Explaining the Domino CScan token
Daniel Nashed – 25 March 2026 23:43:39
Now that ClamAV integration shipped in 14.5.1 hopefully more admins look into CScan.
CScan for mail flow scan is very straightforward to configure. The configuration database document now defaults to ClamAV with the default parameters.
There some details about the implementation which are not well known but eventually good to know.
There is a Scan Token added when the document is scanned. This token avoids rescan the document on the next hup as long the virus scan signature does not change.
Technically the token is a JWT which you can decode and read. Each server creates a key stored in it's CScan server document.
The key is encrypted for the server and there is a public key to validate the token.
The token contains the information about the server and time when the document was scanned, a hash, a thumb print of the signing key to find the right signing key.
It contains also the scan version and pattern and the configuration.
There is also a hash built based on the attachments in some way to avoid re-scanning and to check if attachments changed.
Here is an example token which could be useful to know:
Field Name: $$CScanToken
Data Type: Text
Data Length: 644 bytes
Seq Num: 1
Dup Item ID: 0
Field Flags: SUMMARY
"eyJ0eXAiOiAiSldUIiwgImFsZyI6ICJFZERTQSJ9.eyJ2ZXJzaW9uIjoxLCJpc3N1ZXIiOiJEb21pbm8gQ29udGVudCBTY2FuIiwiY3JlYXRlZCI6IjIwMjYwMzIxVDE5NDE1OSwxMyswMCIsInNlcnZlciI6IkNOPXJheS5sYWIuZG51Zy5ldS9PPWRudWctbGFiIiwic2NhblZlcnNpb24iOiJDbGFtQVYgMS41LjEvMjc5NDciLCJjb25maWdEYiI6IjAwMjU4ODUyMTA3RUQ1NTIiLCJjb25maWdJRCI6IkIyODdDRTBDOUM1N0NCMkUwMDI1OEFCMTAwNTQxNjg1IiwiY29uZmlnTmFtZSI6ImNsYW1hdi1sYWIiLCJ2ZXJpZmljYXRpb25IYXNoIjoiRjJDM0IwOTA1RTAxMjQ0Qzk3Qjg5MDJDNzI3MjVEOUQ4RENDMERGMSIsImtleVRodW1icHJpbnQiOiJzMTFsSUxDeWVfbUk3NEpGZmlkYm5wbWsxY1EiLCJoYXNoQWxnb3JpdGhtIjoiU0hBMSJ9.Pe8ntQ0WaiDH8xksK2gK_8034uRul4qkFWD5GYp1iZKBET1_D-vqsiFs35X0DqUgNCHACWD0wINJ3ErE5OqbAw"
---
{
"version": 1,
"issuer": "Domino Content Scan",
"created": "20260321T194159,13+00",
"server": "CN=ray.lab.dnug.eu/O=dnug-lab",
"scanVersion": "ClamAV 1.5.1/27947",
"configDb": "00258852107ED552",
"configID": "B287CE0C9C57CB2E00258AB100541685",
"configName": "clamav-lab",
"verificationHash": "F2C3B0905E01244C97B8902C72725D9D8DCC0DF1",
"keyThumbprint": "s11lILCye_mI74JFfidbnpmk1cQ",
"hashAlgorithm": "SHA1"
}
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}