In Axon Ivy you can use the PrimeFaces p:fileUpload
to upload files from a web page to the engine to further process the file. How can you ensure that the uploaded files does not contain a virus? Even worse if the uploaded file can be downloaded by other users and therefore your engine distributes the virus? 😱
👍 PrimeFaces itself has a simple solution for this problem.
- You can set the attribute
performVirusScan
on the p:fileUpload
tag to true
.
- Provide an implementation of the
org.primefaces.virusscan.VirusScanner
interface and configure it.
🧐 By default PrimeFaces is delivered with one implementation of that interface that uses VirusTotal. To enable VirusTotal you need to create a community account at the VirusTotal web site. You receive an API key once you have an account . To configure the API key add the following snipped to the webapps/ivy/WEB-INF/web.xml
file:
<context-param>
<param-name>primefaces.virusscan.VIRUSTOTAL_KEY</param-name>
<param-value>PUT YOUR API KEY HERE</param-value>
</context-param>
The param-value needs to be replaced with your API key.
If you now upload a file it will be sent to VirusTotal which checks if the file contains any virus. If so the upload is interrupted and the following entry is written to the ivy.log:
Detected a virus
📡On the profile page of VirusTotal you can see how many checks were performed. You also find your API key here:
👮If you want to use a different virus scanner you have to write a java class that implements the interface org.primefaces.virusscan.VirusScanner
and call the virus scanner in the method performVirusScan
. Write a file that is called META-INF/services/org.primefaces.virusscan.VirusScanner
and write the full qualified name of your java class into the file. See Service Loader for more information.
Then put your class and the META-INF directory with its file in a *.jar file and copy it to webapps/ivy/WEB-INF/lib
folder.
👌 It is easy to setup a virus check for files uploaded to Axon Ivy. We recommend to enable it if your engine is accessible from the internet. But also on intranet environments it may be worth to turn it on.