Malicious file getting deleted by file upload control
Hi,
We are trying to upload a malicious EICAR file using pzMultiFilePath control in a pre-production Pega cloud environment. It's part of the security testing being conducted by the client to confirm malicious files on the Pega cloud server are quarantined and Pega cloud support is alerted.
However, we noticed that the malicious file doesn't get uploaded on the server at all. Can someone please confirm if there are any checks placed in the pzMultiFilePath control itself to identify and block malicious file upload requests?
Thanks in advance!
***Edited by Moderator Marije to add INC tags***
Bits in Glass
IN
@SinghAmit If Anti virus check is been implemented using java method, then file will not be uploaded to the server location. Please check below url for reference.
Virus check implementation moving malicious files to quarantine not to directory
Updated: 7 Dec 2023 23:05 EST
Pegasystems Inc.
NZ
Thanks for the input. We have not used any anti-virus check in the application.
I did reach out to both Pega Cloud and Pega product support. Here are the observations.
On Pega cloud,
- an EICAR text file doesn't get uploaded to the server. No error is reported on the browser. Nothing is reported in the quarantine log.
- A valid text file gets uploaded to the server (service export directory before it's uploaded to S3)
On Pega personal edition,
- The same EICAR text file gets uploaded to the server
So now we are waiting for inputs from the support team on the next steps. Will update here once i have more details. We have raised the following ticket.
INC-A26448: Sev3 Issue - WKNZTA - Malicious file getting deleted by file upload control