Skip to content
/ rvp Public

RVP (Remote Virus Scanner) is a powerful and easy-to-use virus scanning service that can be integrated into any application through a simple HTTP interface. With RVP, you can easily scan your files with multiple virus scanners.

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JSXRED/rvp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
common
common
 
 
www
www
 
 
.env
.env
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
client.py
client.py
 
 
requirements.txt
requirements.txt
 
 
server.py
server.py
 
 

Repository files navigation

Remote virus protection (RVP)

Motivation

The reason I developed the RVP service is to enhance the security of my build server. As a developer, I often rely on numerous open-source packages such as Node.js and NuGet packages, which can potentially contain malware or viruses that may infect my final product. Therefore, to reduce this risk, I decided to implement a solution that would enable me to scan every build result using different virus scanners, ensuring that no malware or viruses would make it into my end product through my build results.

While considering different antivirus options, I quickly realized that installing a virus scanner on my build server would significantly impact the speed of my build agent. As a result, I decided to use a remote scanner and developed the RVP service, which has proven to be a reliable and essential component of my build process and continuous integration process. With the RVP service, I can now scan all my build results with different virus scanners, thus ensuring the highest level of security for my final product.

In addition to the increased security, the RVP service is also super easy to use and implement in other solutions over HTTP interface. Therefore, other developers can also benefit from this microservice, which provides an additional layer of protection to their solution or build process without compromising on the speed or efficiency.

Support of scanners

RVP supports a variety of virus scanners, including popular open-source options like ClamAV and Windows Defender, as well as paid premium scanners. This flexibility allows users to choose the scanner that best fits their needs or already in action.

Currently, the following scanners are functional (and the list is expanding):

Windows-Enviorments:

  • Windows Defender

Linux-Enviorments:

  • ClamAV
  • ESET Server Security for Linux

Start the service

Please check the .env-file for configuration and pay attention to the pitfalls section.

python server.py

Check if the service is running on http://localhost:8080.

How to use

Use with curl

You can either obtain an infected test file for your machine or use a non-infected file.

wget https://secure.eicar.org/eicar_com.zip

To upload your file to the RVP service, you must use the HTTP-PUT method and specify the port number provided in the .env-file that the service is listening on.

curl http://127.0.0.1:8080 --upload-file eicar_com.zip --http0.9

The result of this endpoint is the file hash of the uploaded file, accompanied by an HTTP status code of 200 (OK). For example: 6ce6f415d8475545be5ba114f208b0ff.

To get the result of a scan use the /resultof/{filehash} endpoint.

curl -v http://127.0.0.1:8080/resultof/6ce6f415d8475545be5ba114f208b0ff --http0.9

Multiple responses are possible:

  • 102 (Processing): The scan is not done yet, please retry again in a few seconds.
  • 200 (OK): The scan is complete and no threats were found.
  • 406 (Not Acceptable): The scan is complete threats were found.
  • 500 (Internal Server Error): The scan is complete threats were found.

A JSON response is provided for HTTP status codes 200, 406, and 500.

{
  "returncode": "INFECTED", // OK, INFECTED or FISHY
  "threats": ["Virus:DOS/EICAR_Test_File"], // ALL THREATS
  "log": "", // LOG OF THE SCANNER
  "filehash": "6ce6f415d8475545be5ba114f208b0ff" // FILEHASH
}

RVP client.py

python client.py http://0.0.0.0:8080 Test.zip

Example implementation of RVP in an Azure Build Pipeline

TODO

Pitfalls

Real-time scans

You should enter exceptions for all virus scanners that perform real-time scanning. Otherwise the file will be removed by many virus scanners during the upload and RVP will not be able to perform its scans.

Windows Defender

In Windows environments, you can execute the following PowerShell command to exclude the path for Windows Defender.

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\pathToRVP\storage\__vault"

Multiple scanners in one environment

Installing multiple virus scanners on the same system is not recommended as it can result in conflicts and performance issues. It is advisable to install a single scanner on each system or Docker container.

Contributions

I would greatly appreciate your help in enhancing the service's functionality. Additionally, if you use different virus scanners, it would be great if you could also contribute by adding them to the service.

License

RVP is open source and released under the MIT license.

Credits

Special thanks for the contribution goes to

www/assets/rvp_logo.svg

About

RVP (Remote Virus Scanner) is a powerful and easy-to-use virus scanning service that can be integrated into any application through a simple HTTP interface. With RVP, you can easily scan your files with multiple virus scanners.

Topics

http virus scanner remote secruity

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages