Virus scanning with ClamAV and OpenESB

Introduction

Here's a quick project I put together in OpenESB which exposes a web service interface to the ClamAV anti-virus software. The idea is that if an untrusted source submits a file (or other piece of data) and you have reason to worry that it might be hiding something malicious, you can push it through this service and get the all-clear, or notification that something is amiss.

Setup

Extract the zip file into your NetBeans project directory to get the following projects:

clam-ws
The main web service, implemented as an EJB

HttpScanToFile
A small JBI project to read a message via HTTP POST, validate it with the web service and return a result. If the file is clean, it also writes it to /tmp/message.dat. Orchestration is handled through BPEL, naturally.

HttpScanToFileApp
A JBI project used for pulling the above two projects together into a composite application.

eicar.b64
A sample virus! Well, no, not really. It's a test file used by anti-virus vendors. It's also base64 encoded to make our testing easier.

Build and deploy clam-ws, then do the same for HttpScanToFileApp.

ClamAV is a freely available virus scanner with ports to many different platforms. We take advantage of its support for analysing data streams through a TCP/IP interface. You may need to make a small modification to your clamd.conf file to enable this capability:

TCPSocket 6156

6156 is my favourite magic port number. If you want something else, then you should also edit the defaults in vscanner.java which is in the clam-ws project. The hostname and port are optional arguments to the webservice though, if you want be extra flexible.

Testing

I've been doing this on Ubuntu so you're likely to have to modify these instructions.

Using SoapUI, you can test the web service directly. Import the WSDL from the following URL:

http://localhost:8080/vscannerService/vscanner?wsdl

Create a new request and in the data field, copy the contents of eicom.b64. This should return a value of "false" in the clean element. Any other data you pass in should result in "true" (unless you're really unlucky and have randomly generated a virus).

Using the HTTP page and cURL, you can test directly from the commandline like this:

curl http://localhost:9080/HttpReceiveService/HttpReceivePort -d @eicar.b64

or of course, you can substitute a different file instead of eicar.b64

Resources

Project zip

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact