[jboss-dev-forums] [Design of JBoss Collaboration Server] - JBCS & ClamAV Antivirus

All, I've written some code that integrates ClamAV with JBCS to provide server-side antivirus protection, and thought I'd share it with the community. I'm putting together a page detailing how to install everything -- I'll post that shortly as well as the code I've written. BACKGROUND There are 3 components to JBCS Antivirus. First is ClamAV, a server-based, opensource antivirus project, which can be downloaded from their site, and will need to be installed. Second and third are 2 JBCS MBeans (and a small tidbit of config XML to integrate this into JBCS). The first is the ClamAV service MBean, which provides functionality that bridges JBCS/Java to the ClamAV daemon (running either locally or on a remote machine). The second MBean is a JBCS Maillistener that can be plugged into any of the JBCS mailListenerChains. Unfortunately, ClamAV is not Java, and it provides only 2 facilities to scan for viruses: 1.) Scan a file; 2.) Scan a binary STREAM over a socket. PRESENT CONSIDERATIONS My implementation uses the latter via a network stream. In my testing I have gotten everything working, although I am forced to scan a whole message at a time. So, for example, if a given message has 3 message bodies, but only one is infected, the code will basically just report back that a virus was found (it doesn't specify in which message body). There is another set of functionality that I have implemented which allows ClamAV to check a single message body at a time, such that in the example above, a message with 3 bodies, and only 1 infected, would report back which MessageBody ids are infected. That way, the ClamAVMailListener code could lose the infected body but retain the UN-infected bodies. Unfortunately (again), in my testing of this, ClamAV does not detect a sample virus in this scenario. I beleive this because ClamAV is designed to be able to scan an entire message, not individual message components. Thus, if a Base64 encoded "attachment" is sent to clamAV without the rest of the contextual information found in a MIME message, ClamAV does not know to "inspect" the Base64 data, and thus a virus signature is not detected. Once JBCS has better MIME message support (Andy alluded to forking the MIME4j code) I should be able to get a MimeBody part, decode the base64 attachment (if it exists), and send that to ClamAV. Thus, in version 2 of this plugin, we should be able to deal with infected message bodies individually. MOVING FORWARD For the moment, I would appreciate some information from the community as to how this should function: 1.) If a message has a single infection, but 1 or more uninfected message bodies, what should happen to the message? 2.) If a message has a single attachment that is infected, what should happen to the message? Should it bounce? Should it be "cleansed" (i.e., reset the subject, remove the infected body, and add a note in the message body saying that it was cleaned), or some other functionality? Thanks! David View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971590#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...