cancel
Showing results for 
Search instead for 
Did you mean: 

Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

Dear Sir,

We have a Requirement to Scan the file before saving into server location using ASP.Net application with McAfe antivirus for the upcoming website project.

I have tried the below but could not succeed.

Command:

SCAN /D:\\serverfolder\\uploads\\SizingActualData.txt /REPORT D:\\serverfolder\\uploads\\avreport.txt

OR

  D:\\serverfolder\\uploads\\SizingActualData.txt /REPORT D:\\serverfolder\\uploads\\avreport.txt

Current Scan EXE location

C:\\Program Files\\McAfee\\VirusScan Enterprise\\scan32.exe

Output:

Scan dialogue opens and scan started

Problem:

Not generating avreport.txt file

Question: Please let me know whether the step of scaaning the file  is correct or not. If yes then why report file is not generating and If no then pls. suggest me the correct step

Regards

Abdul Kalam

State Audit Bureau of Kuwait

9 Replies
Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 2 of 10

Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

Moving this to enterprise area as this is the consumer version area

Reliable Contributor rmetzger
Reliable Contributor
Report Inappropriate Content
Message 3 of 10

Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

Hi Mohammad Abdul Kalam,

Consider the Command Line Scanner as a more appropriate tool for scanning application. It is highly configurable and has greater control for your use.

Here is a view of the command line options:

McAfee VirusScan Command Line for Win32 Version: 6.0.4.564

Copyright (C) 2013 McAfee, Inc.

(408) 988-3832 LICENSED COPY - June 24 2013

Usage: scan [object1] [object2...] [option1] [option2...]

   /?                                  : Display this help screen.

   /AD                               : Scan all drives (not removable media).

   /ADL                             : Scan all local drives (not removable media).

   /ADN                            : Scan all network drives.

   /AFC=<cache size>   : Set the Size(in MB) of the Internal Cache Used When Decompressing Archive Files.

   /ALL                              : Scan all files regardless of filename extension.

   /ALLOLE                      : Treat all files as compound/OLE regardless of extension.

   /ANALYZE                    : Turn on heuristic analysis for programs and macros.

   /APPEND                     : Append to report file rather than overwriting.

   /APPENDBAD             : Append to bad file rather than overwriting.

   /ASCII                           : Display filenames as ASCII text.

   /BADLIST=<filename>       : Filename and path for bad list log file.

   /BOOT                          : Scan boot sector and master boot record Only.

   /CHECKLIST=<filename>        : Scan list of files contained in <filename>.

   /CLEAN                       : Attempt to clean infected files.

   /CONTACTFILE=<filename>   : Display contents of <filename> when a virus is found.

   /DAM                           : Remove all macros from infected MS Office files.

   /DECOMPRESS       : Converts avv*.dat files and creates runtime.dat file

                                       : Must be done by itself

   /DEL                           : Delete infected files except archive files.

   /DOHSM                    : Scan migrated files(hierarchical storage management).

   /DRIVER=<dir>        : Directory specifying location of DAT files.

   /EXCLUDE=<filename>       : Do not scan files/directories listed in <filename>.

   /EXTENSIONS          : Scan defaults & user extension list.

   /EXTLIST                    : List file-extensions scanned by default.

   /EXTRA=<filename>         : Specify the full path and file name of any extra.dat file.

   /FAM                            : Find all macros - not just infected macros. Used with /DAM will remove all macros.

   /FDC                           : Force digital signature check.

   /FREQUENCY=<hours>        : Do not scan <hours> after the previous scan.

   /HELP                         : Displays this help

   /HTML=<filename>  : Create and specify a HTML report file.

   /LOAD=<filename>  : Load options from <filename>.

   /LOUD                        : Include all scanned files in the /REPORT file.

   /MAILBOX                   : Scan inside plain text mailboxes.

   /MANALYZE                : Turn on macro heuristics.

   /MANY                         : Scan many floppy diskettes.

   /MAXFILESIZE=<size>       : Examine Only those files smaller than the specified size(in MB).

   /MEMSIZE=<size>    : File size(in KB) to load into memory for scanning limited by a maximum file size defaulting to 1MB.

   /MIME                          : Scan inside MIME, UUE, XXE and BinHex files.

   /MOVE=<dir>             : Move infected file into directory <dir>, preserving path.

   /NC                             : No Integrity Check; Use without Internet connection. see KB68314

                                       : The program performs a standard digital signing check of the engine binary prior

                                       : to execution. If the computer is not connected to the Internet, this check can fail

                                       : unexpectedly. The scan will still continue. Without a connection to the Internet,

                                       : files like mcscan32.dll will fail the digital signature check. /NC skips the check.

   /NOBKSEM               : Prevent scanning of files that are normally protected.

   /NOBOOT                  : Do not scan boot sectors.

