Technical Articles
Malware scanner in SAP Cloud Integration
Introduction
With the 6.12.x release, SAP Cloud Integration provides a self-service capability in Cloud foundry environment to scan for the malware in files like integration artifacts and its resources, and documents within integration packages.This feature is described in the SAP Help Portal ( see Malware scanner in SAP Cloud Integration).
In this blog, I would like to give a brief overview of this feature.
New with SAP Cloud Integration May 2021 release (6.13.x).
With this release, the files that are supported by the malware scanner are
- OData API artifacts.
-
Keystore files like – X.509 certificate, key pair, and keystore.
-
BinaryParameters resources when created for the Partner Directory using the OData API.
Please refer the SAP Cloud Integration 6.13.x release section for details.
New with SAP Cloud Integration June 2021 release (6.15.x).
Malware scanning during the upload of Integration Package is functioning. You can experience this behavior and share your feedback in the comment section.
What is Malware scanner
Malware scanner is a feature in SAP Cloud Integration which allows to detect malware and malicious content in an uploaded file and prevent your tenant from a malicious attack.
Why Malware scanner
Integration developers of the tenant upload various files like integration packages, documents of integration packages, integration artifacts and its resources, security material, keystore files and JDBC driver to the tenant. Such files are prone to malware attacks, which in turn, compromises the security of the tenant. Hence to prevent this situation, the malware scanner capability has been introduced.
How to activate and use malware scanner
Activation and deactivation of the malware scanner is achieved through a self-service in the Tenant Settings view. By default, the scanner is disabled. Only the tenant administrator has a privilege to activate/deactivate this feature in the tenant.
Image 1: Malware scanner in the Tenant Settings View.
To activate malware scanner, click the Edit button, activate malware scan, and save the settings.
Image 2: Edit the malware scanner page to change the configuration.
Image 3: Activate and save malware scan settings.
Upload an integration flow project which has a malware and then click OK.
Image 4: Upload the Integration flow project that has a malware.
On click of OK, malware scanner will scan integration flow project for a malware and on detection of the virus, the upload operation will be disrupted, and error will be reported.
Image 5: Malware scanner detects the malicious content in an uploaded Integration flow “iflow test for malware”.
As mentioned, in the beginning of blog, we have enabled malware scanner to detect malicious content in resources of integration artifact and documents uploaded in the integration package.
Let us experience how the scan works during the upload of the archive resource (e.g. Jar file).
Open the integration flow, navigate to the Resources property tab to upload the archive resource.
Image 6: Scan archive resource for a malware detection.
Upload archive resource from the resource uploader and click “Add” action.
Image 7: Upload archive resource from the resource uploader.
On click of “Add” action of the dialog, the Malware scanner will scan for malicious content and will report an error when malware is detected.
Image 8: Malware detected in the archive resource.
Note: With malware scan enabled, files of larger size can take a longer time to upload than when it’s disabled.
SAP Cloud Integration 6.13.x release
With the 6.13.x release, SAP Cloud Integration provides a self-service capability in Cloud foundry environment to scan for the malware during the upload of following files :
- OData API design time artifact.
-
Keystore files like – X.509 certificate, key pair, and keystore.
-
BinaryParameters resources when created for the Partner Directory using the OData API.
Note : Though not supported by the malware scanner, security materials like Known Host files, PGP public keyrings, and PGP secret keyrings are validated for format during upload. This format check prevents the upload of malicious content.
Next steps:
In the successive increments, we have plans to enable detection of malware during the upload of following files.
- JDBC driver files.
Conclusion
Hope this feature will enable you to detect the malicious content which are prone to malware attacks and makes your tenant free from virus.
In case of questions or feedback, please feel free to comment on this blog.
Thanks for putting this blog together Kamlesh. When is SCI version 6.12.X expected to release?
Hello Gurbir,
This SCI version is already released and updated in few Data centers. Can you please let me know on which DC your tenant is hosted. Probably then I can share the expected timelines.
Regards,
Kamlesh.
Kamlesh Zanje any plans to release this also for Neo customers?
Hello Maik,
The primary focus is to bring all the mentioned deliverables in CF. However there were some discussion to bring this in NEO as well, but nothing has been concretely decided.
What would be your view on the similar self service capability in NEO ?
Thanks & Regards,
Kamlesh.
Hi Kamlesh Zanje
I think it would be also a nice feature for NEO customers
Best regards
Maik
Hello Maik,
Thanks for sharing your view.
Regards,
Kamlesh.
Hi Kamlesh,
CF subaccount is hosted in US East (VA).
Thanks,
Gurbir
Hello Gurbir,
It will be updated to 6.12.11 version this weekend. Please do share your feature consumption experience.
Regards,
Kamlesh.
Hi Kamlesh Zanje ,
it looks like there's a bug. I can see the Malware option in the tenant's settings, but when I click the button nothing happens (=the configuration page doesn't show up). Also the button's text looks a little bit fishy... Is this a known bug?
Our CPI runs on CF. The datacenter is "EU10" and the CPI build is 6.12.12.
Best regards,
Raffael
Hello Raffael,
We haven't experienced this bug so far.
But let me quickly check this probable issue in one of the tenant in "EU10" DC.
I'll revert back to you.
Regards,
Kamlesh.
Hello Raffael,
Issue is resolved. Please open the itspaces application in a new browser and test.
Regards,
Kamlesh.
Hi Kamlesh,
Even for EU20 and current version is 6.12.12., I am seeing the same bug, kindly check once.
Regards,
Haresha Reddy
Hello Raffael/Haresha,
We have identified the issue and it is drilled down to be a cache issue. We will provide a resolution asap.
Regards,
Kamlesh.
Hello Haresh,
Issue is resolved. Please open the itspaces application in a new browser and test.
Regards,
Kamlesh.
Hi Kamlesh,
Thanks for the update, now able to see the option is malware scanner.
Regards,
Haresha Reddy
Happy to hear from you that the issue is fixed and now you can see the malware scanner in tenant settings view.
How can such a feature be included as a step in the integration flow itself? Day to day the integration flows download archives from various sources and any of these could have been virus infected. Can CPI provide a step to do virus scan on the fly on Apache Came Message (containing attachments) object itself?
Vijay Konam