Protection Engine 7.x Java API requires a file to be written disk at the completion of the scan request

book

Article ID: 177802

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

Conditions

  • allow 204 property is not set
  • Using Symantec Protection Engine(SPE) Java API for SPE 7.x
  • Using the createStreamScanRequest method
  • The createStreamScanRequest method requires and output file stream.
  • The scan policy in the custom code is set to Scan only.  Only the verdict is expected to be returned.


Symptoms
A connector created with a SPE API writes a file to the hard drive as part of the stream scan request

  • The scanned file written to the hard drive.
  • Company policy prohibits committing the file to disk before reviewing the verdict.
  • If the Outputfile stream is set to NULL, there is an error when scanning large files.

 

Cause

While using stream scanning, the SDK does not assume that the client has a local copy of the file. The output file is a way to create the local copy. The outputFileName parameter contains the response sent back by the SPE. The response could be an HTML file containing a message that the file scanned was blocked for some policy violation. If the file, which was stream scanned, is repaired by  SPE then the repaired file is sent back and stored in outputFileName.

By setting  "com.symantec.sse.allow_204" java system property value to true, then SPE only returns the file when action is taken on the file.   This setting adds the Allow: 204 ICAP header in ICAP request. Whenever Allow: 204 ICAP header is present in ICAP request SPE will not return clean file in ICAP response. It will return file with block notification message, only if there is some violation detected in file.

  • If the policy is scan only, SPE will not attempt to repair the file.  In this case the only content ever returned is a blocked substation text. 
  • If the policy is scan and repair or scan, repair and delete then a cleaned version of the file is returned if the file can be successfully repaired.

This can be enabled by adding System.setProperty("com.symantec.sse.allow_204", "true"); statement to your code.

Resolution

  1. Before initializing the SPE class, set the System property "com.symantec.sse.allow_204" to "true"
  2. Send null for the Outputstream parameter and null for the originalFileName parameter of createStreamScanRequest





Technical Information

The "com.symantec.sse.allow_204" property controls whether or not the scan engine uses outputFile for clean files. Please note that this property is only supported in the SDK's shipped with SSE 5.2.1 or later.