Blog

Managed File Transfer and Network Solutions

Automating FTP Virus Scans with Avast Antivirus - Part 1

Posted by John V. on Tue, Dec 06, 2011 @ 11:29 AM

Overview

We all have our favorite antivirus software, so while some of you may have immediately applied what you learned from our tutorials on automatic virus scanning using Kaspersky Antivirus  and ClamAV, others may have struggled to apply those tutorials to the antivirus software being used in their organization. That's why we've decided to add one more similar post for another popular antivirus.

This time, we're going to configure JSCAPE MFT Server to perform automatic virus scanning on newly uploaded files using Avast! for Linux/Unix Servers. Surely, with three examples, you'll find it easier to apply these steps to your own antivirus program. We're going to assume you've already installed Avast on your Linux server and that, of course, JSCAPE MFT Server Manager is running and ready. 

By default, Avast performs automatic updates every four hours when it can. So if your server's connected to the Internet, chances are, you'll have the latest virus database updates every time an upload is made. But if for whatever reason, you'd like to schedule your own auto-updates, then you can set your own auto-update schedule using the JSCAPE MFT Server Manager. You'll have to wait for Part 2 to read the tutorial for that though.

In the meantime, let's start configuring your managed file transfer server for auto-scanning. 

 

Enabling Avast-powered automatic scans on newly uploaded files 

First, we need to setup a trigger that would execute an Avast virus scan in response to a File Upload event. Go now to the Triggers node and create a new trigger by clicking the Add button.

 

triggers add mft server resized 600

 

Once the Add Trigger wizard launches, give the new trigger a name (e.g. Avast Virus Scan).

From the Event Type drop-down list, select File Upload. Click Next when you're done.

 

add trigger step 1 resized 600

 

You will now need to enter a trigger condition. Trigger conditions are logical expressions, so they evaluate to TRUE or FALSE. In our case, we would like the trigger to execute only if the file upload event was successful. So, enter (Success = TRUE) in the Expression box. After that, click Next.

 

add trigger step 2 

 

It's time to add the trigger action that would execute after a file upload is found to be successful. This action is going to be directly responsible for the actual virus scanning. Click Add to start creating the trigger action.

 

add trigger step 3 resized 600 

 

In the JSCAPE MFT Server environment, the action we are going to execute is known as a Run Process action. Select that action from the Action drop-down list.

 

add action run process resized 600

 

You'll then be asked to specify that action's parameters.

Start by entering the path of the specific program you want to execute into the Program field.

The Avast program responsible for command-line scanning is also called avast (it used to be avastcmd) and is usually installed in the /usr/bin directory. Therefore, the complete path should be: /usr/bin/avast.

However, because  /usr/bin is normally included in the $PATH environment variable, you should be able to run avast from any directory. In other words, entering avast all by itself (instead of '/usr/bin/avast') should suffice.

 

action parameters program

 

Of course, if your avast program is in another location, you should change the path accordingly. 

Next, you need to enter the arguments required by the virus scan program. For Avast, you will only need one argument for this purpose, and it is the path of the file you want to scan. Thus, you need to specify the path of the newly uploaded file. That should be easy because a trigger with a File Upload event type will automatically capture the path of the uploaded file and store it in the variable named %LocalPath%.  

Therefore, all you would need to do is enter %LocalPath% into the Arguments field.

 

action parameters program arguments resized 600

 

Leave the Success Return Value field as is. 

There are two more fields that would require inputs: the Output Stream field and the Error Stream field. If you've ever tried scanning a file on the command line, you know that an output is always generated right after the scan. 

The output may contain information such as the number of files scanned, whether the file is infected or not, and so on. On the other hand, if an error is encountered, then an error notification will be displayed as output. Unfortunately in this case, your automatic virus scan will be taking place in the background. As a result, you won't be able to see those outputs.  

That's why JSCAPE MFT Server allows you to specify log files in which the Output Stream and Error Stream (if ever there is any) will be written. You can then view the contents of these files later on if you want. 

To assign a log file that will store the output of a successful run, just enter the file's path in the Output Stream field. Likewise, you can assign a separate log file that will store the output of a failed run by entering that file's path in the Error Stream field.

If you're creating this trigger from an installation of JSCAPE MFT Server Manager that's on the same machine as the JSCAPE MFT Server itself, then you can specify the location of both log files using the Browser button as shown below.

To specify the paths to those files, just click each field's corresponding Browse button, navigate to the files in question, and click Select

 

output stream error stream

 

Here's a sample of an Output Stream log file being created:

 

output stream log

 

JSCAPE MFT Server will then automatically fill the Output Stream and Error Stream fields with the desired paths.

However, if you're creating this trigger from a remote installation of JSCAPE MFT Server Manager (see figure below), you will have to enter the paths yourself.

 

remote mft server manager resized 600

In my case, I decided to use the JSCAPE MFT Server variable %LocalDir%, which takes the value of the parent directory of the uploaded file. To separate the resulting log files from the uploaded files, I created a subdirectory named scanlogs and inserted that name between %LocalDir% and each log filename. So in effect, my entries looked like this:

For the Output Stream: %LocalDir%/scanlogs/outputstream.log

and

For the Error Stream: %LocalDir%/scanlogs/errorstream.log

Here are the entries in full:

 

run process action parameters

 

After clicking OK, wait until you see your newly created trigger action in the Trigger Actions list box. The moment it appears, click OK.

 

add trigger step 3

 

This will take you back to the JSCAPE MFT Server Manager main screen. Your newly created trigger should now be visible from the Triggers node. Don't forget to click the Apply button!

 

newly added avast scan trigger resized 600

 

 

You're now ready to put your auto-scanning feature to the test. Fire up your favorite file transfer client (That would be AnyClient for me), and upload a file to your secure file transfer server.

Here's a screenshot of a successful AnyClient upload of a file named "COBIT5.pdf". 

 

successful upload anyclient resized 600

 

Now, here's a part of my JSCAPE MFT Server log showing the successful upload and the subsequent virus scan. 

 

mft server log successful scan resized 600

 

If you tried this at your end, you might want to view the Output Stream log file. If your scan was error-free, you should see something like this:

 

view_scanlogs 

 

That should be all you need to do. 

In part 2, I'll show you how to schedule auto-updates of your Avast virus database using JSCAPE MFT Server. In the meantime, have a nice day!

Topics: JSCAPE MFT Server, Business Process Automation, Triggers