7 Replies Latest reply: Aug 8, 2014 7:02 AM by jdhingra RSS

    Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus

    Mohammad Abdul Kalam

      Dear Sir,

       

       

      We have a Requirement to Scan the file before saving into server location using ASP.Net application with McAfe antivirus for the upcoming website project.

       

      I have tried the below but could not succeed.

       

      Command:

      SCAN /D:\\serverfolder\\uploads\\SizingActualData.txt /REPORT D:\\serverfolder\\uploads\\avreport.txt

      OR

        D:\\serverfolder\\uploads\\SizingActualData.txt /REPORT D:\\serverfolder\\uploads\\avreport.txt

       

      Current Scan EXE location

      C:\\Program Files\\McAfee\\VirusScan Enterprise\\scan32.exe

       

       

      Output:

       

      Scan dialogue opens and scan started

       

       

      Problem:

      Not generating avreport.txt file

       

       

      Question: Please let me know whether the step of scaaning the file  is correct or not. If yes then why report file is not generating and If no then pls. suggest me the correct step

       

       

      Regards

       

      Abdul Kalam

      State Audit Bureau of Kuwait

        • 1. Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus
          Peacekeeper

          Moving this to enterprise area as this is the consumer version area

          • 2. Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus
            rmetzger

            Hi Mohammad Abdul Kalam,

             

            Consider the Command Line Scanner as a more appropriate tool for scanning application. It is highly configurable and has greater control for your use.

             

            Here is a view of the command line options:

             

            McAfee VirusScan Command Line for Win32 Version: 6.0.4.564

            Copyright (C) 2013 McAfee, Inc.

            (408) 988-3832 LICENSED COPY - June 24 2013

             

            Usage: scan [object1] [object2...] [option1] [option2...]

             

               /?                                  : Display this help screen.

               /AD                               : Scan all drives (not removable media).

               /ADL                             : Scan all local drives (not removable media).

               /ADN                            : Scan all network drives.

               /AFC=<cache size>   : Set the Size(in MB) of the Internal Cache Used When Decompressing Archive Files.

               /ALL                              : Scan all files regardless of filename extension.

               /ALLOLE                      : Treat all files as compound/OLE regardless of extension.

               /ANALYZE                    : Turn on heuristic analysis for programs and macros.

               /APPEND                     : Append to report file rather than overwriting.

               /APPENDBAD             : Append to bad file rather than overwriting.

               /ASCII                           : Display filenames as ASCII text.

               /BADLIST=<filename>       : Filename and path for bad list log file.

               /BOOT                          : Scan boot sector and master boot record Only.

               /CHECKLIST=<filename>        : Scan list of files contained in <filename>.

               /CLEAN                       : Attempt to clean infected files.

               /CONTACTFILE=<filename>   : Display contents of <filename> when a virus is found.

               /DAM                           : Remove all macros from infected MS Office files.

             

               /DECOMPRESS       : Converts avv*.dat files and creates runtime.dat file

                                                   : Must be done by itself

             

               /DEL                           : Delete infected files except archive files.

               /DOHSM                    : Scan migrated files(hierarchical storage management).

               /DRIVER=<dir>        : Directory specifying location of DAT files.

               /EXCLUDE=<filename>       : Do not scan files/directories listed in <filename>.

               /EXTENSIONS          : Scan defaults & user extension list.

               /EXTLIST                    : List file-extensions scanned by default.

               /EXTRA=<filename>         : Specify the full path and file name of any extra.dat file.

               /FAM                            : Find all macros - not just infected macros. Used with /DAM will remove all macros.

               /FDC                           : Force digital signature check.

               /FREQUENCY=<hours>        : Do not scan <hours> after the previous scan.

               /HELP                         : Displays this help

               /HTML=<filename>  : Create and specify a HTML report file.

               /LOAD=<filename>  : Load options from <filename>.

               /LOUD                        : Include all scanned files in the /REPORT file.

               /MAILBOX                   : Scan inside plain text mailboxes.

               /MANALYZE                : Turn on macro heuristics.

               /MANY                         : Scan many floppy diskettes.

               /MAXFILESIZE=<size>       : Examine Only those files smaller than the specified size(in MB).

               /MEMSIZE=<size>    : File size(in KB) to load into memory for scanning limited by a maximum file size defaulting to 1MB.

