Expand my Community achievements bar.

SOLVED

Antivirus/Malware Scan before Uploading File in DAM AEM6.0

Avatar

Level 2
Level 2
10/15/15 7:28:24 PM

Hi All,

 

We have the following problem

All assets that are uploaded by dam-authors should be checked for Virus/Maleware before they are saved in the repository. (Upload via damadmin new>file or drag&drop)

The  Antivirus/Malware Scan is done on an additional server. The Java code for the check is already avaiable, it takes an file input stream  and returns a boolean value ( clean or not ).

What would be the best way to integreate this into AEM?
Where could we get the incomming stream from the upload and call the virus check ?
And how could we abort the upload if the check fails ?

Server is AEM 6.0 SP2

 

Thanks in advance.

Views

2.2K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
10/15/15 7:28:24 PM

You should write a filter for the "createasset" servlet and pass the input stream to the scan method. Based on the returned result you can either go on with the method or return a 500 in your filter. Something like this. 

 

BufferedInputStreamParameter[] bufParams = new BufferedInputStreamParameter[slingRequest.getRequestParameters("file").length];
for (int i = 0; i < fileRequestParameters.length; i++) { bufParams[i] = new BufferedInputStreamParameter(fileRequestParameters[i]);if (bufParams[i].getSize() > 0 && (isSimulatedFoundVirus || virusDetectService.scan(bufParams[i].getInputStream()))) {//logBechmarkInfo("Found Virus", current);      String errorMessage = String.format("Virus found for attachment %s. Post comment failed.", "\"" + bufParams[i].getFileName() + "\"");if (isCreateComment) {throw new ServletException(errorMessage); } else { slingResponse.sendError(SC_BAD_REQUEST, errorMessage);return; } } else {log.info("No virus found for file: {{}}", bufParams[i].getFileName()); } }

View solution in original post

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Employee
Employee
10/15/15 7:28:24 PM

You should write a filter for the "createasset" servlet and pass the input stream to the scan method. Based on the returned result you can either go on with the method or return a 500 in your filter. Something like this. 

 

BufferedInputStreamParameter[] bufParams = new BufferedInputStreamParameter[slingRequest.getRequestParameters("file").length];
for (int i = 0; i < fileRequestParameters.length; i++) { bufParams[i] = new BufferedInputStreamParameter(fileRequestParameters[i]);if (bufParams[i].getSize() > 0 && (isSimulatedFoundVirus || virusDetectService.scan(bufParams[i].getInputStream()))) {//logBechmarkInfo("Found Virus", current);      String errorMessage = String.format("Virus found for attachment %s. Post comment failed.", "\"" + bufParams[i].getFileName() + "\"");if (isCreateComment) {throw new ServletException(errorMessage); } else { slingResponse.sendError(SC_BAD_REQUEST, errorMessage);return; } } else {log.info("No virus found for file: {{}}", bufParams[i].getFileName()); } }

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 3
Level 3
10/26/18 6:38:46 AM

Hi Kaushal,

We got similar use case to implement. And I have created Filter for createasset servlet.

But problem is there is no "file" parameter in the request object. I can see multipart form data in request header.

BufferedInputStreamParameter[] bufParams = new BufferedInputStreamParameter[slingRequest.getRequestParameters("file").length];

I am trying to parse that data , but unable to get the file.

Any idea how can we get the file.

Thanks,

Swati

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate