2

I am started evaluating the symantec scanengine 5.2 for our application. Its a web portal where users can upload the file.

I am currently using C# API comes with scanengine and using StreamScanRequest for scanning the streams, since we are passing the byte array uploaded(file) from users. But in the documentation and examples its mentioned that we need to call 3 different methods to setup and scan the files, namely start,send and finish.

By definition the StreamScanRequest, Abstracts the stream file scanning mechanism. This is used to Scan file which is not accessible to Scan engine.

Then why does it required to send the filenames to the start() method

 public abstract bool Start(
    string fileToScan,
    string fileNameOnDisk
)

We are just sending the bytes received from user directly to scan engine for the complete protection. If we need to first write bytes to file then send it to scan engine then whats the whole point of security.

Can someone clarify me the exact use of start method and the reason for file names supplied to it??

RameshVel
  • 64,778
  • 30
  • 169
  • 213
  • Seems like it's legal to pass null for both parameters, if you are using StreamScanRequest. In my testing, passing null doesn't seem to have any nasty effects; an infected stream will still be detected. – Dan Aug 31 '12 at 09:22

1 Answers1

1

They might use the file name as part of the detection? For example many types of malware install files in the the Windows dir, and then so perhaps stricter checking is used for those files.

Douglas Leeder
  • 52,368
  • 9
  • 94
  • 137