               /MIME                          : Scan inside MIME, UUE, XXE and BinHex files.

               /MOVE=<dir>             : Move infected file into directory <dir>, preserving path.

             

               /NC                             : No Integrity Check; Use without Internet connection. see KB68314

                                                   : The program performs a standard digital signing check of the engine binary prior

                                                   : to execution. If the computer is not connected to the Internet, this check can fail

                                                   : unexpectedly. The scan will still continue. Without a connection to the Internet,

                                                   : files like mcscan32.dll will fail the digital signature check. /NC skips the check.

             

               /NOBKSEM               : Prevent scanning of files that are normally protected.

               /NOBOOT                  : Do not scan boot sectors.

               /NOBREAK               : Disable Ctrl-C / Ctrl-Break during scanning.

               /NOCOMP                 : Do not scan self extracting executables by default.

               /NOD                          : Don't switch into /ALL mode when repairing.

               /NODDA                    : Do not scan boot sectors.

               /NODECRYPT         : Don't scan password-protected MS Office documents.

               /NODOC                   : Do not scan MS Office files.

               /NOEXPIRE              : Disable data files expiration date notice.

               /NOJOKES               : Do not alert on joke files.

               /NOMEM                   : Do not scan memory for viruses.

               /NORECALL            : Do not move files from remote storage into local storage after scanning.

               /NORENAME           : Do not rename infected files that cannot be cleaned.

               /NOSCRIPT             : Do not scan files that contain HTML, JavaScript, Visual Basic, or Script Component Type Libraries.

               /PANALYZE              : Turn on program heuristics.

               /PAUSE                    : Pause at end of each screen page.

               /PLAD                       : Preserve the last-accessed time and date for files that are scanned.

               /PROGRAM             : Scan for potentially unwanted applications.

               /RECURSIVE          : Examine any subdirectories in addition to the specified target directory.

               /REPORT=<filename>        : Report names of viruses found into <filename>.

               /RPTALL                    : Include all scanned files in the /REPORT file.

               /RPTCOR                  : Include corrupted files in /REPORT file.

               /RPTERR                  : Include errors in /REPORT file.

               /RPTOBJECTS        : Reports number of objects at all levels scanned in summary.

               /SECURE                 : Equivalent to Analyse, doall, unzip.

               /SHOWCOMP          : Report any files that are packaged.

               /SILENT                    : Disable all screen output.

               /STREAMS               : Scan inside NTFS streams (NT & DATAPOL Only).

               /SUB                         : Examine any subdirectories in addition to the specified target directory.

               /THREADS=<nn>   : Set scan thread count.

               /TIMEOUT=<seconds>        : Set the maximum time to spend scanning any one file.

               /UNZIP                     : Scan inside archive files, such as those saved in ZIP, LHA, PKarc, ARJ, TAR, CHM, and RAR.

               /VERSION               : Display the scanner's version number.

               /VIRLIST                  : Display virus list.

               /WINMEM[=<pid>]  : If pid given scans the Windows Process with Process ID <pid> otherwise scans all Windows Processes.

               /XMLPATH=<filename>       : Filename and path for XML log file.

             

               * Mandatory

             

            I included a couple of 'semi-undocumented' options.

            Consider using the /DECOMPRESS function after updating VSE Dat files. This will improve performance.

            The /NC option may be needed if your server or PC doing the scan is not connected to the Internet.

             

            You will have to experiment a bit to get the right mix of command line options to make it work to your liking.

             

            Hopefully this is a helpful strategy for scanning files and logging the results via an automation program.

             

            Enter your valid Grant Number here:

            http://www.mcafee.com/us/downloads/downloads.aspx

            Click on the 'Endpoint Protection Suite' (or your licensed product)

            Endpoint Security

             

            Download the product and integrate it within your application.

             

            Good luck,

            Ron Metzger

            • 3. Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus
              Mohammad Abdul Kalam

              Dear Ron Metzger,

               

              Thanks for responding and appreciate your response.

