Skip to content

Antivirus

Purpose

Provides antivirus methods.

Methods

Binding name: p6.antivirus


scan (inputstream)

New Feature

Since 6.9.2

Execute an antivirus scan on an inputstream and returns if the file is clean.

Syntax

boolean p6.antivirus.scan(InputStream stream)

Warning

To perform the antivirus scan, the stream will be read.

If you need to consume the stream after the scan, you will need to:

  • reset the stream (using reset()) if markSupported() is true on the stream.
  • or read the stream from the source again.
Example
new File('p6file:/opt/p6core.data/path/to/file.pdf').newInputStream().withCloseable { stream ->
    if (p6.antivirus.scan(stream)) {
      p6.log.debug 'File is clean'
      // Reset the stream so it can be consumed again after the scan
      if (stream.markSupported()) {
        stream.reset()
      }
      // Continue processing the stream...
    } else {
      p6.log.warn 'Threat detected! File will be deleted or quarantined depending on config'
    }
}

scan (file)

New Feature

Since 6.9.2

Read the content of the file, execute the scan and returns if the file is clean.

Syntax

boolean p6.antivirus.scan(String uri)
Example
if (p6.antivirus.scan('p6file:/opt/p6core.data/path/to/file.pdf')) {
  p6.log.debug 'File is clean'
} else {
  p6.log.warn 'Threat detected! File will be deleted or quarantined depending on config'
}

enabled

New Feature

Since 6.10.24

Returns whether an antivirus engine is active on the instance.

When antivirus.engine=none (or unset), virus scanning is disabled and scan(...) always returns true (clean). Use enabled() to tell “scanning is disabled” apart from “file scanned and clean” — for example to log that a scan was skipped and continue, without reading the platform configuration yourself.

Syntax

boolean p6.antivirus.enabled()
Example
if (!p6.antivirus.enabled()) {
  p6.log.info 'Antivirus disabled — skipping virus scan'
} else if (p6.antivirus.scan('p6file:/opt/p6core.data/path/to/file.pdf')) {
  p6.log.debug 'File is clean'
} else {
  p6.log.warn 'Threat detected!'
}

Antivirus

By default, there is no antivirus installed on the instance. You can configure one according to the antivirus configuration.

Warning

If antivirus.engine=none all the scanned files are considered clean. Use enabled() to detect this case and skip scanning explicitly.

If a file is detected as corrupted, according to antivirus.action the file will be:

Delete mode (default)

Corrupted files are deleted. No recovery possible.

Quarantine mode

Corrupted files are moved to ${P6_DATA}/resources/quarantine with a unique name.

A report file will be created having the same name and suffixed by -metadata.txt.

Report example

Original file: /opt/p6.data/resources/path/to/currupted.file
Scan date: 2023-04-19T15:30:31.524340Z
Report: Virus XXX detected
Ignore mode

Corrupted files are just mentioned in the log. No action will be done.

Warning

This mode is not recommended and should be used on purpose.