Enabling Virus Scanning for Web Servers

Virus scanning on web servers can be enabled for inbound IMAP and POP3 MCF Email, and for attachments. To enable virus scanning, configure the VirusScan.xml file located on the web server.

This section discusses:

  • Scanning attachments for viruses.

  • Configuring VirusScan.xml.

  • Logging virus scans.

  • Virus scan errors and return codes.

Virus scanning can be performed on all files uploaded with the AddAttachment, InsertImage, and MAddAttachment functions.

Note: If the HTML sanitizer is also configured on this web server, virus scanning is performed on the file before the HTML sanitizer is run.

Another topic covers scanning attachments on the application server.

To enable the virus scanning feature:

  1. Locate VirusScan.xml on the web server.

    The location of this file on your WebLogic web server is:

    <PS_CFG_HOME>/webserv/<domain_name>/applications/peoplesoft/PSIGW.war/WEB-INF/classes/psft/pt8/virusscan

  2. Open VirusScan.xml for editing.

    <?xml version="1.0" encoding="UTF-8"?>
<Providers disableAll="True" logFile="./servers/PIA/logs/VirusScan%u.log">
    <!-- Sample Configuration for Symantec Engine 
	<Provider>
  	     <name>Symantec</name>
	     <class>psft.pt8.virusscan.provider.GenericVirusScanProviderImpl</class>
	     <icapversion>ICAP/1.0</icapversion>
         <service-name>/SYMCScanResp-AV</service-name>
         <policycommand>?action=SCAN</policycommand>
         <address>192.0.2.44</address>
         <port>1344</port>
         <disable>false</disable>
    </Provider>-->
    
    <!-- Configure your own proivider -->
    <Provider>
    <!-- Provider Name of the Scan Engine -->
    <name></name>
    <!-- Provider Class of the Scan Engine. 
         psft.pt8.virusscan.provider.GenericVirusScanProviderImpl is 
         the default
         provider class.  -->
    <class>psft.pt8.virusscan.provider.GenericVirusScanProviderImpl</class>
    <!-- ICAP version -->
    <icapversion>ICAP/1.0</icapversion>
    <!-- ICAP ServiceName. The Service Name changes from Scan Engine to 
   Scan Engine. 
         This is the name Scan Engine Service is will be hosted with -->
    <service-name></service-name>
    <!-- RESPMOD extra commands, These are the RESPMOD commands  
			(SEE ICAP Protocol). 
         Usually these commands will be changing from Engine to Engine 
    -->
    <policycommand></policycommand>
    <!-- IP Address of Scan Engine host> -->
    <address></address>
    <!-- IP Port of Scan Engine host -->
    <port></port>
    <!-- Disable scanning for this provider -->
    <disable></disable>
    <!-- 
         Default codes = 200 and 204 for clean, 201,403 for infected 
         Use these tags to change the behaivior if needed
         <clean>200,204</clean>
         <infected>201,403</infected> 
         -->
		<virusheader></virusheadercheck>
</Provider>
</Providers>

    Note: A sample configuration for Symantec Engine is provided in the remarks.

  3. In the Providers tag, set the attribute disableAll to "False".

    Note: The default value is "True".

    <Providers disableAll="False" logFile="./servers/PIA/logs/VirusScan%u.log">

  4. Specify scan engines under the <Providers> tag.

    Multiple scan engines can be configured under <Providers>. Each <Provider> tag represents one scan engine. All configured scan engines will check for viruses. For each <Provider> tag enter values for the tags:

    Tag

    Description

    Example Value

    <name>

    Provider name of the scan engine

    Symantec

    <class>

    Provider class of the scan engine

    Default provider class is: 

    psft.pt8.virusscan.provider.GenericVirusScanProviderImpl
    		 
    psft.pt8.virusscan.provider.GenericVirusScanProviderImpl

    <icapversion>

    ICAP version

    ICAP/1.0

    <service-name>

    Service name for the scan engine host

    /SYMCScanResp-AV

    <policycommand>

    Policy command used by the scan engine. Only SCAN is supported.

    ?action=SCAN

    <address>

    IP address of the scan engine host.

    IP address of the machine where the scan engine is running

    <port>

    IP port of the scan engine host.

    Port where the scan engine is running

    <disable>

    Disable scanning for this provider.

    false

    <clean>

    Default codes = 200 and 204 for clean.

    You can use this tag to change the behavior if needed.

    200,204

    <infected>

    Default codes = 201 and 403 for infected

    You can use this tag to change the behavior if needed.

    201,403

    <virusheadercheck>

    This tag contains a comma-separated pair of configurable header and error. This tag can be configured only for these two errors: INFECTED and SCANERROR.

    For example, <virusheadercheck>X-Violation::INFECTED,FileAttributeError::SCANERROR</virusheadercheck>. In this example, X-Violation will be checked in the response header from the scan engine and if found, INFECTED will be returned. If X-Violation is not found, FileAttributeError will be checked in the response header from the scan engine. If FileAttributeError is found, SCANERROR will be returned.

    • If the first header is found in the response header from the scan engine, the subsequent headers are not checked.

    • If error is not configured for X-Violation, INFECTED will be returned by default.

    • The <virusheadercheck> tag is not applicable when <clean> or <infected> is configured.

    • When <clean> or <virusheadercheck> is not configured, the default codes for clean (200, 204) and for infected (201, 403) will be checked in the response header and either CLEAN or INFECTED will be returned.

    <virusheadercheck>X-Violation::INFECTED,FileAttributeError::SCANERROR</virusheadercheck>

Virus scanning logs are the only interface with the scanning engine.

Virus Scanning Logs

The virus scanning logs are located in the path indicated by the logFile property in VirusScanning.xml. 

<Providers disableAll="False" logFile="./servers/PIA/logs/VirusScan%u.log">

The following results are logged with the date and the file name that was scanned:

  • CLEAN, INFECTED, and SCANERROR

    The results for these statuses is logged in this form:

    filename = result

    For example:

    finance.xls = INFECTED

  • CONNECTERROR and CONFIGERROR

    The results for these statuses is logged in this form:

    Unable to connect to the Scan engine: REASON = result

    For example:

    Unable to connect to the Scan engine: REASON = CONFIGERROR

In addition, detailed logging is configured in the logging.properties file for WebLogic server:

PS_CFG_HOME\webserv\domain_name\piaconfig\properties\logging.properties

See Debugging File Attachment Problems.

If there are any errors during file processing the error codes listed in this table will be generated.

If there is a failure, the details will be logged in the location specified for the parameter ig.errorLog.filename in integrationGateway.properties, which is located in <PS_CFG_HOME>/webserv/<domain_name>/applications/peoplesoft/PSIGW.war/WEB-INF.

The return value when the virus scans for mail attachments is REPOSITORY_FAILURE = 8.

See Error Messages Returned by MCFGetMail Class Methods.

If the file is uploaded successfully and no problems are found in the virus scan, the AddAttachment, InsertImage, or MAddAttachment function returns %Attachment_Succeeded.

If a problem is found, the PeopleCode function returns one of the following return codes:

Numeric Value

Error Code

Description

9

%Attachment_FileNotFound

Cannot locate file.

13

%Attachment_ViolationFound

File violation detected by the virus scan engine.

14

%Attachment_VirusScanError

Virus scan engine error.

15

%Attachment_VirusConfigError

Virus scan engine configuration error.

16

%Attachment_VirusConnectError

Virus Scan engine connection error.

24

%Virusscan_Disabled

Virus scan is not enabled.