Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Antivirus/Malware Scan before Uploading File in DAM AEM6.0

michaelfrey_ecx
Level 2
Level 2

Hi All,

 

We have the following problem

All assets that are uploaded by dam-authors should be checked for Virus/Maleware before they are saved in the repository. (Upload via damadmin new>file or drag&drop)

The  Antivirus/Malware Scan is done on an additional server. The Java code for the check is already avaiable, it takes an file input stream  and returns a boolean value ( clean or not ).

What would be the best way to integreate this into AEM?
Where could we get the incomming stream from the upload and call the virus check ?
And how could we abort the upload if the check fails ?

Server is AEM 6.0 SP2

 

Thanks in advance.

1 Accepted Solution
kaushal_mall
Correct answer by
Employee
Employee

You should write a filter for the "createasset" servlet and pass the input stream to the scan method. Based on the returned result you can either go on with the method or return a 500 in your filter. Something like this. 

 

BufferedInputStreamParameter[] bufParams = new BufferedInputStreamParameter[slingRequest.getRequestParameters("file").length];
for (int i = 0; i < fileRequestParameters.length; i++) { bufParams[i] = new BufferedInputStreamParameter(fileRequestParameters[i]);if (bufParams[i].getSize() > 0 && (isSimulatedFoundVirus || virusDetectService.scan(bufParams[i].getInputStream()))) {//logBechmarkInfo("Found Virus", current);      String errorMessage = String.format("Virus found for attachment %s. Post comment failed.", "\"" + bufParams[i].getFileName() + "\"");if (isCreateComment) {throw new ServletException(errorMessage); } else { slingResponse.sendError(SC_BAD_REQUEST, errorMessage);return; } } else {log.info("No virus found for file: {{}}", bufParams[i].getFileName()); } }

View solution in original post

2 Replies
kaushal_mall
Correct answer by
Employee
Employee

You should write a filter for the "createasset" servlet and pass the input stream to the scan method. Based on the returned result you can either go on with the method or return a 500 in your filter. Something like this. 

 

BufferedInputStreamParameter[] bufParams = new BufferedInputStreamParameter[slingRequest.getRequestParameters("file").length];
for (int i = 0; i < fileRequestParameters.length; i++) { bufParams[i] = new BufferedInputStreamParameter(fileRequestParameters[i]);if (bufParams[i].getSize() > 0 && (isSimulatedFoundVirus || virusDetectService.scan(bufParams[i].getInputStream()))) {//logBechmarkInfo("Found Virus", current);      String errorMessage = String.format("Virus found for attachment %s. Post comment failed.", "\"" + bufParams[i].getFileName() + "\"");if (isCreateComment) {throw new ServletException(errorMessage); } else { slingResponse.sendError(SC_BAD_REQUEST, errorMessage);return; } } else {log.info("No virus found for file: {{}}", bufParams[i].getFileName()); } }

View solution in original post

swathiv54399501
Level 3
Level 3

Hi Kaushal,

We got similar use case to implement. And I have created Filter for createasset servlet.

But problem is there is no "file" parameter in the request object. I can see multipart form data in request header.

BufferedInputStreamParameter[] bufParams = new BufferedInputStreamParameter[slingRequest.getRequestParameters("file").length];

I am trying to parse that data , but unable to get the file.

Any idea how can we get the file.

Thanks,

Swati