Open in app

Sign in

Write

Sign in

Anti-Virus REST API

Jakub Jóźwicki
2 min readDec 1, 2023

Sometimes end to end you process content which needs AV scan, but you are on Kubernetes and don’t have easy way to persist content to disk and call scanner. The workaround is Anti-Virus REST API.

WebUI for AVREST

Now you can have it. Just take the container: podman run — cap-add cap_sys_admin -d -p 8080:8080 docker.io/digitalforensic/avrest:latest

How to test it:

EICAR1=’X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H’
curl -k -d “${EICAR1}*” -u pam:access https://localhost:8080/rest/api/1.0/av-scan/files/eicar.com
{“id”:”4bb733d3-d527–4bec-8c38-cb043f0ee44b”,”name”:”eicar.com”,”sha512":”cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab”,”size”:68,”status”:”accepted”,”queuedAt”:”2023–11–30T06:55:21.366+00:00",”source”:”pam@127.0.0.1"}

In the container logs you can see:
2023–11–30 07:55:21.374 INFO 75770 — — [nio-8080-exec-7] i.g.k.a.s.i.AvScanningService : Scanning is queued for FileInfo { id=4bb733d3-d527–4bec-8c38-cb043f0ee44b, name=eicar.com, hash=cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab, size=68, queuedAt=Thu Nov 30 07:55:21 CET 2023, analyzedAt=null, status=accepted, localPath=/home/user/Documents/workspace-spring-tool-suite-4–4.17.1.RELEASE/av-api/./4bb733d3-d527–4bec-8c38-cb043f0ee44b.com, source=pam@127.0.0.1 } from UsernamePasswordAuthenticationToken [Principal=pam, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[ROLE_USER, ROLE_PAM]]
2023–11–30 07:55:46.013 INFO 75770 — — [pool-2-thread-3] i.g.k.a.s.i.ScanStrategyCmdline : File analysis finished: FileInfo { id=4bb733d3-d527–4bec-8c38-cb043f0ee44b, name=eicar.com, hash=cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab, size=68, queuedAt=Thu Nov 30 07:55:21 CET 2023, analyzedAt=Thu Nov 30 07:55:46 CET 2023, status=infected, localPath=/home/user/Documents/workspace-spring-tool-suite-4–4.17.1.RELEASE/av-api/./4bb733d3-d527–4bec-8c38-cb043f0ee44b.com, source=pam@127.0.0.1 }

The API is quite flexible. You can upload file and later poll for a result or use ?waitMillis=1000 request parameter to wait for file scanning to be finished and get the file status in the same REST call.

REST API can be adjusted to use AV you already own. AVREST can run on Windows or Linux. Commercial support is also possible.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Anti Virus Software
Jakub Jóźwicki
Jakub Jóźwicki

Written by Jakub Jóźwicki

21 Followers
14 Following

Cloud Security Engineer

No responses yet

What are your thoughts?

More from Jakub Jóźwicki

See all from Jakub Jóźwicki

Recommended from Medium

Lists

Staff picks

827 stories1649 saves

Stories to Help You Level-Up at Work

19 stories948 saves

Self-Improvement 101

20 stories3355 saves

Productivity 101

20 stories2818 saves
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams