Highlighted

Virus Scan for assets uploaded to DAM

debasis-swain

27-08-2018

How can we do a virus scanning of assets before uploading to DAM in AEM 6.4?

Replies

Highlighted

Jörg_Hoh

Employee

27-08-2018

If it's ok to have the data already in AEM before you do the scan, adding a step in the asset update workflow should do the trick. You need to build the connector to the scanning engine yourself, AEM doesn't offer anything ootb.

If you cannot do that you need to intercept the data being uploaded, stream it through the scanning engine and the continue the upload. You could do that with a servlet filter, which streams to a local file, scan that file and the continue the upload.

But when you are at it, you might want to schedule a job to peridically scan all assets again, you might upload today some malware, which is not detected by today's signatures, but the signatures will be added in a week. And then you should be able to detect it and handle it appropriately.

Highlighted

debasis-swain

27-08-2018

Hi Jorg,

Thanks a lot for the reply.

I will prefer to go with intercepting the data before it is uploaded.

Is it possible to have some reference of how to intercept the data before upload.

I am using AEM6.4

Thanks,

Debasis

Highlighted

Jörg_Hoh

Employee

27-08-2018

I would start with a servlet filter, which consumes the request body, stores it into a file on disk, invokes the scan of it and then continues with the filter chain (probably wrapping the request and stream the "body" from the file).

Jörg