ScannerDaemon Howto
The ScannerDaemon listens on localhost's port 8127 for absolute filenames
and absolute directorynames. It scans the files/all files in the directory
and reports 'OK' if no virus has been found or 'FOUND: <virusname>'
if a virus has been detected.
Necessary software
You need an installed Java 2 Runtime Environment, Standard Edition (JRE),
. Every JRE >= 1.2 should be fine, but I just tested it with 1.3.1. You
can get it from Sun at http://java.sun.com/j2se/
.
You do also need the 'virussignatures.txt' that came with the ScannerDaemon
in the directory where you start the ScannerDaemon.
Usage
You start the ScannerDaemon simply by entering
java -jar ScannerDaemon.jar
If you did not forget the signatures, it should come up and listen on
port 8127. You can also give the name of the signature file as a command-line
parameter, like
java -jar ScannerDaemon.jar /opt/openantivirus/virussignatures.txt
Hint: If you are running Linux and activated the executable
Jar-file support documented in '/usr/src/linux/Documentation/java.txt',
you can omit the 'java -jar' if you make the Jar-file executable.
Scan
Now you can connect to port 8127 and send absolute filenames or absolute
directorynames ended by <CR>/<LF>. Use 'telnet' or 'netcat'
for this.
Example:
kurt@lobo:~ > telnet localhost 8127
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SCAN /home/kurt/MTX.pif
FOUND: W95/Matrix.SCR (AntiVir)
Connection closed by foreign host.
kurt@lobo:~ > echo "SCAN /home/kurt/Fix2001.exe" | netcat localhost 8127
FOUND: TR/IWorm.Fix2001 (AntiVir)
Have fun!
Post
You can also send files directly to the scanner. This is done by sending
POST to the daemon. It answers with a port where you have to send
the files to:
kurt@lobo:~> telnet localhost 8127
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
POST
Send data to port '34705' within 10 seconds.
kurt@lobo:~> cat eicar | netcat localhost 34705
Connected.
FOUND: Eicar-Test-Signatur
The socket is closed if a virus is found, so be prepared for this.
Filter
Similar to POST, but with an additional port that echoes all data that has
been scanned without finding a virus.
kurt@lobo:~> telnet localhost 8127
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
FILTER
Send/receive data to/from port '34709/34710' within 10 seconds.
Both sockets are closed if soon as a virus is found, so be prepared for this.
$Id: ScannerDaemon-Howto.html,v 1.4 2002/01/04 11:37:04 kurti Exp $