Disable authentication for SPE RESTAPI file scans
search cancel

Disable authentication for SPE RESTAPI file scans

book

Article ID: 270398

calendar_today

Updated On:

Products

Protection Engine for Cloud Services

Issue/Introduction

You seek to know how to disable authentication for Symantec Protection Engine (SPE) RESTAPI file scans.

Environment

Release : 9.0.0 and newer

Resolution

  1. Navigate to the folder containing application.properties
    • The default location in Windows is: C:\Program Files\Symantec\Scan Engine\RestAPI
    • The default location in Linux is: /opt/SYMCScan/RestAPI
  2. Modify the following settings in application.properties:
    sperestapi.auth.enabled=false
    sperestapi.auth.filescanning.enabled=false

    Note: In SPE 9.2 and newer only the sperestapi.auth.filescanning.enabled option needs to be set to false.

  3. Restart the SPE RestAPI service
  4. Use curl to test submitting a file to the SPE RESTAPI
    curl -k -X POST "http://localhost:8008/spe/api/v1/scan-file" -H "accept: application/xml" -H "Content-Type: multipart/form-data" -F "[email protected]"

    Expected output:

    <FileScanResult><scanStatus>SCAN_SUCCESS</scanStatus><fileScanned>Data.txt</fileScanned><fileStatus>CLEAN</fileStatus><fileQuarantineStatus>NOT_AVAILABLE</fileQuarantineStatus><totalInfections>0</totalInfections><virusDefinitionDate>2023-08-29T00:00:00.000+00:00</virusDefinitionDate><virusDefinitionRevisionNumber>008</virusDefinitionRevisionNumber><bytesScanned>-1</bytesScanned><totalFilesScanned>-1</totalFilesScanned><trueTypeOfFile>NA</trueTypeOfFile></FileScanResult>

Additional Information

What is curl?

The test tool curl name means "Client for URL". The Curl project began in 1996. Many administrators view this tool as a basic utility for network troubleshooting. The curl utility is available on both Windows and Linux.

 

What happens if authentication is still enabled?

curl output will be similar to: 

<Map><timestamp>2023-08-01T22:04:15.687+00:00</timestamp><status>401</status><error>Unauthorized</error><message>Unauthorized</message><path>/spe/api/v1/scan-file</path></Map>

 

Can I use Linux curl to test from another Linux or Windows box?

Yes, just substitute the IP address of the SPE Server test box in place of localhost in the curl command above.

 

After I prove that REST API performs scans, how can I prove authenticated scans work with REST API?

See the Help topic: How to scan files using the REST API


Where can I find out more about the REST API of SPE?

https://apidocs.securitycloud.symantec.com/# 

 

How does SPE 9 REST API work with streaming?

  1. Client application gets the file and stores it.
  2. Client application then includes the file path in a scan request to REST API.
  3. REST API will then send that file to SPE in stream mode.