Testing ICAP Solution - Githubissues

Baekalfen / ICAP-avscan

Uploads a file to a ICAP server.

MIT License

47 stars 29 forks source link

Testing ICAP Solution #9

Closed sc06 closed 6 years ago

sc06 commented 6 years ago

Hi, I am sorry to post this question as an issue but, because here are the experts on this subject I thought I might get a good answer to my question. I am trying to test my service that uses this code. I am able to send a EICAR test file through the service but ICAP Server is not considering it as "virus". The scan file method is always returning true(meaning the file is good). I am just trying to prove that my code can detect the virus file. Any input on testing this is appreciated. Thanks in Advance!

sc06 commented 6 years ago

Found the reason. Based on the preview size,we take chunks of file and process. and the chunks were making it not detect the virus. After I increased the preview size to be same as file size(when the whole file was sent at a time) it detected the virus. Now my question is, what is the ideal preview size? Can I make preview size same as the file size or maximum acceptable file size so the whole file will be scanned at at once? what is the downside of not chunking the file?

Baekalfen commented 6 years ago

The preview should only be used for preliminary testing. For example if the policy is to skip .zip files, it could be determined by the preview, and save resources.

If you want to scan a file, you should probably get the complete file before scanning it. That would include sending it in chunks to the server.

sc06 commented 6 years ago

If you want to scan a file, you should probably get the complete file before scanning it. That would include sending it in chunks to the server.

Can you elaborate this please? so, if I am scanning a file, should I just use the preview size to be the same as file size and send the file all at ones? so we invoke sendBytes method only once this way.

Baekalfen commented 6 years ago

Sorry I wrote the code a long time ago, so remembered wrong. But at line 190 in the Java code, you can see, that if the server responds with a "100 continue" to the preview, the rest of the file will be transferred. That is what i meant.

It is only a corner-case, where the filesize is equal to or less than the preview size, that the whole file is transferred for the preview.