Test SPE scanning via basic ICAP from another box
search cancel

Test SPE scanning via basic ICAP from another box


Article ID: 269745


Updated On:


Protection Engine for NAS Protection Engine for Cloud Services


Code created using a Symantec Protection Engine (SPE) API cannot connect to one or more SPE servers to request a scan via basic ICAP. Isolation steps are needed to confirm whether SPE is listening, responds to scan requests, and detects and deletes the EICAR test string.



Release : 8.2.2 or later


Before you execute these steps, perform the steps on Testing SPE scanning in basic ICAP mode on the same box on the target SPE server to prove it is up and accepting scans.


  1. On the Linux server where SPE is installed, create a .tar.bz2 archive of the ssecls/C folder
  2. Copy the .tar.bz2 archive from the Linux server where SPE is installed to another Linux server
  3. On the other Linux server, extract the .tar.bz2 archive you created
  4. Trigger a scan request from ssecls to the target SPE server by having ssecls scan a copy of itself
  5. Trigger a scan request from ssecls to the target SPE server by having ssecls scan a copy of eicar.txt
  6. For each additional Linux SPE server to investigate, repeat steps starting with step 2.



To use ssecls to scan itself by targeting a single remote SPE server

  • Navigate to the ssecls folder, then do one of the following

    • On Linux bash prompt, type:
      ./ssecls -server -verbose -details -onerror leave ./ssecls-copy
    • On Windows cmd prompt, type:
      ssecls.exe -server -verbose -details -onerror leave ssecls-copy.exe



Additional Information

Why does BROADCOM suggest getting ssecls from the SPE server?

Usually during troubleshooting with Support, support is attempting to reduce the number of variables in the environment. There are also copies of the ssecls demo utility in the each copy of the .zip archive that holds the installation material. The .zip file for Tools also has a copy of ssecls starting with SPE version 9. 

To get ssecls from SPE install material

  1. If you already have the Windows or Linux installation material for SPE, unzip it.
  2. On Windows, navigate to Symantec_Protection_Engine_CS_9.0.1.5_Windows_IN\Symantec_Protection_Engine\Command_Line_Scanner\C\64_Bit
  3. On Linux, navigate to Symantec_Protection_Engine_CS_9.0.1.5_Linux_IN/Symantec_Protection_Engine/Command_Line_Scanner/C/64_Bit

    NOTE: The top level of these paths vary with filesystem location where you unzip, SPE version and whether you have SPE for Cloud Services (CS) or for Network Attached Services (NAS).


To get ssecls from a Tools download for SPE (login required)

  1. Navigate to one of the following:
    - CS: https://support.broadcom.com/group/ecx/productfiles?sellable=PRO70849&release=9.0.1&os=&servicePk=0&language=EN
    - NAS: https://support.broadcom.com/group/ecx/productfiles?sellable=PRO70811&release=9.0.1&os=&servicePk=0&language=EN

  2. Download the .zip containing the Tools, like Symantec_Protection_Engine_Tools_9.0.1.5_IN.zip
  3. Extract the file on the box where you need to run the ssecls demo tool.
  4. Within the material, navigate to \Symantec_Protection_Engine_Tools_9.0.1.5_IN\SPE_Tools\Tools\Command_Line_Scanner\C\64_Bit
  5. Depending on whether you use RedHat or Windows, navigate to the matching folder