               

              I used the below command but could not get logical conclusion:

              "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /CONTACTFILE=D:\ServerFolder\Uploads\SizingActualData.txt /REPORT=D:\ServerFolder\Uploads\AVREPORT.TXT "

               

               

               

              Pls. clarify me the below:

               

              1. How can be sure that there is no Virus in a file?

              2. What if user closed the virus window? I used /SILENT but still window appears

              3. Does McAfe has any API for supporting .Net application?

               

               

              I hope this is a common requirement in any website to Scan file before uploading into Server so if you have solution then pls. guide us.

               

               

              Regards

               

               

              Abdul Kalam

               

              Message was edited by: abdulkalam1976 on 1/27/14 2:09:41 AM CST
              • 4. Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus
                rmetzger

                Hi Abdul Kalam,

                I used the below command but could not get logical conclusion:

                "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /CONTACTFILE=D:\ServerFolder\Uploads\SizingActualData.txt /REPORT=D:\ServerFolder\Uploads\AVREPORT.TXT "

                Well, this is Not the Command Line Scanner I suggested above. Scan32.exe is the native scanner that has some command line scanner options, but I don't believe it is supported to the degree the Command Line Scanner I suggested is supported. (This could change of course, but that is true of the VSE command line options as well, which are not a well documented, in my humble opinion.) However, if VSE is configured properly (default configuration at least) then there is an implicit scan of files when writing to the server drives. This assumes VSE is running on the server, Right? If not running on the server, make it running on the server.

                 

                Your application is a distant second (requrement) to Explicitly scan files that are uploaded to this server. Good idea, but only if VSE is running On The Server as well. It's imperative that you have both 'Scan on Write to disk' AND 'Scan when Reading from disk' enabled for protection to work - running On the server.

                1. How can be sure that there is no Virus in a file?
                When running the command you specified, what did AVREPORT.TXT contain. Did you get any logging? Whatever scanner you choose to use, you will have to parse the log file to really know what results are. I believe the Command Line Scanner I suggested does report back via ERRORLEVEL (batch console) the status of it's scan.

                2. What if user closed the virus window? I used /SILENT but still window appears

                I think that is a .Net/ASP developer question. /Silent is going to reduce output significantly to the console, but not eliminate the console.

                3. Does McAfe has any API for supporting .Net application?

                I am sure McAfee has an API, but whether they will disclose this is up to McAfee. Disclosure might open up security holes they would prefer not to open. Contact McAfee directly to see if this API is available. In the mean time, I would suggest the Command Line Scanner that I suggested in my first reply.

                I hope this is a common requirement in any website to Scan file before uploading into Server so if you have solution then pls. guide us.

                I too, hope other websites scan files as well. Especially government websites. Make sure you are running VSE On The Server, to get implicit scans. Then, after that is done, adding the Explicit scans via your application is suggested. I believe the Command Line Scanner (which can run independently of VSE) is the best tool I know of to make your application run explicit scans. The Command Line Scanner can run on the server or on a workstation as well, so where the scan occurs is up to you.

                 

                Good luck, and welcome to the world of security.

                 

                Ron Metzger

                • 5. Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus
                  jdhingra

                  I am also trying to integrate McAfee command line with my application so that I could scan files getting uploaded to my server. The issues as reported by others are -

                  1. Scan64.exe opens a pop up which when closed reports status on command prompt. How can this pop up be removed by command line OPTIONS or any configuration? Until this remains this can't be automated because pop up prompts user to close it manually.

                  2. Any status code or error code which can be parsed directly to get the status of scanning?

                   

                  Could you please help me resolve this issue?

                   

                  Thanks.

                  • 6. Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus
                    rmetzger

                    jdhingra wrote:

                     

                    I am also trying to integrate McAfee command line with my application so that I could scan files getting uploaded to my server. The issues as reported by others are -

                    1. Scan64.exe opens a pop up which when closed reports status on command prompt. How can this pop up be removed by command line OPTIONS or any configuration? Until this remains this can't be automated because pop up prompts user to close it manually.

                    2. Any status code or error code which can be parsed directly to get the status of scanning?

                     

                    Could you please help me resolve this issue?

                     

                    Thanks.

                    See my discussion here: Command Line Scanning, McAfee CLS, Batch

                    Thanks,

                    Ron Metzger

                    • 7. Re: Problem in Scanning the file before saving into server location using ASP.Net application with McAfe antivirus
                      jdhingra

                      Thanks a lot Ron. Appreciate!

                      I will try out your suggestions and revert back to you.