...

Introduction

The Attachment Checker allows all uploaded attachments to be checked scanned with an external anti-virus scanner when they are uploaded.

This addresses the feature request raised in https://jira.atlassian.com/browse/JRA-8626 (Virus Scan Attachment)

...

...

Only the Confluence administrator can access this page

Image Removed

When an attachment is addeduploaded, a request is sent to scan the uploaded file. The request is handled asynchronously so that users need do not have to wait for the scanning to be completed especially if the file is large.

This addresses the feature request raised in JRA-8626 

When a file is suspected to be infected, depending on your configurations, as of v.1.4.0 the following follow-ups could happen when the Delete Virus File option is enabled or disabled

...

(Virus scan attachments).

...

All non-zero codes are treated as infected if the virus scanner is unknown. Refer to list of compatible scanners for more info.

When an infection is detected or error occurs during scanning, a comment will be added and the following actions may be taken:

Actions	Description
Delete file	The attachment version is deleted and replaced with a placeholder The placeholder is commented so that users can identify

the version

it easily

Image Removed

Image Added Tip

User

Users may delete the placeholder version of the file. Info

title

Rationale on why

we use

a placeholder is used While we can delete the infected attachment, we are unable to determine where the attachment is being used. It could be a macro or rendered image on another page in another space. Thus, we decided to place a placeholder so that people can identify it easily. When the newer uninfected version is being uploaded, it will be able to render the content without requiring the users to update the Confluence page content.

The infected file would not be removed automatically.

Notification
by 
Comment

Info
By default, Anonymous user would create a comment. Thus you would not need to create an account for the comment to be create.

A comment to inform user that an infected file has been detected and replaced with a placeholder

Image Removed

A comment to inform the user to delete the infected file

Image Removed

Page Content

When the user tries to open the infected file, it would be replaced with placeholder looking like this,

Image Removed

Email Confluence Sysadmin Group

Users in the configured Confluence Sysadmin Group will be notified by email

Comments

	Delete file enabled	Delete file disabled
If file is infected	Image Added	Image Added
Any other errors	Image Added	Image AddedImage Added

Emails

	Delete file enabled	Delete file disabled
If file is infected	Image Added	Image Added
Any other errors	Image Added	Image Added

Placeholder

This is how the placeholder looks like when user preview the infected file:

...

How to set up the virus scanner

1. Install a 3rd-party virus scanner. Please refer to the list of

...

The paths would call a script, which calls the scanner's exe file.

...

1. compatible scanners.

2. Go to Attachment Checker Configuration → Virus Scanning tab.

3. Enable the Virus Scanning toggle button.

4. In Scanner Path field, enter the full path to the command line scanner or a script which calls the command line scanner.

5. In Additional Options field, enter the options if required.

Using command line scanner

Enter the full path to the command line scanner, for example:

Using script

You can also create a script (e.g. scanner.cmd) containing this script with options e.g.which calls the command line scanner in the script, for example:

@echo off
echo executing scan for %1
c:\progra~1\window~1\MpCmdRun.exe -Scan -ScanType -File "%1"
echo "returning errorLevel = " %ERRORLEVEL%
EXIT /B %ERRORLEVEL%

As the script above contains some shorthand directory, you can retrieve shorthand commands through: dir /x

Related Information

...

Variables

The following variables can be used in the Additional Options: