SAP Virus Scan with ClamAV

Former Member · ‎08-20-2008

Hello,

if you want use Virus Scan within SAP applications you can use Virus Scan Interface in SAP (transaction VSCAN).

There is a OpenSource adapter for ClamAV engine on http://freshmeat.net/projects/clamsap/

The library allows an integration of ClamAV into SAP and works also on Unix where most other products dont run.

Have fun,

-markus

Former Member · ‎02-13-2009

Hi Everyone,

The below link may help you to understand more:

http://help.sap.com/saphelp_nw2004s/helpdata/en/6d/e6c3076f1243d0a133d1b5fb991412/content.htm

Rgds,

Raghu

Former Member · ‎08-05-2010

Hi Ehhle,

I'm getting segmentation fault using ClamSAP with Ubuntu 10.04 ( 2.6.32-24-generic x86_64 ), building from source and using vsclam_linux_x64_glibc23.tar.gz :

n4shost:n4sadm 1> /usr/sap/N4S/DVEBMGS01/exe/vscan_rfc regonly -a VSCAN_N4SHOST -g n4shost -x sapgw01 -V /usr/local/lib/libvsclam.so -f ~/vsclam.log

====================================================================

Server info

VSI Version : 1.50

Versiontext : Final Release of SAP Virus Scan Server

Startup time : Tue Aug 3 17:23:14 2010

Build release : Release 700, Level 0, Patch 52

Build date : Apr 1 2006

Build platform: AMD/Intel x86_64 with Linux

(mt,opt,unicode,SAP_CHAR/size_t/void*=2/8/8)

Server configuration

Command line : /usr/sap/N4S/DVEBMGS01/exe/vscan_rfc regonly -a VSCAN_N4SHOST -g n4shost -x sapgw01 -V /usr/local/lib/libvsclam.so -f /home/n4sadm/vsclam.log

RFC commands : -a VSCAN_N4SHOST -g n4shost -x sapgw01

Config file : ,

pp_config=0x7fffffffdf48) at vsclamd.c:1033

rc = VSA_OK

#2 0x0000000000424144 in VsiEnd ()

No symbol table info available.

#3 0x0000000000415bc1 in nlsui_main ()

No symbol table info available.

#4 0x0000000000416769 in main ()

No symbol table info available.

Regards,

Cleber

maximilian_bauer · ‎12-19-2012

Hi everyone,

I don´t find any docu about create a profile in /nvscan so, that it works with ClamAV.

Doe´s anybody know, where to find a documentation about this?

Regards,

Max

bowbridge · ‎02-14-2013

Max,

you need to go to /nvscanprofile to create/modify/activate virus scan profiles.

Depending on how much granularity you need, we usually recommend one of these appraocahes:

1.) you may create a new profile, make it default and link it to your virus scanner group in the "Steps" configuration. This means all profiles that using the default profile as a reference (default setting) will use the scan settings and parameters specified in your new profile.

2.) you can edit a pre-existing profile (i.e. HTMLB_UPLOAD) and configure the steps in this profile and make it default. Remember to uncheck "use reference", otherwise you will get a "recursive occurrence of profile XYZ" error message.

3.) edit the settings and steps in every profile you wish to activate. That way, you can specify specific scan paramerters per profile/application, for example different MIME-type filters, Extension filters, active content-filters and virus-scan parameters.

I hope this helps a bit!

Joerg

sandeep_kumar60 · ‎05-12-2014

hi

can any one help me in trying to install the clamsap-0.9.7.4 on HP ux, machines , i count find any installation file in that directory.

Do we need to use any special commands for installation,

pls help

Regards

SAndeep

sandeep_kumar60 · ‎05-12-2014

HI Can any one pls guide me on how to install the clamsap-0.9.7.4 on my HP-UX machine.

i just downloaded and extracted the file on to my HP machine, and cant understand how to proceed next . can any one pls guide me in moving further pls.

Regards

SAndeep

bowbridge · ‎05-12-2014

clamsap is not a commercial product, so the documentation is very, very limited...

Here's what I know:

- you need to have ClamAV installed and running on the server

- you need to install/build clamsap

- Client 00/tcode VSCANGROUP: create a new Virus Scan group

- Client 00/tcode VSCAN, create a new Virus Scan Adapter, Adapter-path points to libclamsap.sl

- appli. Client: tcode VSCANPROFILE: create/edit a virus scan profile. Insert the Virus Scan Group in the "Steps" of the active profile(s)

I hope this helps getting you started.

Joerg

Strehle · ‎05-20-2014

Hi Sandeep,

did you get it managed to setup clamsap? if not I recommend you to open a OSS ticket at SAP. use component BC-SEC-VIR.

reagards,

-markus

j_bayrhammer · ‎08-21-2015

Hello Joerg,

is it possible to find some documentation on how to use ClamAV as a virus scan server?

We would like to connect via RFC to one server which updates the signatures via internet.

Or does ClamAV has to be installed on each SAP server with ClamSAP?

Regards,

Julia

bowbridge · ‎08-21-2015

Hi Julia,

I'm no expert on ClamSAP, but it is my understanding that ClamAV needs to be installed locally.

With our commercial solution "BowBridge AntiVirus Bridge", you can secure multiple AS with one central ClamAV instance though.

cheers,

Joerg

j_bayrhammer · ‎08-24-2015

Hello Joerg,

thanks for your answer.

Does Bowbridge use ClamAV too? Is Bowbridge AntiVirus Bridge based on ClamAV?

And where can I find a little bit more documentation for installing and configuring ClamAV together with ClamSAP?

Regards,

Julia

bowbridge · ‎08-24-2015

Hi Julia,

BowBridge AntiVirus Bridge is not "based on" ClamAV, it comes with McAfee and SOPHOS virus scanning engines built-in, but it can leverage ClamAV (either locally or on a remote server) using the native ClamAV protocol.

You may also connect to ClamAV (as well as Symantec, Trend Micro, Kaspersky, MetaScan etc..) via the ICAP protocol.

Actually, quite a few of our customers use ClamAV as a "second opinion" scanner or for the Non-Prod environments.

best,

Jörg

j_bayrhammer · ‎08-24-2015

Hello Jörg,

thanks for your input.

So currently there are only three provider mentioned in sapnote 1494278, which have certificate status. These are Bowbridge, Trendmicro and ClamAV. If there is no really documentation for ClamAV, this are only two vendors.

Regards,

Julia