   /NOBREAK               : Disable Ctrl-C / Ctrl-Break during scanning.

   /NOCOMP                 : Do not scan self extracting executables by default.

   /NOD                          : Don't switch into /ALL mode when repairing.

   /NODDA                    : Do not scan boot sectors.

   /NODECRYPT         : Don't scan password-protected MS Office documents.

   /NODOC                   : Do not scan MS Office files.

   /NOEXPIRE              : Disable data files expiration date notice.

   /NOJOKES               : Do not alert on joke files.

   /NOMEM                   : Do not scan memory for viruses.

   /NORECALL            : Do not move files from remote storage into local storage after scanning.

   /NORENAME           : Do not rename infected files that cannot be cleaned.

   /NOSCRIPT             : Do not scan files that contain HTML, JavaScript, Visual Basic, or Script Component Type Libraries.

   /PANALYZE              : Turn on program heuristics.

   /PAUSE                    : Pause at end of each screen page.

   /PLAD                       : Preserve the last-accessed time and date for files that are scanned.

   /PROGRAM             : Scan for potentially unwanted applications.

   /RECURSIVE          : Examine any subdirectories in addition to the specified target directory.

   /REPORT=<filename>        : Report names of viruses found into <filename>.

   /RPTALL                    : Include all scanned files in the /REPORT file.

   /RPTCOR                  : Include corrupted files in /REPORT file.

   /RPTERR                  : Include errors in /REPORT file.

   /RPTOBJECTS        : Reports number of objects at all levels scanned in summary.

   /SECURE                 : Equivalent to Analyse, doall, unzip.

   /SHOWCOMP          : Report any files that are packaged.

   /SILENT                    : Disable all screen output.

   /STREAMS               : Scan inside NTFS streams (NT & DATAPOL Only).

   /SUB                         : Examine any subdirectories in addition to the specified target directory.

   /THREADS=<nn>   : Set scan thread count.

   /TIMEOUT=<seconds>        : Set the maximum time to spend scanning any one file.

   /UNZIP                     : Scan inside archive files, such as those saved in ZIP, LHA, PKarc, ARJ, TAR, CHM, and RAR.

   /VERSION               : Display the scanner's version number.

   /VIRLIST                  : Display virus list.

   /WINMEM[=<pid>]  : If pid given scans the Windows Process with Process ID <pid> otherwise scans all Windows Processes.

   /XMLPATH=<filename>       : Filename and path for XML log file.

   * Mandatory

I included a couple of 'semi-undocumented' options.

Consider using the /DECOMPRESS function after updating VSE Dat files. This will improve performance.

The /NC option may be needed if your server or PC doing the scan is not connected to the Internet.

You will have to experiment a bit to get the right mix of command line options to make it work to your liking.

Hopefully this is a helpful strategy for scanning files and logging the results via an automation program.

Enter your valid Grant Number here:

http://www.mcafee.com/us/downloads/downloads.aspx

Click on the 'Endpoint Protection Suite' (or your licensed product)

Endpoint Security

Download the product and integrate it within your application.

Good luck,

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

Dear Ron Metzger,

Thanks for responding and appreciate your response.

I used the below command but could not get logical conclusion:

"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /CONTACTFILE=D:\ServerFolder\Uploads\SizingActualData.txt /REPORT=D:\ServerFolder\Uploads\AVREPORT.TXT "

Pls. clarify me the below:

1. How can be sure that there is no Virus in a file?

2. What if user closed the virus window? I used /SILENT but still window appears

3. Does McAfe has any API for supporting .Net application?

I hope this is a common requirement in any website to Scan file before uploading into Server so if you have solution then pls. guide us.

Regards

Abdul Kalam

Message was edited by: abdulkalam1976 on 1/27/14 2:09:41 AM CST
Reliable Contributor rmetzger
Reliable Contributor
Report Inappropriate Content
Message 5 of 10

Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

Hi Abdul Kalam,

I used the below command but could not get logical conclusion:

"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /CONTACTFILE=D:\ServerFolder\Uploads\SizingActualData.txt /REPORT=D:\ServerFolder\Uploads\AVREPORT.TXT "

Well, this is Not the Command Line Scanner I suggested above. Scan32.exe is the native scanner that has some command line scanner options, but I don't believe it is supported to the degree the Command Line Scanner I suggested is supported. (This could change of course, but that is true of the VSE command line options as well, which are not a well documented, in my humble opinion.) However, if VSE is configured properly (default configuration at least) then there is an implicit scan of files when writing to the server drives. This assumes VSE is running on the server, Right? If not running on the server, make it running on the server.

Your application is a distant second (requrement) to Explicitly scan files that are uploaded to this server. Good idea, but only if VSE is running On The Server as well. It's imperative that you have both 'Scan on Write to disk' AND 'Scan when Reading from disk' enabled for protection to work - running On the server.

