Implementing Antivirus on file upload using J2EE application? - enterprise

Please provide information on how to integrate Symantec antivirus or any other enterprise antivirus using Java API with Java web application. On uploading files, we need to scan for virus and the result needs to be displayed as (Passed/Failed) to the user.
Regards
RamC

As a start, I recommend you to check this (rather old) post, using Symantec Scan Engine.
How to use Symantec Scan Engine 5.2 content scanning technologies for direct integration with your applications or devices:
http://www.symantec.com/connect/articles/how-use-symantec-scan-engine-52-content-scanning-technologies-direct-integration-your-appli

Metascan would work for your requirements as it allows for API integration of Symantec as well as many other antivirus products. There is java sample code available as well to assist with your project. Product details: http://www.opswat.com/products/metascan | Technical documentation and sample code https://portal.opswat.com/ (requires registration for a free account).
* /// Disclaimer: I am an employee at OPSWAT, who makes the Metascan product *

Related

What is a Cheaper, more pragmatic way to store Synced Data for a UWP App?

I am building a UWP app that targets both x86, x64 and ARM platforms. I want to replace the current implementation that uses Azure for the backed (an App Service and an SQL Server) because of the high price and because my Pay-As-You-Go subscription does not allow me to set a spending limit.
I thought about using a local database but I don't know if that could be a solution since I want the user to be able to have his data synced on both PC and phone for example. I am also ok with renouncing the idea of a structured database in favor of structured files (like xml) if I can find a way to keep them somewhere in the cloud (and then I can read/write them from the client app - no need for App Service).
Are there any free, non-trial alternatives to Azure? Or should I look more into the file storage implementation? Thanks in advance.
Instead of Azure you could use another web hosting solution to publish you API. Azure also offers small free plans that might be sufficient.
An alternative would be to request access and store/sync data to user's OneDrive. Each logged in user with Microsoft Account should have OneDrive storage available so this is a good middle-ground, which is still free for you. A nice introduction to this can be found in this article.
UWP also offers RoamingFolder where you can store small files that are synced across the devices that you use. Unfortunately this is less reliable because you are not able to control when the sync happens and cannot resolve conflicts.
I have successfully migrated to another cloud platform: Heroku. In my opinion, at least for small apps, Heroku offers the best solution both technology-wise and price-wise.
I am now able to have a webservice hosted for free in the cloud, without worring about traffic and number of requests. Of course you can scale up if you want better performance, but you can start with a free plan. Also, I have a postgressql db hosted also in the cloud, also for free (up until 10 000 records, and it will be just 9$/month if I want to upgrade to 10 milion). One can never found an offer like this free on Azure.
I had to learn a bit of Node.js (there are a lot of languages Heroku supports for backend services, but .Net is not one of them) but it was totally worth it!
Another option that is now starting to gain more and more popularity is FireBase. I will certantly also check that out for my future apps.

How to Client Side and Server Side integration of IBM TeaLeaf

I have to implement TeaLeaf analytics for our application so i am doing sample POc for android and iphone environment for hybrids application. Anyone please advice me how can i implement the TeaLeaf stuff in my POC.
Below that activity i did,
create sample app version project and add android/iphone environment
application-descriptor.xml i added IBM teaLeaf SDK
what else i have do? i was searching google and following ibm knowledge center also there is not much clarity for tutorial and how can i test in development environment.
below that link i referred :
http://www.ibm.com/support/knowledgecenter/SSHS8R_6.3.0/com.ibm.worklight.integ.doc/integ/t_tealeaf_client.html
If I understand your question correctly, it seems like you're attempting to create a connection between IBM MobileFirst Platform 6.3.0 and IBM Tealeaf. I work on integrations of IBM Tealeaf On-Cloud with client e-commerce platforms and it seems like you might be dealing with IBM Tealeaf On-Premise.
That being said, my understanding of the process for the On-Cloud implementation is that there are a few libraries you need to make sure are being included on pages you'd like Tealeaf to observe:
Tealeaf.js (distributed by IBM)
Sizzle.js
JQuery, if the page uses it ... also note that if the site uses JQuery, you need to provision from IBM the JQuery flavor of Tealeaf.js instead of the W3C flavor.
Hammer.js
Pako.js (again this assumes the On-Cloud version of Tealeaf, as this is a library for compressing data a being sent to IBM cloud-service collectors. In the On-Premise version my understanding is that this data is written to a file that is saved to the local hardware.)
How the libraries are included is something you'd decide when working with the client's server and development team - every organization has their preferences. Generally though they'd be inserted on pages that need to be monitored and the Tealeaf.js config would be edited to specify the endpoint of the collector for the regional data center on which space was provisioned for the client (in the US, either in Dallas or Washington DC.)
As for the On-Premise implementation of Tealeaf, you can jump in to the documentation here: http://www.ibm.com/support/knowledgecenter/SS2MBL/tealeaf_product_family_welcome.html

Is there any reason not to host a software repository with a standard web hosting service?

