search cancel

Protection Engine Java API returns -1 values in scan responses & File True Type as "NA"

book

Article ID: 242211

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

When performing a scan with the Java compiled seecls.jar, the REST API or a custom script based on the Java API, the bytes scanned and files scanned values are always returned as -1.

{"Symantec Protection Engine IP" : "127.0.0.1","Symantec Protection Engine Port" : "1344","Symantec Protection Engine Connection Status" : "Able to connect","File Scanned" : "sample.txt","Scan Policy" : "SCAN","Virus Def Date" : "Thu May xx","Virus Def Revision No" : "0xx","Total Infection" : "0","Bytes Scanned": "-1","Total Files Scanned": "-1","File True Type" : "NA","Status" :"CLEAN"}

Cause

There needs to be an addition category3.xml used to enable this feature which includes the following tags:

<EnableDataScannedInICAPResponse value="true"/>
<EnableTotalFilesScannedInICAPResponse value="true"/>

Resolution

  1. Modify the "version" value in the xml tag to reflect the SPE version. 
    1. "Version" value can be obtained from an existing .xml file (for ex: configuration.xml)
    2. <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" schemaMajor="1" schemaMinor="0" version="080201" xsi:noNamespaceSchemaLocation="configuration.xsd">
  2. Place the category3.xml file into the bin folder where Protection Engine is installed
  3. Restart the SPE service.
  4. while launching ssecls command, add the following two paramters:
-api 1 -api 2

Now, when you will run ssecls, you should see the total files scanned and data scanned in bytes.

{"Symantec Protection Engine IP" : "127.0.0.1","Symantec Protection Engine Port" : "1344","Symantec Protection Engine Connection Status" : "Able to connect","File Scanned" : "testfile.text","Scan Policy" : "SCAN","Virus Def Date" : "Thu May xx","Virus Def Revision No" : "0xx","Total Infection" : "1","Bytes Scanned" : "69","Total Files Scanned"   : "1","File True Type" : "NA","Violation Detail-0" : {"File Name" : "testfile.text","Violation Name" : "EICAR Test String","Threat Category" : "NA","Violation Id" : "11101","Disposition" : "0","File Unscannable" : "false","Uber Category" : "NA","SubCategory ID" : "0","Cumulative Risk Rating" : "High","Performance Impact" : "High","Privacy Impact" : "High","Ease of Removal" : "High","Stealth" : "High","SubCategory Description" : "NA"},"Status" :"INFECTED_UNREPAIRED"}

 

For getting the "File True Type" information on ICAP response/SPE SDKs, we need to add a category3 parameter so that SPE makes the information available. Attached is the required category3.xml for 8.2.2. Please change the version field in it if the SPE version is other than 8.2.2.

Category3.xml 


edit the existing category3.xml file and put XML tag <EnableFileTrueTypeInICAPResponse value="true"/> as a last tag just before the </ICAP> tag. so it will look something like

<?xml version="1.0" encoding="UTF-8"?><!--Sample XML file generated by XMLSpy v2005 U (http://www.xmlspy.com)--><custom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="080202" xsi:noNamespaceSchemaLocation="category3.xsd">
    <configuration>        
        <ProtocolSettings>
            <ICAP>                    

                <EnableDataScannedInICAPResponse value="true"/>
                <EnableTotalFilesScannedInICAPResponse value="true"/>
                <EnableFileTrueTypeInICAPResponse value="true"/>                
            </ICAP>            
        </ProtocolSettings>        
    </configuration>    
</custom>

 

Post these changes save the category3.xml, and restart the SPE service. Now, you should get the required type of information.

Additional Information

Note: Before performing an upgrade of Protection Engine to a newer version with category3.xml, please manually remove the file, or the upgrade will fail. You will need to manually change the version string before replacing the file.

Attachments

1653075595020__category3_1666359057040.xml get_app