Protection Engine Java API returns -1 values in scan responses

book

Article ID: 242211

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

When performing a scan with the Java compiled seecls.jar, the REST API or a custom script based on the Java API, the bytes scanned and files scanned values are always returned as -1.

{"Symantec Protection Engine IP" : "127.0.0.1","Symantec Protection Engine Port" : "1344","Symantec Protection Engine Connection Status" : "Able to connect","File Scanned" : "sample.txt","Scan Policy" : "SCAN","Virus Def Date" : "Thu May xx","Virus Def Revision No" : "0xx","Total Infection" : "0","Bytes Scanned": "-1","Total Files Scanned": "-1","File True Type" : "NA","Status" :"CLEAN"}

Cause

There needs to be an addition category3.xml used to enable this feature which includes the following tags:

<EnableDataScannedInICAPResponse value="true"/>
<EnableTotalFilesScannedInICAPResponse value="true"/>

Resolution

  1. Modify the "version" value in the xml tag to reflect the SPE version. 
    1. "Version" value can be obtained from an existing .xml file (for ex: configuration.xml)
    2. <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" schemaMajor="1" schemaMinor="0" version="080201" xsi:noNamespaceSchemaLocation="configuration.xsd">
  2. Place the category3.xml file into the bin folder where Protection Engine is installed
  3. Restart the SPE service.
  4. while launching ssecls command, add the following two paramters:
-api 1 -api 2

Now, when you will run ssecls, you should see the total files scanned and data scanned in bytes.

{"Symantec Protection Engine IP" : "127.0.0.1","Symantec Protection Engine Port" : "1344","Symantec Protection Engine Connection Status" : "Able to connect","File Scanned" : "testfile.text","Scan Policy" : "SCAN","Virus Def Date" : "Thu May xx","Virus Def Revision No" : "0xx","Total Infection" : "1","Bytes Scanned" : "69","Total Files Scanned"   : "1","File True Type" : "NA","Violation Detail-0" : {"File Name" : "testfile.text","Violation Name" : "EICAR Test String","Threat Category" : "NA","Violation Id" : "11101","Disposition" : "0","File Unscannable" : "false","Uber Category" : "NA","SubCategory ID" : "0","Cumulative Risk Rating" : "High","Performance Impact" : "High","Privacy Impact" : "High","Ease of Removal" : "High","Stealth" : "High","SubCategory Description" : "NA"},"Status" :"INFECTED_UNREPAIRED"}

Additional Information

Note: Before performing an upgrade of Protection Engine to a newer version with category3.xml, please manually remove the file, or the upgrade will fail. You will need to manually change the version string before replacing the file.

Attachments

1653075595020__category3.xml get_app