Hi all,
I would like to ask for some help with configuring ORDS and ICAP.
So my current settings are:
OS: OEL x64 6.7
DB: 11.2.0.3
APEX: 5.0.4
ORDS: 3.0.8
On my Linux I have installed i-cap (http://c-icap.sourceforge.net) and clamav anti virus. For my testing purposes I also have one infected file. DB, APEX, ORDS, ICAP, CLAMAV this is all installed on the same server.
First I make a test if clamav is working:
clamscan /tmp/eicar/eicar_com.zip
/tmp/eicar/eicar_com.zip: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 4998037
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 9.173 sec (0 m 9 s)
Next test is, if icap and clamav are working OK. For this I'm using
/usr/local/c-icap/bin/c-icap-client -i oralin -p 1344
ICAP server:oralin, ip:127.0.0.1, port:1344
OPTIONS:
Allow 204: Yes
Preview: 1024
Keep alive: Yes
ICAP HEADERS:
ICAP/1.0 200 OK
Methods: RESPMOD, REQMOD
Service: C-ICAP/0.4.4 server - Echo demo service
ISTag: CI0001-XXXXXXXXX
Transfer-Preview: *
Options-TTL: 3600
Date: Wed, 26 Oct 2016 09:48:31 GMT
Preview: 1024
Allow: 204
X-Include: X-Authenticated-User, X-Authenticated-Groups
Encapsulated: null-body=0
Next I make a file scan (one clean and one infected)
/usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/test.txt -s "virus_scan"
ICAP server:oralin, ip:127.0.0.1, port:1344
No modification needed (Allow 204 response)
/usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/eicar_com.zip -s "virus_scan"
ICAP server:oralin, ip:127.0.0.1, port:1344
<html>
<head>
<title>VIRUS FOUND</title>
</head>
<body>
<h1>VIRUS FOUND</h1>
You tried to upload/download a file that contains the virus:
<b> Eicar-Test-Signature </b>
<br>
The Http location is:
<b> - </b>
<p>
For more information contact your system administrator
<hr>
<p>
This message generated by C-ICAP service: <b> virus_scan </b>
<br>Antivirus engine: <b> clamd-0992/22433 </b>
</p>
</body>
</html>
So for me it looks like that icap and clamav are working.
Next I have made a change to defaults.xml in ORDS settings
<entry key="icap.port">1344</entry>
<entry key="icap.server">oralin</entry>
I have created report and form in APEX where I can upload files. If I make a test then I get back following error:
503 Service Unavailable
In ORDS log I can see this:
The ICAP service is unavailable, check the icap.server and icap.port settings.
After reviewing ICAP access log I can see this request:
26/Oct/2016:12:00:00 +0200, 127.0.0.1 127.0.0.1 RESPMOD AVSCAN?action=SCAN 404
I have tried once more with icap client as (same request as I see it from accces log, when request comes from ORDS):
/usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/test.txt -s "AVSCAN?action=SCAN"
and in this case I don't get back proper response. So I have added to my icap virus_scan.conf this line
ServiceAlias AVSCAN virus_scan?allow204=on&sizelimit=off&mode=simple
after this change the same command is successful:
/usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/test.txt -s "AVSCAN?action=SCAN"
After this change and testing if I go back to my APEX application I do not get the error again. What happens now is that when I try to upload a file the error is gone, but nothing happens. Basically I see in my browser status bar message : Waiting for oralin.... and this takes then forever.
I don't see new entries in icap access log and also no messages in icap server.log or ords log file.
I would like to ask for help, if someone has an idea what has to be done in order that icap and ords would work.
Thank you in advance,
Aljaz