Document toolboxDocument toolbox

Additional steps for anti-virus scanning

Requirements

In order for the anti-virus scanning to work, there are some steps required

  1. Installation of the Anti-virus scanner program
  2. Creation of AttachmentChecker user in Jira (Optional)
  3. Notification for administration (Optional)


1. Anti-virus Scanner

The installed anti-virus scanner should 

  • have a command line scanner to execute a real-time scan by specifying the filename
  • return a status code to indicate the result of the scan

We have tested with the following

Anti-virus ProgramCommand Line Binary
ClamAV

/usr/bin/clamscan

Sophos Anti-virus for Mac

/usr/bin/sweep
Sophos Anti-virus for Linux/opt/sophos-av/bin/savscan
McAfee VirusScan/usr/local/uvscan

For the full list of compatible command line scanners, please refer to Compatible Antivirus Command Line Scanners

Please refer to the Anti-virus program's documentation for the installation steps. 

The Operating System user executing Jira must have rights to execute the command line scanner

2. Creation of AttachmentChecker user account (Optional)

This step is no longer required. Since version 2.12.0 (Jira 7) and 3.3.0 (Jira 8), admin can configure the user to add comment.  Refer to Configuration on how to configure

When a file is suspected of infection, the Attachment Checker will post a comment in the issue. Therefore it is required to create a user with the user ID AttachmentChecker

There is no need to modify the permission schemes to allow AttachmentChecker user to create comments in the issue.

Please note that the user ID is case sensitive.


3. Notification for Administrators (Optional)

For scenarios where the end user does not have the permission to delete their own attachments, the Jira administrator will have to be notified to delete the attachment.

The Jira administrators can be notified with the following steps

  1. Create a filter to list all issues which have been updated with a comment containing the text "Infected file identified. Please scan your file" since the start of the week. Please change the text in red to your configured alert message accordingly.

    updated > startOfWeek() AND comment ~ "Infected file identified. Please scan your file"

    Refer to Saving your search as a filter on how to create a filter.

  • Create a filter subscription to email the results of the filter to the Jira admin 

    Refer to Working with search results on the steps to create the filter subscription.
    We recommend at least a daily subscription to ensure prompt follow-up.