How to Test Virus Scanner Compatibility
Introduction
When configuring virus scanning for Attachment Checker, we need to ensure that the virus scanner being used is compatible.
You can refer to https://akeles.jira.com/wiki/spaces/ACJ/pages/56098818 for the list of anti-virus scanners that we have tested.
If your virus scanner is not in the list, please follow the steps below to determine your scanner compatibility.
Requirements
The requirements for the Command Line Scanner for the Attachment Checker are
Allow scanning of a single file
File to be scanned should be the last parameter
Scanner should return the exit code value 0 if there is no threat found.
Details
Files Required
Non-infected file - any file that is not blacklisted / blocked
Infected file - eicar.txt
The EICAR test file is a computer file used to test the response of computer antivirus (AV) programs.
Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use a real computer virus
Example - Testing with ClamAV
https://docs.clamav.net/manual/Usage/Scanning.html#some-basic-scans
For One-Time Scanning the command to use is
clamscan [options] [file/directory/-]
Test Steps:
Execute the command line scanner to scan the file
[root@011-028-c-227 ~]# clamscan testFiles/eicar.txt testFiles/eicar.txt: Eicar-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 8558862 Engine version: 0.102.3 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 16.530 sec (0 m 16 s)Check the errorLevel returned by the previous command
[root@011-028-c-227 ~]# echo "returning errorLevel = " $? returning errorLevel = 1Run Step 1 and 2 again with non-infected file
The results will be:
Scanning non-infected file: returning errorLevel = 0Scanning infected file: returning errorLevel = 1
As the behaviour is inline with our requirement, the antivirus is compatible.