ScannerDaemon Howto
The ScannerDaemon listens on localhost's port 8127
for absolute filenames and absolute directorynames. It scans the files/all files
in the directory and reports 'OK' if no virus has been found or 'FOUND:
<virusname>' if a virus has been detected.
Necessary software
You need an installed Java 2 Runtime Environment,
Standard Edition (JRE), . Every JRE >= 1.2 should be fine, but I just tested
it with 1.3.1. You can get it from Sun at http://java.sun.com/j2se/ .
You do
also need the 'virussignatures.txt' that came with the ScannerDaemon in the
directory where you start the ScannerDaemon.
Usage
You start the ScannerDaemon simply by entering
java -jar ScannerDaemon.jar
If you did not forget the
signatures, it should come up and listen on port 8127. You can also give the
name of the signature file as a command-line parameter, like
java -jar ScannerDaemon.jar /opt/openantivirus/virussignatures.txt.signed
Hint:
If you are running Linux and activated the executable Jar-file support
documented in '/usr/src/linux/Documentation/java.txt', you can omit the 'java
-jar' if you make the Jar-file executable.
Digital signature
The 'virussignatures.txt' is digitally signed from the
OpenAntivirus project. This signature is checked automatically on startup and
execution is aborted if the signature does not exist or is invalid. If you
want to use your own signature file, you have to remove the last line (starting
with '==') and start ScannerDaemon with the option '-nosignature'.
Scan
Now you can connect to port 8127 and send absolute filenames or
absolute directorynames ended by <CR>/<LF>. Use 'telnet' or 'netcat'
for this.
Example:
kurt@lobo:~ > telnet localhost 8127
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SCAN /home/kurt/MTX.pif
FOUND: W95/Matrix.SCR (AntiVir)
Connection closed by foreign host.
kurt@lobo:~ > echo "SCAN /home/kurt/Fix2001.exe" | netcat localhost 8127
FOUND: TR/IWorm.Fix2001 (AntiVir)
Have
fun!
Post
You can also send files directly to the scanner. This is done by
sending POST to the daemon. It answers with a port where you have to send
the files to:
kurt@lobo:~> telnet localhost 8127
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
POST
Send data to port '34705' within 10 seconds.
kurt@lobo:~> cat eicar | netcat localhost 34705
Connected.
FOUND: Eicar-Test-Signatur
The socket is closed if a
virus is found, so be prepared for this.
Filter
Similar to POST, but with an additional port that echoes all data
that has been scanned without finding a virus.
kurt@lobo:~> telnet localhost 8127
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
FILTER
Send/receive data to/from port '34709/34710' within 10 seconds.
Both
sockets are closed if soon as a virus is found, so be prepared for this.
$Id: ScannerDaemon-Howto.html,v 1.5 2002/01/12 14:08:02 kurti Exp
$