Technical Articles
TIL: Virus scan functionality when uploading files via a Fiori app
In this short blog post, I’ll be writing about computer virus scanning and not the other virus that is around :-). The question I’m trying to answer is….. Is there a virus scan functionality that scans files uploaded via a Fiori app?
Computer being attacked by a malicious virus
TLDR; Yes!
There are two scenarios that I’m interested in, when the Fiori app is deployed on-premise and when the Fiori app is deployed to SAP BTP.
On-premise
The virus scanning component in a Fiori FES (front-end server) is optional. Rules need to be defined in a scan profile so that the documents that are not compliant with the rules are rejected. More information about the virus scan interfaces can be found here.
Fiori FES Help documentation: https://help.sap.com/viewer/93d677d2f3cd4719aa2f0feaed8a914d/FES6.0/en-US/c623f0522bc80175e10000000a44538d.html
SAP BTP
This can be found in the security section of the SAP Trust Center (https://www.sap.com/about/trust-center/security.html), under Cloud Services: Reference Guide.
SAP uses a malware management process designed to keep the cloud service free of viruses, spam, spyware, and other malicious software. It consists of an anti–malware agent deployment, regular scanning, and malware reporting subprocesses. Anti–
malware software o equivalent is installed on servers in the SAP cloud landscape during the system setup process for data processing systems.To protect servers against malware uploads, the anti–malware management service is automatically configured to scan files where is applicable, based on the anti–malware engine, when files are uploaded to the application.
In short, yes… all SAP Cloud servers contains software that protects its systems from viruses. You can find more information in the Feature Scope Description for SAP BTP, Cloud
Foundry, ABAP, and Kyma Environments https://help.sap.com/doc/5e8107bf49684962b897217040398007/Cloud/en-US/SAP_BTP_FSD.pdf
SAP Malware Scanning Service
Also, you can use the SAP Malware Scanning Service to scan documents uploaded by your custom-developed apps for malware. The app that you develop can call the SAP Malware Scanning service to check for viruses or other malware. Check out the SAP Malware Scanning Service APIs in the SAP API Business Hub – https://api.sap.com/api/MalwareScanAPI/overview.
Note: Thanks to Oscar Herrera and Sissy Haegele for their contribution on this topic.
Hi Antonio,
thanks for sharing.
I`ve tried to get some more information on that, but struggled a little bit. Hopefully you can answer my questions:
BTW: It's also not listed in the SAP BTP Discovery Center.
Thanks for your time and your answers.
Kind regards,
Rainer
Hi Rainer,
to get your hands dirty you should start with a BTP PayasyouGo. With that contract in place you`ll be able to use "free tier" service. No investment would be needed to use free tier services.
To sign a Pay as you Go: https://storefront.s1.store.net.sap/dcp/en/product/display-9999951781_live_v1/SAP%20Business%20Technology%20Platform
Overview of "Free tier" services, able to use with "Pay as you Go": https://discovery-center.cloud.sap/index.html#/serviceCatalog?provider=all®ions=all&category=freetierservices
"Malware Scanning Service" is already available within a Subaccount which has "beta" enabled. It will be soon available for all landscapes. There was an issue to display it.
best regards. Sissy
Hi Sissy,
thanks for that update.
As we only have some partner based commercial models ( Subscription and PAYG) in place I think we have to wait. Do you have an idea / timeline when "Malware scanning Service" will be available for the "non commercial services"?
All the best,
Rainer
I am a little confused. You say
What cases do we need 'SAP Malware Scanning Service'?