15:51 Falk Reichbott Status assigned => resolved
2018-10-24 15:51 Falk Reichbott Fixed in Version => 5.1.19
2018-10-24 15:51 Falk Reichbott Resolution open => fixed

Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker