Request for Feature Enhancement (RFE) Summary: |
Enterprise level applications with the option to be able to upload binaries require anti-malware protection. Also, most enterprise policies require "Anti-malware" to be implemented to be compliant.
In the AdaptTo()-2020 several ways to implement "Anti-Malware in AEM" were proposed [0][2].
The solution by Oliver Lietz (Sling Contributor) has the charm, that the malware scanning would be implemented on SLING level using SlingJobs (which would work across the Author Cluster in AEMaaCS), with a "CloudService" which is used to scan the binaries outside of the AEM instances - which seems to be compatible with AEMaaCS and it's Cloud-Services (Cloud-Blob-Store, Asset Microservices etc, ... ) . This solution, if implemented, could likely use a very scaleable "Anti-Malware scanning Backend" within "Containerization", which would be massively scalable, and though HTTP-requests very loosely oupled to AEM.
|
Use-case: | Cloud-based "OOTB Anti-Maleware Scanning as a Service" in AEM Cloud Service (similar to "Asset Microservice"). Each larger customer is required to have "Anti-Malware-protection/scanning" for compliance as well as to be save to deliver "assets" to customers and users. |
Current/Experienced Behavior: | NO solution to scan for Malware is available on AEM Cloud Service (AEMaaCS) - neither OOTB nor custom! |
Improved/Expected Behavior: | AEM Cloud Service should can each binary (and possibly strings) for malware - best as "Service within AEM Cloud Service". |
Environment Details (AEM version/service pack, any other specifics if applicable): | AEM Could Service |
Customer-name/Organization name: | Many Cloud Service customers (really, many!) |
Screenshot (if applicable): | |
Code package (if applicable): |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.