A Quarkus extension that lets you scan files for viruses using a pluggable engine architecture.
Out of the box these engines are supported by this extension:
- ClamAV which is a Linux Native antivirus server
- VirusTotal which is a REST API to check the Hash of a file to see if it has already been reported for viruses
- ICAP The Internet Content Adaptation Protocol (ICAP) is widely used to enhance network security by enabling communication between clients and servers for tasks such as antivirus scanning and data loss prevention. Several products support ICAP scanning, either as ICAP servers providing scanning services or as clients integrating ICAP capabilities. Examples include:
- MetaDefender ICAP Server by OPSWAT
- Clearswift Secure ICAP Gateway by Clearswift
- ClamAV ICAP Server by ClamAV
- OpenSCAP ICAP Server by OpenSCAP
- Cloudmersive ICAP Anti-Virus Scanning Server by Cloudmersive
- Broadcom ICAP Server by Broadcom
- Kaspersky ICAP Server by Kaspersky
Read the full Antivirus documentation.
- Create or use an existing Quarkus application
- Add the Antivirus extension
Create a new Antivirus project (with a base Antivirus starter code):
- With code.quarkus.io
- With the Quarkus CLI:
quarkus create app antivirus-app -x=io.quarkiverse.antivirus:quarkus-antivirus
Or add to you pom.xml directly:
<dependency>
<groupId>io.quarkiverse.antivirus</groupId>
<artifactId>quarkus-antivirus</artifactId>
<version>{project-version}</version>
</dependency>
Now that you configured your POM to use the service, now you need to configure which scanner(s) you want to use in application.properties
:
ClamAV is an open source Linux based virus scanning engine.
If you don't set a host quarkus.antivirus.clamav.host
a DevService will start a ClamAV instance for you on a dynamic free port, so you can test locally during development.
quarkus.antivirus.clamav.enabled=true
If you are using the quarkus-smallrye-health
extension,
quarkus-vault can add a readiness health check to validate the connection to the ClamAV server.
If enabled (by default) and the extension is present,
when you access the /q/health/ready
endpoint of your application you will have information about the connection validation status.
You can disable this behavior by setting the property quarkus.antivirus.clamav.health.enabled
to false
in your application.properties.
VirusTotal is a REST API that analyses suspicious files to detect malware using over 70 antivirus scanners. VirusTotal checks the hash of a file to see if it has been scanned and what the results are. You can set the threshold of how many of the 70+ engines you want to report the file as malicious before you consider it a malicious file using the minimum-votes
property.
quarkus.antivirus.virustotal.enabled=true
quarkus.antivirus.virustotal.key=<YOUR API KEY>
quarkus.antivirus.virustotal.minimum-votes=1
The Internet Content Adaptation Protocol (ICAP) is widely used to enhance network security by enabling communication between clients and servers for tasks such as antivirus scanning and data loss prevention. Several products support ICAP scanning, either as ICAP servers providing scanning services or as clients integrating ICAP capabilities.
To test an ICAP server you can use ClamAV ICAP Server by running the following docker command:
docker run --rm --name icap-server -p 1344:1344 toolarium/toolarium-icap-calmav-docker:0.0.1
Then configure the ICAP server in your application.properties
:
quarkus.antivirus.icap.enabled=true
quarkus.antivirus.icap.host=localhost
quarkus.antivirus.icap.port=1344
quarkus.antivirus.icap.service=srv_clamav
Simply inject the Antivirus
service, and it will run the scan against all configured services. It works against InputStream
so it can be used in any Quarkus application it is not constrained to REST applications only.
@Path("/antivirus")
@ApplicationScoped
public class AntivirusResource {
@Inject
Antivirus antivirus;
@PUT
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.TEXT_PLAIN)
@Path("/upload")
public Response upload(@MultipartForm @Valid final UploadRequest fileUploadRequest) {
final String fileName = fileUploadRequest.getFileName();
final InputStream data = fileUploadRequest.getData();
try {
// copy the stream to make it resettable
final ByteArrayInputStream inputStream = new ByteArrayInputStream(
IOUtils.toBufferedInputStream(data).readAllBytes());
// scan the file and check the results
List<AntivirusScanResult> results = antivirus.scan(fileName, inputStream);
for (AntivirusScanResult result : results) {
if (result.getStatus() != Response.Status.OK.getStatusCode()) {
throw new WebApplicationException(result.getMessage(), result.getStatus());
}
}
// write the file out to disk
final File tempFile = File.createTempFile("fileName", "tmp");
IOUtils.copy(inputStream, new FileOutputStream(tempFile));
} catch (IOException e) {
throw new BadRequestException(e);
}
return Response.ok().build();
}
}
We can't anticipate every antivirus engine out there and some may be proprietary. However, the architecture is designed to be pluggable, so you can plug your own engine in. Simply produce a bean that extends the AntivirusEngine
interface and it will be picked up and used.
@ApplicationScoped
public class MyCustomEngine implements AntivirusEngine {
@Override
public boolean isEnabled() {
return true;
}
@Override
public AntivirusScanResult scan(final String filename, final InputStream inputStream) {
// scan your file here
}
}
- Contribution is the best way to support and get involved in community!
- Please, consult our Code of Conduct policies for interacting in our community.
- Contributions to
quarkus-antivirus
Please check our CONTRIBUTING.md
Thanks goes to these wonderful people (emoji key):
Melloware π§ π» |
Sauli Ketola |
Geoffrey GREBERT π» |
Negoita Silviu π€ π |
Martin Stefanko π¬ |
Richard Bischof π |
Patrick π» |
This project follows the all-contributors specification. Contributions of any kind welcome!