Skip to Content
Technical Articles
Author's profile photo Kamlesh Zanje

Malware scanner in SAP Cloud Integration

Introduction

With the 6.12.x release, SAP Cloud Integration provides a self-service capability in Cloud foundry environment to scan for the malware in files like integration artifacts and its resources, and documents within integration packages.This feature is described in the SAP Help Portal ( see Malware scanner in SAP Cloud Integration).

In this blog, I would like to give a brief overview of this feature.

New with SAP Cloud Integration May 2021 release (6.13.x).

With this release, the files that are supported by the malware scanner are

  • OData API artifacts.
  • Keystore files like – X.509 certificate, key pair, and keystore.

  • BinaryParameters resources when created for the Partner Directory using the OData API.

Please refer the SAP Cloud Integration 6.13.x release section for details.

New with SAP Cloud Integration June 2021 release (6.15.x).

Malware scanning during the upload of Integration Package is functioning. You can experience this behavior and share your feedback in the comment section.

What is Malware scanner

Malware scanner is a feature in SAP Cloud Integration which allows to detect malware and malicious content in an uploaded file and prevent your tenant from a malicious attack.

Why Malware scanner

Integration developers of the tenant upload various files like integration packages, documents of integration packages, integration artifacts and its resources, security material, keystore files and JDBC driver to the tenant. Such files are prone to malware attacks, which in turn, compromises the security of the tenant. Hence to prevent this situation, the malware scanner capability has been introduced.

How to activate and use malware scanner

Activation and deactivation of the malware scanner is achieved through a self-service in the Tenant Settings view. By default, the scanner is disabled. Only the tenant administrator has a privilege to activate/deactivate this feature in the tenant.

Image 1: Malware scanner in the Tenant Settings View.

 

To activate malware scanner, click the Edit button, activate malware scan, and save the settings.Image 2: Edit the malware scanner page to change the configuration.

Image 3: Activate and save malware scan settings.

 

Let us now experience how the malware scanner detects the malicious content in the files during the upload.

Upload an integration flow project which has a malware and then click OK.Image 4: Upload the Integration flow project that has a malware.

 

On click of OK, malware scanner will scan integration flow project for a malware and on detection of the virus, the upload operation will be disrupted, and error will be reported.Image 5: Malware scanner detects the malicious content in an uploaded Integration flow “iflow test for malware”.

 

As mentioned, in the beginning of blog, we have enabled malware scanner to detect malicious content in resources of integration artifact and documents uploaded in the integration package.

Let us experience how the scan works during the upload of the archive resource (e.g. Jar file).

Open the integration flow, navigate to the Resources property tab to upload the archive resource.Image 6: Scan archive resource for a malware detection.

 

Upload archive resource from the resource uploader and click “Add” action.Image 7:  Upload archive resource from the resource uploader.

 

On click of “Add” action of the dialog, the Malware scanner will scan for malicious content and will report an error when malware is detected.Image 8: Malware detected in the archive resource.

 

Note:  With malware scan enabled, files of larger size can take a longer time to upload than when it’s disabled.

SAP Cloud Integration 6.13.x release

With the 6.13.x release, SAP Cloud Integration provides a self-service capability in Cloud foundry environment to scan for the malware during the upload of following files :

  • OData API design time artifact.
  • Keystore files like – X.509 certificate, key pair, and keystore.

  • BinaryParameters resources when created for the Partner Directory using the OData API.

Note : Though not supported by the malware scanner, security materials like Known Host files, PGP public keyrings, and PGP secret keyrings are validated for format during upload. This format check prevents the upload of malicious content.

 

Next steps:

In the successive increments, we have plans to enable detection of malware during the upload of following files.

  1. JDBC driver files.

Conclusion

Hope this feature will enable you to detect the malicious content which are prone to malware attacks and makes your tenant free from virus.

In case of questions or feedback, please feel free to comment on this blog.

