Adobe Experience Manager Sites & More

michaelfrey_ecx · 10/15/15

Hi All,

We have the following problem

All assets that are uploaded by dam-authors should be checked for Virus/Maleware before they are saved in the repository. (Upload via damadmin new>file or drag&drop)

The Antivirus/Malware Scan is done on an additional server. The Java code for the check is already avaiable, it takes an file input stream and returns a boolean value ( clean or not ).

What would be the best way to integreate this into AEM?
Where could we get the incomming stream from the upload and call the virus check ?
And how could we abort the upload if the check fails ?

Server is AEM 6.0 SP2

Thanks in advance.

kaushal_mall · 10/15/15

You should write a filter for the "createasset" servlet and pass the input stream to the scan method. Based on the returned result you can either go on with the method or return a 500 in your filter. Something like this.

BufferedInputStreamParameter[] bufParams = new BufferedInputStreamParameter[slingRequest.getRequestParameters("file").length];

for (int i = 0; i < fileRequestParameters.length; i++) { bufParams[i] = new BufferedInputStreamParameter(fileRequestParameters[i]);if (bufParams[i].getSize() > 0 && (isSimulatedFoundVirus || virusDetectService.scan(bufParams[i].getInputStream()))) {//logBechmarkInfo("Found Virus", current);      String errorMessage = String.format("Virus found for attachment %s. Post comment failed.", "\"" + bufParams[i].getFileName() + "\"");if (isCreateComment) {throw new ServletException(errorMessage); } else { slingResponse.sendError(SC_BAD_REQUEST, errorMessage);return; } } else {log.info("No virus found for file: {{}}", bufParams[i].getFileName()); } }

View solution in original post

kaushal_mall · 10/15/15

You should write a filter for the "createasset" servlet and pass the input stream to the scan method. Based on the returned result you can either go on with the method or return a 500 in your filter. Something like this.

BufferedInputStreamParameter[] bufParams = new BufferedInputStreamParameter[slingRequest.getRequestParameters("file").length];

for (int i = 0; i < fileRequestParameters.length; i++) { bufParams[i] = new BufferedInputStreamParameter(fileRequestParameters[i]);if (bufParams[i].getSize() > 0 && (isSimulatedFoundVirus || virusDetectService.scan(bufParams[i].getInputStream()))) {//logBechmarkInfo("Found Virus", current);      String errorMessage = String.format("Virus found for attachment %s. Post comment failed.", "\"" + bufParams[i].getFileName() + "\"");if (isCreateComment) {throw new ServletException(errorMessage); } else { slingResponse.sendError(SC_BAD_REQUEST, errorMessage);return; } } else {log.info("No virus found for file: {{}}", bufParams[i].getFileName()); } }

swathiv54399501 · 10/26/18

Hi Kaushal,

We got similar use case to implement. And I have created Filter for createasset servlet.

But problem is there is no "file" parameter in the request object. I can see multipart form data in request header.

BufferedInputStreamParameter[] bufParams = new BufferedInputStreamParameter[slingRequest.getRequestParameters("file").length];

I am trying to parse that data , but unable to get the file.

Any idea how can we get the file.

Thanks,

Swati

Adobe Experience Manager Sites & More

Antivirus/Malware Scan before Uploading File in DAM AEM6.0

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe