6 Replies Latest reply on Feb 21, 2013 11:35 PM by u005078

    How to do virus scanning within the repository?

    u005078 Level 1

      Is there an opportunity to do virus scanning of the content path. If we allow users to upload files to the repository, we must ensure that they are not infected. So what we would need is an immediate inspection of uploads and, from time to time a full inspection of the repository and/or a immediate inspection of downloads. Is there already a solution available and if not how do you deal with this problem.

       

      Ulrich

        • 1. Re: How to do virus scanning within the repository?
          Jörg Hoh Adobe Employee

          My solution: Do not allow direct uploads to smartimage component. Only allow upload via DAM asset upload. Then add a custom workflowstep to the DAM update workflow, which does the virus scanning.

           

          If you need to scan the repository every know and then, I would opt for a solution which reads binary data from the repository and feeds it via a network connection directly to a virus scanner (not spawning a process for every binary).

           

          And in any case, there are appliances, which claim to scan network traffic in realtime. You can set these in front of your publishs so they are able to scan the incoming and outgoing traffic.

           

          Jörg

          • 2. Re: How to do virus scanning within the repository?
            u005078 Level 1

            I agree in all of your suggestions. The complete repository has to be scanned to protect the system from the authors and the admins. And to make sure, that there isn't a newer signature which detects a virus which has been overlooked before.

            An appliance would solve this all but it is probably too expensive.

            But nevertheless, we are hopefully not the only company with this problem; it might be most interesting to see how they answered this question.

             

            Ulrich

            • 3. Re: How to do virus scanning within the repository?
              Jörg Hoh Adobe Employee

              According to my experience this is a rather rare requirement.

               

              Jörg

              • 4. Re: How to do virus scanning within the repository?
                u005078 Level 1

                You are obviously right - nobody else reponded to this thread.

                 

                So I will start now. For now the request is to do a daily scanning of the repository. This might be more than just iterating through the DAM-folder.

                 

                I plan to create a batch-java which connects to the repository (via WebDAV?), iterates through the content-folder (or issues a XPath-search-request or a query) to detect all "files". 

                But what is  a sufficient criteria to match all files? For now I would look for "primarType=nt:file" and inspect the property "jcr:data" from the child-node "jcr:content". But from my understanding there might be other (customer defined) node-types hosting files. How do I know these?

                I would like to avoid a tightly coupling between CRX-Layout and the scanner-program if possible.

                 

                Ulrich

                • 5. Re: How to do virus scanning within the repository?
                  Jörg Hoh Adobe Employee

                  Hi Ulrich,

                   

                  as a last comment on this: Do not blindly trust an advice given to you from a stranger in a forum.

                   

                  I don't know all the requirements and variables in your project, so there might be a better solution for you. Please contact an experienced CQ5 architect for this specific problem on your project.

                   

                  cheers,

                  Jörg

                  • 6. Re: How to do virus scanning within the repository?
                    u005078 Level 1

                    Thank you for your advice. I had already talked to an Adobe Technical Architect. And after this and considering the amount of ideas posted here I would estimate, there is not much experience in this field. But nevertheless you are right and be ensured I'm always aware that a forum doesn't provide guarantees and what I do I always do at own risk.

                    Ulrich