Skip to content

Antivirus

Purpose

Provides antivirus methods.

Methods

Binding name: p6.antivirus

scan (inputstream)

New Feature

Since 6.9.2

Execute an antivirus scan on an inputstream and returns if the file is clean.

Syntax

boolean p6.antivirus.scan(InputStream stream)

Warning

To perform the antivirus scan, the stream will be read.

If you need to consume the stream after the scan, you will need to:

  • reset the stream (using reset()) if markSupported() is true on the stream.
  • or read the stream from the source again.
Example 
new File('p6file:/opt/p6core.data/path/to/file.pdf').newInputStream().withCloseable { stream ->
    if (p6.antivirus.scan(stream)) {
      p6.log.debug 'File is clean'
      // Reset the stream so it can be consumed again after the scan
      if (stream.markSupported()) {
        stream.reset()
      }
      // Continue processing the stream...
    } else {
      p6.log.warn 'Threat detected! File will be deleted or quarantined depending on config'
    }
}

scan (file)

New Feature

Since 6.9.2

Read the content of the file, execute the scan and returns if the file is clean.

Syntax

boolean p6.antivirus.scan(String uri)
Example 
if (p6.antivirus.scan('p6file:/opt/p6core.data/path/to/file.pdf')) {
  p6.log.debug 'File is clean'
} else {
  p6.log.warn 'Threat detected! File will be deleted or quarantined depending on config'
}

Antivirus

By default, there is no antivirus installed on the instance. You can configure one according to the antivirus configuration.

Warning

If antivirus.engine=none all the scanned files are considered clean.

If a file is detected as corrupted, according to antivirus.action the file will be:

Delete mode (default)

Corrupted files are deleted. No recovery possible.

Quarantine mode

Corrupted files are moved to ${P6_DATA}/resources/quarantine with a unique name.

A report file will be created having the same name and suffixed by -metadata.txt.

Report example

Original file: /opt/p6.data/resources/path/to/currupted.file
Scan date: 2023-04-19T15:30:31.524340Z
Report: Virus XXX detected
Ignore mode

Corrupted files are just mentioned in the log. No action will be done.

Warning

This mode is not recommended and should be used on purpose.