TIL: Virus scan functionality when uploading files via a Fiori app
In this short blog post, I’ll be writing about computer virus scanning and not the other virus that is around :-). The question I’m trying to answer is….. Is there a virus scan functionality that scans files uploaded via a Fiori app?
There are two scenarios that I’m interested in, when the Fiori app is deployed on-premise and when the Fiori app is deployed to SAP BTP.
The virus scanning component in a Fiori FES (front-end server) is optional. Rules need to be defined in a scan profile so that the documents that are not compliant with the rules are rejected. More information about the virus scan interfaces can be found here.
Fiori FES Help documentation: https://help.sap.com/viewer/93d677d2f3cd4719aa2f0feaed8a914d/FES6.0/en-US/c623f0522bc80175e10000000a44538d.html
This can be found in the security section of the SAP Trust Center (https://www.sap.com/about/trust-center/security.html), under Cloud Services: Reference Guide.
SAP uses a malware management process designed to keep the cloud service free of viruses, spam, spyware, and other malicious software. It consists of an anti–malware agent deployment, regular scanning, and malware reporting subprocesses. Anti–
malware software o equivalent is installed on servers in the SAP cloud landscape during the system setup process for data processing systems.
To protect servers against malware uploads, the anti–malware management service is automatically configured to scan files where is applicable, based on the anti–malware engine, when files are uploaded to the application.
In short, yes… all SAP Cloud servers contains software that protects its systems from viruses. You can find more information in the Feature Scope Description for SAP BTP, Cloud
Foundry, ABAP, and Kyma Environments https://help.sap.com/doc/5e8107bf49684962b897217040398007/Cloud/en-US/SAP_BTP_FSD.pdf
SAP Malware Scanning Service
Also, you can use the SAP Malware Scanning Service to scan documents uploaded by your custom-developed apps for malware. The app that you develop can call the SAP Malware Scanning service to check for viruses or other malware. Check out the SAP Malware Scanning Service APIs in the SAP API Business Hub – https://api.sap.com/api/MalwareScanAPI/overview.