Apart from the performance overheads, some virus scanners delete the infected attachments silently in the backend after the file has been successfully uploaded.
The users will only realised that realise after clicking on the link to download the attachments, which turns out to realise be a broken link.
The system admins will spend precious time to trace the issue and try to retrieve the deleted files from the backup archives.
This lack of feedback causes a risk that files with important information are lost forever.
When user tries to download the attachment, they will get the following errors.
The following error will be logged in the log file.
2019-06-04 15:46:10,914 WARN [conversion-thread-0-internal] [atlassian.confluence.pages.DefaultAttachmentManager] getAttachmentData Could not find data for attachment: Attachment: eicar.com.txt v.1 (5180376) angela - java.io.FileNotFoundException: /opt/confluence-home/attachments/ver003/191/58/5308441/117/180/5180367/5180376/1 (Operation not permitted)
How the Attachment Checker helps
On-access Scanner is enabled
- The admin Admin can update the configure Attachment Checker config to inform the app that there is an antivirus configured in the backend to scan for virus whenever files are being accessuploaded.
- Whenever a file is uploaded, the Attachment Checker will ensure check if the file has been uploaded successfully.
- If the file is missing, it will post a comment to the Confluence page to inform the user so that appropriate action can be taken.
On-access Scanner is disabled
- The admin Admin can configure the Attachment Checker to execute a command line scan of for the file.
- Whenever a file is uploaded, the Attachment Checker will execute a scan using the configured path and options only on the file.
- This reduces the amount of CPU load by scanning only scanning once for each uploaded file.
- If the attachment is infected, it will post a comment to the Confluence page to inform the user so that appropriate action can be taken.