1 Reply Latest reply on Feb 20, 2017 10:13 AM by Shunt

    ORDS and ICAP

    Aljaz Mali

      Hi all,

       

      I would like to ask for some help with configuring ORDS and ICAP.

       

      So my current settings are:

        OS: OEL x64 6.7

        DB: 11.2.0.3

        APEX: 5.0.4

        ORDS: 3.0.8

       

      On my Linux I have installed i-cap (http://c-icap.sourceforge.net) and clamav anti virus. For my testing purposes I also have one infected file. DB, APEX, ORDS, ICAP, CLAMAV this is all installed on the same server.

       

      First I make a test if clamav is working:

       

      clamscan /tmp/eicar/eicar_com.zip

      /tmp/eicar/eicar_com.zip: Eicar-Test-Signature FOUND

       

       

      ----------- SCAN SUMMARY -----------

      Known viruses: 4998037

      Engine version: 0.99.2

      Scanned directories: 0

      Scanned files: 1

      Infected files: 1

      Data scanned: 0.00 MB

      Data read: 0.00 MB (ratio 0.00:1)

      Time: 9.173 sec (0 m 9 s)

       

      Next test is, if icap and clamav are working OK. For this I'm using

       

      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344

       

      ICAP server:oralin, ip:127.0.0.1, port:1344

       

      OPTIONS:

        Allow 204: Yes

        Preview: 1024

        Keep alive: Yes

       

      ICAP HEADERS:

        ICAP/1.0 200 OK

        Methods: RESPMOD, REQMOD

        Service: C-ICAP/0.4.4 server - Echo demo service

        ISTag: CI0001-XXXXXXXXX

        Transfer-Preview: *

        Options-TTL: 3600

        Date: Wed, 26 Oct 2016 09:48:31 GMT

        Preview: 1024

        Allow: 204

        X-Include: X-Authenticated-User, X-Authenticated-Groups

        Encapsulated: null-body=0

       

       

      Next I make a file scan (one clean and one infected)

       

      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/test.txt -s "virus_scan"

       

      ICAP server:oralin, ip:127.0.0.1, port:1344

      No modification needed (Allow 204 response)

       

      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/eicar_com.zip -s "virus_scan"

      ICAP server:oralin, ip:127.0.0.1, port:1344

       

      <html>

      <head>

         <title>VIRUS FOUND</title>

      </head>

      <body>

      <h1>VIRUS FOUND</h1>

      You tried to upload/download a file that contains the virus:

         <b> Eicar-Test-Signature </b>

      <br>

      The Http location is:

      <b>  - </b>

      <p>

        For more information contact your system administrator

      <hr>

      <p>

      This message generated by C-ICAP service: <b> virus_scan </b>

      <br>Antivirus engine: <b> clamd-0992/22433 </b>

      </p>

      </body>

      </html>

       

      So for me it looks like that icap and clamav are working.

       

      Next I have made a change to defaults.xml in ORDS settings

       

      <entry key="icap.port">1344</entry>

      <entry key="icap.server">oralin</entry>

       

      I have created report and form in APEX where I can upload files. If I make a test then I get back following error:

      503 Service Unavailable

       

      In ORDS log I can see this:

      The ICAP service is unavailable, check the icap.server and icap.port settings.

       

      After reviewing ICAP access log I can see this request:

      26/Oct/2016:12:00:00 +0200, 127.0.0.1 127.0.0.1 RESPMOD AVSCAN?action=SCAN 404

       

      I have tried once more with icap client as (same request as I see it from accces log, when request comes from ORDS):

      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/test.txt -s "AVSCAN?action=SCAN"

       

      and in this case I don't get back proper response. So I have added to my icap virus_scan.conf this line

       

      ServiceAlias AVSCAN virus_scan?allow204=on&sizelimit=off&mode=simple

       

      after this change the same command is successful:

       

      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/test.txt -s "AVSCAN?action=SCAN"

       

      After this change and testing if I go back to my APEX application I do not get the error again. What happens now is that when I try to upload a file the error is gone, but nothing happens. Basically I see in my browser status bar message : Waiting for oralin.... and this takes then forever.

       

      I don't see new entries in icap access log and also no messages in icap server.log or ords log file.

       

      I would like to ask for help, if someone has an idea what has to be done in order that icap and ords would work.

       

      Thank you in advance,

      Aljaz