Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

Virus Scan for assets uploaded to DAM

debasis-swain
Level 3
Level 3

How can we do a virus scanning of assets before uploading to DAM in AEM 6.4?

3 Replies
Jörg_Hoh
Employee
Employee

If it's ok to have the data already in AEM before you do the scan, adding a step in the asset update workflow should do the trick. You need to build the connector to the scanning engine yourself, AEM doesn't offer anything ootb.

If you cannot do that you need to intercept the data being uploaded, stream it through the scanning engine and the continue the upload. You could do that with a servlet filter, which streams to a local file, scan that file and the continue the upload.

But when you are at it, you might want to schedule a job to peridically scan all assets again, you might upload today some malware, which is not detected by today's signatures, but the signatures will be added in a week. And then you should be able to detect it and handle it appropriately.

debasis-swain
Level 3
Level 3

Hi Jorg,

Thanks a lot for the reply.

I will prefer to go with intercepting the data before it is uploaded.

Is it possible to have some reference of how to intercept the data before upload.

I am using AEM6.4

Thanks,

Debasis

Jörg_Hoh
Employee
Employee

I would start with a servlet filter, which consumes the request body, stores it into a file on disk, invokes the scan of it and then continues with the filter chain (probably wrapping the request and stream the "body" from the file).

Jörg