Question
Murex
LB
Last activity: 4 May 2020 10:01 EDT
callVirusCheck Activity Implementation
Hello,
We are trying to implement the callVirusCheck activity. Searching the PDN all I found was "Checking the extension of the file". In our requirements, we are required to allow executable files to be attached but they need to be scanned for malicious code first.
If anyone has ever implemented it can you please provide us with the approach? or an example of its implementation?
Thank you in advance.
***Edited by Moderator Marissa to update SR Details***
Accepted Solution
Murex
LB
Hi,
I implemented something like that, however I used the anti-virus on the server itself.
Since Pega saves the attachments in the DB without scanning them what we can do is utilize the real-time scan of the antivirus on the server before saving the attachment in the DB.
Algorithm:
A- Retrieve the attachment from the user
B- Transform the attachment from base64 to a byte array and save it in a file on the server in Directory D
C- Check if the file exists in the directory D.
If the file exists it means that the antivirus didn't detect any issue in the file saved.
D- Delete the file from the server and proceed.
Otherwise if the file did not exist in the directory D, it means that the antivirus detected an issue and the file was moved to quarantine, thus the file is malicious
D- Halt the process of the attachment and send an error message to the user.
Above was implemented in Java.
Hope it helps.
Thanks,
M
Pegasystems Inc.
US
I am not aware of a specific example available. There is an enhancement request defined to provide a working example of this (FDBK-20857) that you can work with your Pega Account Executive on. They will be able to help you with finding out the status and will also be able to drive this further for you.
I am not aware of a specific example available. There is an enhancement request defined to provide a working example of this (FDBK-20857) that you can work with your Pega Account Executive on. They will be able to help you with finding out the status and will also be able to drive this further for you.
If others have performed this, hopefully they can respond here for you.
Pegasystems Inc.
US
Doing research on this, I found what could be the solution. You would need to implement a solution similar to what is suggested in the link.
You would need to install a third party virus scan software and call it using Java. Implement by rewriting the Activity with this new logic.
I think this apply if not working with Cloud. Cloud might scan for viruses. You would need to ask that question to them.
https://stackoverflow.com/questions/4721406/how-to-scan-a-file-with-antivirus-on-upload-in-java
Accepted Solution
Murex
LB
Hi,
I implemented something like that, however I used the anti-virus on the server itself.
Since Pega saves the attachments in the DB without scanning them what we can do is utilize the real-time scan of the antivirus on the server before saving the attachment in the DB.
Algorithm:
A- Retrieve the attachment from the user
B- Transform the attachment from base64 to a byte array and save it in a file on the server in Directory D
C- Check if the file exists in the directory D.
If the file exists it means that the antivirus didn't detect any issue in the file saved.
D- Delete the file from the server and proceed.
Otherwise if the file did not exist in the directory D, it means that the antivirus detected an issue and the file was moved to quarantine, thus the file is malicious
D- Halt the process of the attachment and send an error message to the user.
Above was implemented in Java.
Hope it helps.
Thanks,
M