Skip to Content
Technical Articles

Malware scanner in SAP Cloud Integration

Introduction

With the 6.12.x release, SAP Cloud Integration provides a self-service capability in Cloud foundry environment to scan for the malware in files like integration artifacts and its resources, and documents within integration packages.This feature is described in the SAP Help Portal ( see Malware scanner in SAP Cloud Integration).

In this blog, I would like to give a brief overview of this feature.

New with SAP Cloud Integration May 2021 release (6.13.x).

With this release, the files that are supported by the malware scanner are

  • OData API artifacts.
  • Keystore files like – X.509 certificate, key pair, and keystore.

  • BinaryParameters resources when created for the Partner Directory using the OData API.

Please refer the SAP Cloud Integration 6.13.x release section for details.

New with SAP Cloud Integration June 2021 release (6.15.x).

Malware scanning during the upload of Integration Package is functioning. You can experience this behavior and share your feedback in the comment section.

What is Malware scanner

Malware scanner is a feature in SAP Cloud Integration which allows to detect malware and malicious content in an uploaded file and prevent your tenant from a malicious attack.

Why Malware scanner

Integration developers of the tenant upload various files like integration packages, documents of integration packages, integration artifacts and its resources, security material, keystore files and JDBC driver to the tenant. Such files are prone to malware attacks, which in turn, compromises the security of the tenant. Hence to prevent this situation, the malware scanner capability has been introduced.

How to activate and use malware scanner

Activation and deactivation of the malware scanner is achieved through a self-service in the Tenant Settings view. By default, the scanner is disabled. Only the tenant administrator has a privilege to activate/deactivate this feature in the tenant.

Image 1: Malware scanner in the Tenant Settings View.

 

To activate malware scanner, click the Edit button, activate malware scan, and save the settings.Image 2: Edit the malware scanner page to change the configuration.

Image 3: Activate and save malware scan settings.

 

Let us now experience how the malware scanner detects the malicious content in the files during the upload.

Upload an integration flow project which has a malware and then click OK.Image 4: Upload the Integration flow project that has a malware.

 

On click of OK, malware scanner will scan integration flow project for a malware and on detection of the virus, the upload operation will be disrupted, and error will be reported.Image 5: Malware scanner detects the malicious content in an uploaded Integration flow “iflow test for malware”.

 

As mentioned, in the beginning of blog, we have enabled malware scanner to detect malicious content in resources of integration artifact and documents uploaded in the integration package.

Let us experience how the scan works during the upload of the archive resource (e.g. Jar file).

Open the integration flow, navigate to the Resources property tab to upload the archive resource.Image 6: Scan archive resource for a malware detection.

 

Upload archive resource from the resource uploader and click “Add” action.Image 7:  Upload archive resource from the resource uploader.

 

On click of “Add” action of the dialog, the Malware scanner will scan for malicious content and will report an error when malware is detected.Image 8: Malware detected in the archive resource.

 

Note:  With malware scan enabled, files of larger size can take a longer time to upload than when it’s disabled.

SAP Cloud Integration 6.13.x release

With the 6.13.x release, SAP Cloud Integration provides a self-service capability in Cloud foundry environment to scan for the malware during the upload of following files :

  • OData API design time artifact.
  • Keystore files like – X.509 certificate, key pair, and keystore.

  • BinaryParameters resources when created for the Partner Directory using the OData API.

Note : Though not supported by the malware scanner, security materials like Known Host files, PGP public keyrings, and PGP secret keyrings are validated for format during upload. This format check prevents the upload of malicious content.

 

Next steps:

In the successive increments, we have plans to enable detection of malware during the upload of following files.

  1. JDBC driver files.

Conclusion

Hope this feature will enable you to detect the malicious content which are prone to malware attacks and makes your tenant free from virus.

In case of questions or feedback, please feel free to comment on this blog.

17 Comments
You must be Logged on to comment or reply to a post.