Skip to Content
Technical Articles

Malware scanner in SAP Cloud Integration

Introduction

With the 6.12.x release, SAP Cloud Integration provides a self-service capability in Cloud foundry environment to scan for the malware in files like integration artifacts and its resources, and documents within integration packages.This feature is described in the SAP Help Portal ( see Malware scanner in SAP Cloud Integration).

In this blog, I would like to give a brief overview of this feature.

What is Malware scanner

Malware scanner is a feature in SAP Cloud Integration which allows to detect malware and malicious content in an uploaded file and prevent your tenant from a malicious attack.

Why Malware scanner

Integration developers of the tenant upload various files like integration packages, documents of integration packages, integration artifacts and its resources, security material, keystore files and JDBC driver to the tenant. Such files are prone to malware attacks, which in turn, compromises the security of the tenant. Hence to prevent this situation, the malware scanner capability has been introduced.

How to activate and use malware scanner

Activation and deactivation of the malware scanner is achieved through a self-service in the Tenant Settings view. By default, the scanner is disabled. Only the tenant administrator has a privilege to activate/deactivate this feature in the tenant.

Image 1: Malware scanner in the Tenant Settings View.

 

To activate malware scanner, click the Edit button, activate malware scan, and save the settings.Image 2: Edit the malware scanner page to change the configuration.

Image 3: Activate and save malware scan settings.

 

Let us now experience how the malware scanner detects the malicious content in the files during the upload.

Upload an integration flow project which has a malware and then click OK.Image 4: Upload the Integration flow project that has a malware.

 

On click of OK, malware scanner will scan integration flow project for a malware and on detection of the virus, the upload operation will be disrupted, and error will be reported.Image 5: Malware scanner detects the malicious content in an uploaded Integration flow “iflow test for malware”.

 

As mentioned, in the beginning of blog, we have enabled malware scanner to detect malicious content in resources of integration artifact and documents uploaded in the integration package.

Let us experience how the scan works during the upload of the archive resource (e.g. Jar file).

Open the integration flow, navigate to the Resources property tab to upload the archive resource.Image 6: Scan archive resource for a malware detection.

 

Upload archive resource from the resource uploader and click “Add” action.Image 7:  Upload archive resource from the resource uploader.

 

On click of “Add” action of the dialog, the Malware scanner will scan for malicious content and will report an error when malware is detected.Image 8: Malware detected in the archive resource.

 

Note:  With malware scan enabled, files of larger size can take a longer time to upload than when it’s disabled.

Next steps:

In the successive increments, we have plans to:

  1. Detect malware during the upload of the following files
    • OData API artifacts
    • Security materials
    • Keystore files
    • JDBC driver files
    • Integration packages
  2. Detect malware during the download of files.
  3. Improve the performance of the malware scanner.

Conclusion

Hope this feature will enable you to detect the malicious content which are prone to malware attacks and makes your tenant free from virus.

In case of questions or feedback, please feel free to comment on this blog.

8 Comments
You must be Logged on to comment or reply to a post.