1. How can be sure that there is no Virus in a file?
When running the command you specified, what did AVREPORT.TXT contain. Did you get any logging? Whatever scanner you choose to use, you will have to parse the log file to really know what results are. I believe the Command Line Scanner I suggested does report back via ERRORLEVEL (batch console) the status of it's scan.

2. What if user closed the virus window? I used /SILENT but still window appears

I think that is a .Net/ASP developer question. /Silent is going to reduce output significantly to the console, but not eliminate the console.

3. Does McAfe has any API for supporting .Net application?

I am sure McAfee has an API, but whether they will disclose this is up to McAfee. Disclosure might open up security holes they would prefer not to open. Contact McAfee directly to see if this API is available. In the mean time, I would suggest the Command Line Scanner that I suggested in my first reply.

I hope this is a common requirement in any website to Scan file before uploading into Server so if you have solution then pls. guide us.

I too, hope other websites scan files as well. Especially government websites. Make sure you are running VSE On The Server, to get implicit scans. Then, after that is done, adding the Explicit scans via your application is suggested. I believe the Command Line Scanner (which can run independently of VSE) is the best tool I know of to make your application run explicit scans. The Command Line Scanner can run on the server or on a workstation as well, so where the scan occurs is up to you.

Good luck, and welcome to the world of security.

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

I am also trying to integrate McAfee command line with my application so that I could scan files getting uploaded to my server. The issues as reported by others are -

1. Scan64.exe opens a pop up which when closed reports status on command prompt. How can this pop up be removed by command line OPTIONS or any configuration? Until this remains this can't be automated because pop up prompts user to close it manually.

2. Any status code or error code which can be parsed directly to get the status of scanning?

Could you please help me resolve this issue?

Thanks.

Reliable Contributor rmetzger
Reliable Contributor
Report Inappropriate Content
Message 7 of 10

Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus


jdhingra wrote:



I am also trying to integrate McAfee command line with my application so that I could scan files getting uploaded to my server. The issues as reported by others are -


1. Scan64.exe opens a pop up which when closed reports status on command prompt. How can this pop up be removed by command line OPTIONS or any configuration? Until this remains this can't be automated because pop up prompts user to close it manually.


2. Any status code or error code which can be parsed directly to get the status of scanning?



Could you please help me resolve this issue?



Thanks.


See my discussion here:

Thanks,

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

Thanks a lot Ron. Appreciate!

I will try out your suggestions and revert back to you.

atty
Level 7
Report Inappropriate Content
Message 9 of 10

Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

I am trying to upload the file in the web application through the client machine to the server.

The  server has antivirus installed.

Will it scan the file during upload in client machine@

Reliable Contributor rmetzger
Reliable Contributor
Report Inappropriate Content
Message 10 of 10

Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

Hi Atty,


atty wrote:



I am trying to upload the file in the web application through the client machine to the server.


The  server has antivirus installed.


Will it scan the file during upload in client machine@


Well, based on the lack of information, I will make many assumptions and try to answer.

1) A reputable AV is running on the Server.

2) For argument sake:

    A) VSE v8.8 is running on the Server.

    B) VSE is patched current.

    C) VSE is up to date with Daily DATs, engine updates, etc.

3) A minimally Default configuration of VSE is running on the Server.

4) Both 'Scan on Write to disk' AND 'Scan when Reading from disk' enabled.

5) NO Exclusions are set on the Server, where uploads Can occur.

6) Appropriate other security layers are in place, such as Firewalls at the Server (site), also kept up to date.

This should ensure implicit scanning of files occur upon upload to the server.

7) If desired, a second scanner (VCLS) is in use on the Server.

    A) Most recent Scanner Engine

        (currently, as of today: McAfee VirusScan Command Line for Win32 Version: 6.0.6.653).

             Enter your valid Grant Number here:

                 http://www.mcafee.com/us/downloads/downloads.aspx

                 Click on the 'Endpoint Protection Suite' (or your licensed product)

                 Endpoint Security

                     VirusScan Command Line Scanners

         Download the product and integrate it within your application.

    B) Most recent DAT files Extracted and RunTime (Scan /DECOMPRESS) done, coupled with a procedure to determine a new file has arrived and needs secondary scanning.

    C) A secondary scan is implemented such that the scan covers any possible security opening that might otherwise exist, dependent on VSE's current or default configuration.

        An example of this coverage might be: Scanning inside Archives when VSE's On-Access Scanner is configured Not to scan within Archives.

A significant number of Assumptions. Number 7 is optional, but I recommend.

At any rate, this is all up to the Server Administrator to implement and ensure is compliant with Full Scanning of any uploaded file.

Hopefully this answers your question.

Thanks,

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center