Integrating third-party antivirus software with SynaMan

Many organizations prefer to run uploaded files in SynaMan through a dedicated antivirus package to ensure their safety. This page talks about how to accomplish this task.

There are two types of antivirus that you could use

  1. Installed and integrated with the OS.
  2. Integrated with SynaMan
Option 1 - Installed on the OS

Many organizations prefer to install an antivirus package on most computers, including servers. These antivirus packages have the ability to monitor disks and detect problems as soon as files are saved. In such cases, files are scanned as soon as an upload completes. The antivirus package typically quarantines harmful files if necessary.

Installing such antivirus packages is completely independent of SynaMan and therefore, no configuration change is required.

Option 2 - Integrated with SynaMan

Starting from v5.1, SynaMan offers several methods of integrating various third-party antivirus packages. These packages are divided into 3 categories:

ClamAV Daemon

ClamAV is an open-source and free software for scanning viruses. You could run ClamAV either on the same machine where SynaMan is installed or on a separate computer. Once installed, you need to run it in Daemon mode, which allows ClamAV to accept connections from multiple machines over the network.

When configuring ClamAV with SynaMan, you will need to specify the host name along with the TCP/IP port where ClamAV is running.

Command Line Scanners

Many third-party antivirus software packages allow scanning file using a command line interface. For example, you could use Windows Defender if you're using SynaMan on a Microsoft Windows platform.

You need to provide the following parameters when using a command line scanner:

  • Exe Path - This refers the executable for command line scanner. For example, in case of Windows Defender, this is set to C:\Program Files\Windows Defender\MpCmdRun.exe.
  • Arguments - Refers to the command line arguments accepted by the EXE file. One of the arguments must be $SINGLE_FILE, which will be replaced by the actual file name at runtime.
  • Search Pattern - A regular expression to search in the result. If a match is found, SynaMan will treat the file as harmful.
ICAP Capable Servers

Similar to ClamAV's daemon, ICAP capable servers listen on a network port, allowing other software to send files over a network connection and return information about the virus if found.

When configuring an ICAP server, you will need hostname, TCP/IP port and the service name for ICAP. Refer to the documentation of your ICAP server to determine the value for service name.

The ICAP protocol supports two methods: REQMODE and RESPMODE. Some ICAP servers use different values for service name for each modes. In such cases, specify two values separated by a | symbol. For example, when working with Kaspersky Scan Engine, use the req|resp for this value.

Very Important

Do not use this option if you're already using Option 1. This is because SynaMan saves incoming files to the disk. Option 1 would delete the file as soon as a virus is detected and you will get file not found errors when using Option 2.

Comparing Options

Description Option 1 Option 2
Configuration No configuration required in SynaMan Additional configuration required in SynaMan
Handling Viruses Depends upon how the software is configured. Typically, email alerts are not sent. You can configure SynaMan to either delete or rename uploaded files. Alerts can be sent via email to the administrator about the uploaded file.
Logging Depends upon the software you use IP address, user's name as well as information about the virus will be logged allowing administrators to take further action.

Troubleshooting Common Problems

Troubleshooting is out of scope of SynaMan when using Option 1. The following section applies if you're using Option 2
Testing Connectivity

You will see a Test Connectivity button towards the bottom when at least one antivirus mechanism is enabled.

File not found error when testing

You see the following error when testing connectivity.

This error occurs when both Option 1 and Option 2 are enabled simultaneously. When testing connectivity with an antivirus, SynaMan needs to save a test virus (EICAR), to the disk. When Option 1 is enabled, the antivirus software running at the OS level deletes this file right away and therefore, a valid test cannot be performed.


Social Media

Powered by