Is there a provision for virus protection?
How does the repository is protected?
0 votes
1 answers
1890 views
There is no virus scan by default. Here are some solutions:
- HTTP Virus Scanner
Some Virus Scanners can scan HTTP requests. They are usually plugged at the reverse proxy level.
* Advantages
Transparent to application layer.
User has a feedback when he tries to upload a corrupted file.
* Drawback
If the Virus Scanner is slow, everything will be slow. - Synchronous Virus Scanner
If your virus scanner can be called from Java or from the command line, then you can easily add inside Nuxeo a synchronous listener that will execute the virus scan.
In case of virus the listener should:
- mark the Transaction as Rollback,
- raise an Exception.
* Advantages
User has a feedback when he tries to upload a corrupted file.
* Drawback
If the Virus Scanner is slow, everything will be slow.
You have to write a listener. - Asynchronous Virus Scanner
If your virus scanner can be called from Java or from the command line, then you can easily add inside Nuxeo an asynchronous listener that will execute the virus Scan.
In case of virus the listener should:
- remove the attached file,
- add an audit log entry stating the file was removed because of a virus detection.
* Advantages
No performance impact
* Drawback
You have to write a listener.
User is not directly notified.
The corrupted file was stored and accessible for some time. - Filesystem scanner
You can also let your virus scanner watch the directory tree used by the Repository Binary Store. Note you must restrict the virus scanner to that specific directory, not the whole Nuxeo directory or it will drastically decrease the performances and even may break Nuxeo (under Windows OS)
In case of virus the corrupted file will be removed.
* Advantages
No performance impact.
No code
* Drawback
The user will never know why the file was removed! The corrupted file was stored and accessible for some time.