Background
The Attachment Checker allows all attachments to be checked with an external anti-virus scanner when they are uploaded.
This addresses the feature request raised in https://jira.atlassian.com/browse/JRA-8626 (Virus Scan Attachment)
Only the Confluence administrator can access this page
When an attachment is added, a request is sent to scan the uploaded file. The request is handled asynchronously so that users need not wait for the scanning to completed especially if the file is large.
When a file is suspected to be infected, depending on your configurations, as of v.1.4.0 the following follow-ups could happen when the Delete Virus File option is enabled or disabled
Feature | Enabled | Disabled (Default setting) |
---|---|---|
Handling of the infected file |
User may delete the placeholder version of the file. Rationale on why we use a placeholder While we can delete the infected attachment, we are unable to determine where the attachment is being used. It could be a macro or rendered image on another page in another space. Thus, we decided to place a placeholder so that people can identify it easily. When the newer uninfected version is being uploaded, it will be able to render the content without requiring the users to update the Confluence page content. | The infected file would not be removed automatically. |
Notification by Comment | By default, Anonymous user would create a comment. Thus you would not need to create an account for the comment to be create. | |
A comment to inform user that an infected file has been detected and replaced with a placeholder | A comment to inform the user to delete the infected file | |
Page Content | When the user tries to open the infected file, it would be replaced with placeholder looking like this, |
How to set up the virus scanner
Please refer to list of scanner paths needed for configuration
The paths would call a script, which calls the scanner's exe file.
You could create a command file (e.g. scanner.cmd) containing this script with options e.g.
@echo off echo executing scan for %1 c:\progra~1\window~1\MpCmdRun.exe -Scan -ScanType -File "%1" echo "returning errorLevel = " %ERRORLEVEL% EXIT /B %ERRORLEVEL%
As the script above contains some shorthand directory, you can retrieve shorthand commands through: dir /x