search

Baekalfen / ICAP-avscan

Uploads a file to a ICAP server.
MIT License
47 stars 29 forks source link

Some implementations are missing? #19

Open gowtham-gopalakrishnan opened 5 years ago

gowtham-gopalakrishnan commented 5 years ago

I'm trying this library with Symantec Cloud services and for files that are clean, it's working fine. But for files that are infected, getting the following exception:

Could not scan file <filename>: Unrecognized or no status code in response header.

While digging deep, I found that if a file is infected Symantec will be returning 201 status code with the scan results.

For example, here's a sample response:

ICAP/1.0 201 Created
ISTag: "2E2FFEB048A3C546849453DD9DD868C2"
Date: Wed Aug 28 12:33:38 2019 GMT
Service: Symantec Protection Engine/8.0.0.48
Service-ID: Respmod AV Scan
X-Infection-Found: Type=0; Resolution=1; Threat=Trojan.Gen.2;
X-Violations-Found: 1
    7bed9479-e7c0-42b4-a3be-279cd0ece0f2-M-Mail1549367154632-ed057ecd-0d9f-4f08-85b2-f3454e58ed07-0.eml/Information.doc
    Trojan.Gen.2
    41129
    2
X-Outer-Container-Is-Mime: 1
Encapsulated: res-hdr=0, res-body=114

And it looks like we're missing some implementations here? (since it seems to be a standard as per https://onlinehelp.opswat.com/corev3/2._ICAP_response_headers.html). Not demanding, just want to know your viewpoint on this.

Baekalfen commented 5 years ago

There might very well be some missing or faulty code. I haven't had access to any ICAP hardware in years, so I rely on others to make pull-requests with fixes.