The Attachment Checker allows all attachments to be checked with an external anti-virus scanner when they are uploaded.
This addresses the feature request raised in https://jira.atlassian.com/browse/JRA-8626 (Virus Scan Attachment)
Only the Confluence administrator can access this page
When an attachment is added, a request is sent to scan the uploaded file. The request is handled asynchronously so that users need not wait for the scanning to completed especially if the file is large.
When a file is suspected to be infected, depending on your configurations, as of v.1.4.0 the following follow-ups could happen when the Delete Virus File option is enabled or disabled
|Feature||Enabled||Disabled (Default setting)|
|Handling of the |
- The infected version is deleted and replaced with a placeholder
- The placeholder is commented so that users can identify the version easily
User may delete the placeholder version of the file.
Rationale on why we use a placeholder
While we can delete the infected attachment, we are unable to determine where the attachment is being used. It could be a macro or rendered image on another page in another space. Thus, we decided to place a placeholder so that people can identify it easily. When the newer uninfected version is being uploaded, it will be able to render the content without requiring the users to update the Confluence page content.
The infected file would not be removed automatically.
By default, Anonymous user would create a comment. Thus you would not need to create an account for the comment to be create.
A comment to inform user that an infected file has been detected and replaced with a placeholder
A comment to inform the user to delete the infected file
When the user tries to open the infected file, it would be replaced with placeholder looking like this,
How to set up the virus scanner
Please refer to list of scanner paths needed for configuration
The paths would call a script, which calls the scanner's exe file.
You could create a command file (e.g. scanner.cmd) containing this script with options e.g.
echo executing scan for %1
c:\progra~1\window~1\MpCmdRun.exe -Scan -ScanType -File "%1"
echo "returning errorLevel = " %ERRORLEVEL%
EXIT /B %ERRORLEVEL%