I have webspace and I was thinking of setting up a git repository on it.
If I am developing software and I want to host a repository (CVS, SVN, git, etc) online, is there any reason not to use a standard web hosting provider (GoDaddy, etc) to do this?
I'm thinking in terms of security, reliability, etc.
One reason for not using a standard-company is that usually shell-access is needed to setup a Version Control System (VCS). Many providers don't give shell access on normal webspaces.
When you are developing open-source software I'd recommend hosting at SourceForge, github, Google Code or similar providers, as your code is public there, you will get an issue tracker and several other tools that may help you. On github for example adding more developers to your project is very easy.
When you are developing closed-source software you still can use github, this gives you the same advantages as mentioned above, but of course it costs you a few bucks a month. Open-Source projects are free.
So while there is no real reason to not use standard hosting providers there are good reasons to use a company dedicated on hosting code.
As you asked especially for security: github (I use it as an example, as I host my code there as well) gives you a full list of information of what they do to ensure your code is safe.

KnowledgeLake setup for MFP

I got following from web but dont know how to set up the network printer/scanner/fax/copier (using Ricoh Afico MP 6001) for KnowledgeLake. The capture server has been setup. \srvcapture\cache
Capture for MFP
Create batches from multifunction peripherals, fax servers or any
other interface.
Enable any capture device to integrate with SharePoint
Batch import documents from multi-function devices
Watch network directories for new documents
Distribute MFPs for decentralized scanning
Support for custom Process Activities
Enable off-hours batch processing by scheduling imports
The particular information you are looking for can be found in the KnowledgeLake Capture and Capture Server documentation provided on the KnowledgeLake Support Portal at http://support.knowledgelake.com.
KnowledgeLake also has a Professional Services team that specializes in assisting in the implementation and setup of these products in customer environments.
The KnowledgeLake Technical Support team would also be more than happy to assist with any questions you may have if you put in a support ticket. This option is also available through the support portal at http://support.knowledgelake.com.
If you currently do not have an account with access to the KnowledgeLake Support Portal, you can select the "Request a New Account" button at the bottom of the previous referenced link.

Enterprise SSO & Identity management / recommendations

We've discussed SSO before. I would like to re-enhance the conversation with defined requirements, taking into consideration recent new developments.
In the past week I've been doing market research looking for answers to the following key issues:
The project should should be:
Requirements
SSO solution for web applications.
Integrates into existing developed products.
has Policy based password security (Length, Complexity, Duration and co)
Security Policy can be managed using a web interface.
Customizable user interface (the password prompt and co. screens).
Highly available (99.9%)
Scalable.
Runs on Red Hat Linux.
Nice to have
Contains user Groups & Roles.
Written in Java.
Free Software (open source) solution.
None of the solutions came up so far are "killer choice" which leads me to think I will be tooling several projects (OWASP, AcegiSecurity + X??) hence this discussion.
We are ISV delivering front-end & backend application suite. The frontend is broken into several modules which should act as autonomous unit, from client point of view he uses the "application" - which leads to this discussion regrading SSO.
I would appreciate people sharing their experience & ideas regarding the appropriete solutions.
Some solutions are interesting
CAS
Sun OpenSSO Enterprise
JBoss Identity IDM
JOSSO
Tivoli Access Manager for Enterprise Single Sign-On
Or more generally speaking this list
Thank you,
Maxim.
What about FreeIPA?
"FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 (formerly known as Fedora Directory Server), MIT Kerberos, NTP, DNS. It consists of a web interface and command-line administration tools."
If you focus on web applications, check out http://oauth.net/.
CAS has strong adoption, user-base, and a strong lead (who recently switched jobs, but is still comitted to the project). It is straightforward to integrate (if you're comfortable writing Java code/configuring Spring beans), and can do all your requirements, noteably:
SSO solution for web applications.
YES
Integrates into existing developed products.
YES (though some cleaner than others - but many modules are available for major products, and it supports common standards (SAML, OpenID).
has Policy based password security (Length, Complexity, Duration and co)
*YES - can easily be implemented, and some extensions to integrate with LDAP (probably the most common user store) are supported
Security Policy can be managed using a web interface.
NO - though one could be build fairly simply - if you're comfortable with development, and given that this is likely to be a non-trivial project, I'd recommend considering this a non-blocker given that the product is open-source
Customizable user interface (the password prompt and co. screens).
YES - easily customized through some basic HTML/CSS editing
Highly available (99.9%)
YES - both reliable, and can support multiple node/failover scenarios easily
Scalable.
YES - used in many high-traffic environments both intranet and internet
Runs on Red Hat Linux.
YES
Oracle Enterprise Single Sign-On is not what you're after - it requires a Windows executable to be deployed. Oracle Access Manager is closer to what you're after (though it's not free or Java-based).
The major commercial players in the Identity and Access Management (IAM) market space are CA, Oracle, IBM, Sun and Novell. None of these are free solutions but they have many of the features that you are looking for.
For free software, I recommend DACS: The Distributed Access Control System. I know that one department where I work has implemented this with great success. It doesn't have as many features the commercial IAM products but otherwise is a good solution.
I have used Tivoli Access Manager backing onto Websphere and IIS boxes - the way it writes access information into the page headers is very useful. On the downside, I didnt find the DB2 Ldap backend very scalable or reliable, and you know with IBM this isn't going to come cheap.
Also the asynchronous paths (junctions) used to identify different servers is a bit of a hack really eg http://mysite/myserver/myapp - a very bad idea and not thought through very well.