on 10-01-2009 02:11 PM
One of the "best hidden secrets" in Symantes's portfolio is likely the Symantec Scan Engine. This product emerged many years ago from our integration work with large Internet carriers to provide a high-scalable, high-performance antivirus scan engine, that was easy to integrate into any kind of third party application and devices. Some people might remember a product called "Carrier Scan Server" which was the first evolution of this product. Now - in version 5.2 - Symantec Scan Engine is one of the most matured products in our portfolio, and foundation for several other products in our portfolio, i.e. Symantec AntiVirus for Caching and Symantec AntiVirus for Network Attached Storage are products based on Scan Engine development.
Symantec Scan Engine itself is also a stand-alone product in our portfolio. First of all, it offers antivirus, spyware/adware blocking and URL filtering technologies, that can be easily integrated into applications from third party independent software vendors, into network attached storage devices from many hardware vendors, proxy/caching and messaging systems, as well as into the infrastructure from Internet Service Providers.
Scan Engine integrates easily into network-enabled devices via the Internet Content Adaptation Protocol (ICAP 1.0) protocol, which is a very common interface for content scanning, i.e. used in BlueCoat, NetCache or Cisco Caching systems, as well as in proxy applications such as SQUID. In addition, Scan Engine includes an SDK for client-side ICAP to allow C++, Java and C# (for .NET integrations) to quickly link Symantec Scan Engine with your own application. This provides a very flexible and scalable implementation - and it runs on Sun Solaris, Red Hat Linux, Microsoft Windows 2000/2003 and SuSE Enterprise Linux platforms.
It includes a Command Line Scanner for on demand scanning of files on Unix/Linux systems, and it is - of course and like all other Symantec antivirus products - backed by Symantec Security Response, including updates via Symantec LiveUpdate technology on all platforms.
In general, Symantec Scan Engine 5.2 is well suited for third-party independent software/hardware vendors requiring content scanning technologies for direct integration with their applications or devices (across proxy/caching, storage and messaging, etc.) that need antivirus, spyware/adware blocking and URL filtering technologies.
It is also attractive for large internet service providers who have proprietary systems (for example, email) and wish to offer antivirus, spyware/adware blocking and/or URL filtering as a value added service to subscribers.
Last but not least, Symantec Scan Engine 5.2 is ideal for OEMs, who wish to offer their customers the option to purchase Antivirus or URL filtering for their applications. We provide a SDK which allows you to code in C++, or JAVA for Windows, LINUX, or Solaris. Microsoft RPC is also a supported protocol on Windows, which is used i.e. for NetApp Filer integration.
Over the years, we have already seen many partners using Symantec Scan Engine for various integrations. One of the most active partners in this arena is PCS AG in Germany, Solingen, which is not just famous for high-quality knife-blades, but also for Connector Development around Symantec Scan Engine. PCS AG is a longstanding Symantec Technology Partner, responsible for high-quality "knife-blade" development of Symantec Scan Engine connectors i.e. for MS ISA Server and MS Sharepoint Portal Server. Their latest connector releases now covers Scan Engine connectors for MS SQL databases and MS Internet Information Server - called UNIQUE SQL Protector and UNIQUE IIS Protector. You can watch the following two videos to see how the MS SQL and MS IIS integration works:
UNIQUE SQL Protector video: http://www.pcs-ag.de/index.php?id=285
UNIQUE IIS Protector video: http://www.pcs-ag.de/index.php?id=279
PCS AG is one of the best examples on how flexible, scalable, and fast Symantec Scan Engine integrates with any third-party application, system or device. On Google you will find many other examples such as integration for Sun StorageTek or Hitachi NAS devices, Open-Source application integrations, etc. Just look for "Symantec Scan Engine" and "ICAP"...
So if you need to scan files for a specific applications, or need to scan files submitted to a web server from outside your company, Symantec Scan Engine could be your product of choice. You can simply give it a try and download a 30 day trialware version from http://www.symantec.com/business/scan-engine.
Please don't hesitate to contact me for any further question.
I have several Scan Engine for NAS running with some IBM Netapp Storage systems I have on different plants.
So, I have several Scan Engine Consoles to monitor everyday.
Is there a way to integrate those consoles ? maybe with SEP11 console ? or SAV reporter ?
I've downloaded some trail version Antivirus products, and found that some of them are based on Scan engine--- I had to install the scan engine first and then installed the antivirus product.
Now the question is: if I bought an antivirus product for system that include the scan engine in installation package, do i need to install the scan engine again when configuring the Symantec Protection for SharePoint Servers? It makes me feel paying twice for one thing.
Is there a way to cluster SSE for a high availability?
Thanks Guido for your clarifications.
Now I am looking to see if I can integrate SSE with F5 Big IP LTM to scan the uploaded files to my web application before reaching the web servers tier, while in the same time keeping the user informed that the uploaded file contained a Virus.
If you have any experience regarding this please let me know.