Expand my Community achievements bar.

Implement "Anti Virus" (Anti Maleware) scans in AEM Cloud Service (AEMaaCS) - "Anti-Malware as a Cloud Service"

Avatar

Level 2

4/27/21

Request for Feature Enhancement (RFE) Summary:

Enterprise level applications with the option to be able to upload binaries require anti-malware protection. Also, most enterprise policies require "Anti-malware" to be implemented to be compliant.


AEM does not provide any means of Anti-Virus OOTB, but there are solutions which can be used in "on-premise" and AMS (managed Service) scenarios.

However, in AEMaaCS (Cloud Service) there is no option, and no way to create a "customization" to be able to implement anti-virus/malware-protection.

 

In the AdaptTo()-2020 several ways to implement "Anti-Malware in AEM" were proposed [0][2].

 

The solution by Oliver Lietz (Sling Contributor) has the charm, that the malware scanning would be implemented on SLING level using SlingJobs (which would work across the Author Cluster in AEMaaCS), with a "CloudService" which is used to scan the binaries outside of the AEM instances - which seems to be compatible with AEMaaCS and it's Cloud-Services (Cloud-Blob-Store, Asset Microservices etc, ... ) .

This solution, if implemented, could likely use a very scaleable "Anti-Malware scanning Backend" within "Containerization", which would be massively scalable, and though HTTP-requests very loosely oupled to AEM.


[0] https://adapt.to/2020/en/schedule/scanning-for-malware-in-apache-sling-and-aem.html 

[1] https://github.com/apache/sling-org-apache-sling-clam 

[2] https://adapt.to/2020/en/schedule/aem-virus-scan.html 

Use-case: Cloud-based "OOTB Anti-Maleware Scanning as a Service" in AEM Cloud Service (similar to "Asset Microservice").
Each larger customer is required to have "Anti-Malware-protection/scanning" for compliance as well as to be save to deliver "assets" to customers and users.
Current/Experienced Behavior: NO solution to scan for Malware is available on AEM Cloud Service (AEMaaCS) - neither OOTB nor custom!
Improved/Expected Behavior: AEM Cloud Service should can each binary (and possibly strings) for malware - best as "Service within AEM Cloud Service".
Environment Details (AEM version/service pack, any other specifics if applicable): AEM Could Service
Customer-name/Organization name: Many Cloud Service customers (really, many!) 
Screenshot (if applicable):  
Code package (if applicable):  
10 Comments

Avatar

Employee

5/7/21

Hi @Robert_Wunsch 

This request has been raised to the product team via the Jira GRANITE-34516. The product team will triage this request to verify feasibility based on prioritization model. This post will be updated according to the Jira request status.

Status changed to: Investigating

Avatar

Level 1

1/18/23

Hi @hamidk92094312
are there any updates on this request? The feature described by @Robert_Wunsch is very important for our client, and can be crucial in the decision to chose between cloud and on-prem AEM.

Thanks,

Wojtek

Avatar

Employee

1/18/23

@w0jtek 

Thanks for following up on this item. The feature is being planned for implementation. It means there is multiple feasibility analysis/approach that should be performed before implementing a feature. I changed the status to "accepted" for now since the product team is actively working on this feature. Please note that this is not a guarantee for feature implementation at this point. That will be known when we have an implementation approval and timeline.

Status changed to: Accepted

Avatar

Level 1

10/2/23

Hi @hamidk92094312, Any updates on GRANITE-34516? Do we already have a defined timeline for when we can expect this feature on AEMaaCS? Thanks! 

Avatar

Employee

10/2/23

Hi @b_gowda 

I wish I could provide a timeline but checked the status and verified this request is being actively worked on.

Thanks for understanding and following up on this.

Avatar

Administrator

11/26/24

@Robert_Wunsch This request is acknowledged and the work is under development and will be tracked reference number ASSETS-4391. 

Status changed to: Accepted

Avatar

Employee

11/26/24

Thank you for your efforts and feedback, @kautuk_sahni ! 
I also apprciate that you provide the reference to the JIRA, this helps in tracking the progress.

I am very curious about what design the antivirus feature might have which will be created - and if it will require an additional license.

Thanks and cheers - Robert