Assigned Tags

      16 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Gurbir Brar
      Gurbir Brar

      Thanks for putting this blog together Kamlesh. When is SCI version 6.12.X expected to release?

      Author's profile photo Kamlesh Zanje
      Kamlesh Zanje
      Blog Post Author

      Hello Gurbir,

      This SCI version is already released and updated in few Data centers. Can you please let me know on which DC your tenant is hosted. Probably then I can share the expected timelines.

      Regards,

      Kamlesh.

      Author's profile photo Maik Offerle
      Maik Offerle

      Kamlesh Zanje any plans to release this also for Neo customers?

      Author's profile photo Kamlesh Zanje
      Kamlesh Zanje
      Blog Post Author

      Hello Maik,

      The primary focus is to bring all the mentioned deliverables in CF. However there were some discussion to bring this in NEO as well, but nothing has been concretely decided.

      What would be your view on the similar self service capability in NEO ?

      Thanks & Regards,

      Kamlesh.

      Author's profile photo Maik Offerle
      Maik Offerle

      Hi Kamlesh Zanje

      I think it would be also a nice feature for NEO customers

      Best regards

      Maik

      Author's profile photo Kamlesh Zanje
      Kamlesh Zanje
      Blog Post Author

      Hello Maik,

      Thanks for sharing your view.

      Regards,

      Kamlesh.

      Author's profile photo Gurbir Brar
      Gurbir Brar

      Hi Kamlesh,

      CF subaccount is hosted in US East (VA).

      Thanks,

      Gurbir

      Author's profile photo Kamlesh Zanje
      Kamlesh Zanje
      Blog Post Author

      Hello Gurbir,

      It will be updated to 6.12.11 version this weekend. Please do share your feature consumption experience.

      Regards,

      Kamlesh.

      Author's profile photo Raffael Herrmann
      Raffael Herrmann

      Hi Kamlesh Zanje ,

      it looks like there's a bug. I can see the Malware option in the tenant's settings, but when I click the button nothing happens (=the configuration page doesn't show up). Also the button's text looks a little bit fishy... Is this a known bug?

      Our CPI runs on CF. The datacenter is "EU10" and the CPI build is 6.12.12.

      Best regards,
      Raffael

      Author's profile photo Kamlesh Zanje
      Kamlesh Zanje
      Blog Post Author

      Hello Raffael,

      We haven't experienced this bug so far.

      But let me quickly check this probable issue in one of the tenant in "EU10" DC.

      I'll revert back to you.

      Regards,

      Kamlesh.

      Author's profile photo Kamlesh Zanje
      Kamlesh Zanje
      Blog Post Author

      Hello Raffael,

      Issue is resolved. Please open the itspaces application in a new browser and test.

      Regards,

      Kamlesh.

      Author's profile photo HareshaReddy H
      HareshaReddy H

      Hi Kamlesh,

      Even for EU20 and current version is 6.12.12., I am seeing the same bug, kindly check once.

      Regards,

      Haresha Reddy

      Author's profile photo Kamlesh Zanje
      Kamlesh Zanje
      Blog Post Author

      Hello Raffael/Haresha,

      We have identified the issue and it is drilled down to be a cache issue. We will provide a resolution asap.

      Regards,

      Kamlesh.

      Author's profile photo Kamlesh Zanje
      Kamlesh Zanje
      Blog Post Author

      Hello Haresh,

      Issue is resolved. Please open the itspaces application in a new browser and test.

      Regards,

      Kamlesh.

      Author's profile photo HareshaReddy H
      HareshaReddy H

      Hi Kamlesh,

       

      Thanks for the update, now able to see the option is malware scanner.

       

      Regards,

      Haresha Reddy

      Author's profile photo Kamlesh Zanje
      Kamlesh Zanje
      Blog Post Author

      Happy to hear from you that the issue is fixed and now you can see the malware scanner in tenant settings view.