Virus scanning for uploaded attachments
Introduction
Attachment Checker allows uploaded attachments to be scanned with an external anti-virus scanner.
When an attachment is uploaded, a request is sent to scan the file. The request is handled asynchronously so that users do not have to wait for the scanning to be completed especially if the file is large.
This addresses the feature request raised in JRA-8626 (Virus scan attachments).
Only Confluence administrators can access the configuration page.
All non-zero codes are treated as infected if the virus scanner is unknown. Refer to list of compatible scanners for more info.
When an infection is detected or error occurs during scanning, a comment will be added and the following actions may be taken:
Actions | Description |
---|---|
Delete file |
Users may delete the placeholder version of the file. Rationale on why a placeholder is used While we can delete the infected attachment, we are unable to determine where the attachment is being used. It could be a macro or rendered image on another page in another space. Thus, we decided to place a placeholder so that people can identify it easily. When the newer uninfected version is being uploaded, it will be able to render the content without requiring the users to update the Confluence page content. |
Email Confluence Sysadmin Group |
|
Comments
| Delete file enabled | Delete file disabled |
---|---|---|
If file is infected | ||
Any other errors |
Emails
| Delete file enabled | Delete file disabled |
---|---|---|
If file is infected | ||
Any other errors |
Placeholder
This is how the placeholder looks like when user preview the infected file:
How to set up the virus scanner
Install a 3rd-party virus scanner. Please refer to the list of compatible scanners.
Go to Attachment Checker Configuration → Virus Scanning tab.
Enable the Virus Scanning toggle button.
In Scanner Path field, enter the full path to the command line scanner or a script which calls the command line scanner.
In Additional Options field, enter the options if required.
Using command line scanner
Enter the full path to the command line scanner, for example:
Scanner Path | Additional Options |
---|---|
|
|
|
|
Using script
You can also create a script (e.g. scanner.cmd) which calls the command line scanner in the script, for example:
@echo off
echo executing scan for %1
c:\progra~1\window~1\MpCmdRun.exe -Scan -ScanType -File "%1"
echo "returning errorLevel = " %ERRORLEVEL%
EXIT /B %ERRORLEVEL%
As the script above contains some shorthand directory, you can retrieve shorthand commands through: dir /x
Variables
The following variables can be used in the Additional Options:
Variable | Description |
---|---|
| The attachment id |
| The attachment creator’s username |