Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Implement "Anti Virus" (Anti Maleware) scans in AEM Cloud Service (AEMaaCS) - "Anti-Malware as a Cloud Service"

Avatar

Robert_Wunsch
Level 2

4/27/21

Request for Feature Enhancement (RFE) Summary:

Enterprise level applications with the option to be able to upload binaries require anti-malware protection. Also, most enterprise policies require "Anti-malware" to be implemented to be compliant.


AEM does not provide any means of Anti-Virus OOTB, but there are solutions which can be used in "on-premise" and AMS (managed Service) scenarios.

However, in AEMaaCS (Cloud Service) there is no option, and no way to create a "customization" to be able to implement anti-virus/malware-protection.

 

In the AdaptTo()-2020 several ways to implement "Anti-Malware in AEM" were proposed [0][2].

 

The solution by Oliver Lietz (Sling Contributor) has the charm, that the malware scanning would be implemented on SLING level using SlingJobs (which would work across the Author Cluster in AEMaaCS), with a "CloudService" which is used to scan the binaries outside of the AEM instances - which seems to be compatible with AEMaaCS and it's Cloud-Services (Cloud-Blob-Store, Asset Microservices etc, ... ) .

This solution, if implemented, could likely use a very scaleable "Anti-Malware scanning Backend" within "Containerization", which would be massively scalable, and though HTTP-requests very loosely oupled to AEM.


[0] https://adapt.to/2020/en/schedule/scanning-for-malware-in-apache-sling-and-aem.html 

[1] https://github.com/apache/sling-org-apache-sling-clam 

[2] https://adapt.to/2020/en/schedule/aem-virus-scan.html 
Use-case: Cloud-based "OOTB Anti-Maleware Scanning as a Service" in AEM Cloud Service (similar to "Asset Microservice").
Each larger customer is required to have "Anti-Malware-protection/scanning" for compliance as well as to be save to deliver "assets" to customers and users.
Current/Experienced Behavior: NO solution to scan for Malware is available on AEM Cloud Service (AEMaaCS) - neither OOTB nor custom!
Improved/Expected Behavior: AEM Cloud Service should can each binary (and possibly strings) for malware - best as "Service within AEM Cloud Service".
Environment Details (AEM version/service pack, any other specifics if applicable): AEM Could Service
Customer-name/Organization name: Many Cloud Service customers (really, many!) 
Screenshot (if applicable):  
Code package (if applicable):  
12 Comments

Avatar

HansVinje
Level 1

2/26/25

Hi, we have a similar requirement and are happy to see this is already an accepted enhancements. Would be interested to see a high level ETA on this? Thanks for your time and guidance.

Avatar

rwunsch-adobe
Employee

2/26/25

We cannot really talk about it from Adobe side, each possible ETA we might share will very likely change.

As far as I know some implementation has been executed on it, and an Early-Adopter program has started.

It now depends on the findings and value the implementation provides (on customer feedback), if and when this solution which has been created will be made publically available. 
I personally expect something to be announced in 2025 - but it could move into 2026 as well.

Reply
Related Conversations
Unable to specify full path for link in new CF editor

Views

302

Likes

0

Replies

0
CF Picker cannot be used in the new CF Editor

Views

300

Likes

0

Replies

0
Can we update the way folders and assets are handled in AEM

Views

475

Likes

0

Replies

0
Process for Sonar Rules Update in Cloud Manager

Views

143

Like

1

Replies

1
Can we have nested Namespaces in AEM?

Views

136

Likes

0

Replies

0