tags:

views:

50

answers:

1
+1  Q: 

virus scanning with c# and symantec scan engine

We have a c dll that was written years ago to call symantec's virus scanner, carrier scan. Well it doesn't run on windows 64 and I have to get a new version up and running. I found some code here - http://vaibhavkulkarni.wordpress.com/2007/11/19/a-icap-client-code-in-c-to-virus-scan-a-file-using-symantec-scan-server but for some reason when I run it I get the exception "An established connection was aborted by the software in your host machine". I've disabled my antivirus, windows defender and windows firewall. I don't have anything else that I can think of to disable so I'm not sure what would be causing the problem. I'm getting the error on the 2nd call to soc.Send(System.Text.Encoding.ASCII.GetBytes(cmd)); Does anyone have any idea what might be causing this? Thanks!

+2  A: 

If server is Symantec Scan Engine then they have their own .net api. Don't use custom, try original, it works great.

Andrey  2010-10-11 16:10:07
I did try using their sdk but their code won't work. I posted on their forums and so far have received no response. - http://www.symantec.com/connect/forums/need-help-scanning-file-through-c-and-scan-engine
geoff swartz  2010-10-11 16:11:52
@geoff swartz take Wireshark and sniff the data being send/received. if you bought scan engine (well, i think you did :) ) you can write to support, but try to be as informative as possible
Andrey  2010-10-11 17:17:35
I'll look up wireshark tomorrow. We bought carrierscan about 9 years ago and have just kept it up to date through v5.1. But it looks like the api is the same for 5.1 and 5.2. I downloaded the trial of 5.2 just to test to see if there was a difference but it was the same error message. Thanks.
geoff swartz  2010-10-11 21:00:39
I've installed wireshark, started capturing my interface and run the code. But I have no idea what to look for in this list of code that wireshark makes available. I have uninstalled my antivirus so I have none on my system and my windows firewall is turned off and disabled in services. Yet it still says "Unable to read data from the transport connection: An established connection was aborted by the software in your host machine." I am running the symantec example code when I get this error and I've configured the scan engine to use the NATIVE protocol.
geoff swartz  2010-10-12 18:42:23
Read how to use wireshark. Filter by. Port you are using. And try to. Analyze what youn see. Well if everything is bad try. To write to support
Andrey  2010-10-12 19:18:05

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?