As of SAP NetWeaver PI 7.31 it is directly possible to scan incomming and outgoing messages for viruses without any line of custom code. In this blog I want to shortly describe how such a scenario can be setup. As a virus software is required to do this I will use the open source tool clamAV.
This blog describes the setup on a SAP NetWeaver AEX (Java only) installation. For an double stack additional steps are required.
- Installation ClamAV. Download ClamAV (http://www.clamav.net/lang/en/) on your operating system. Hint: For Windows operating system please make sure that you do not install the GUI version of ClamAV, you need do make sure that you have the clamd.exe which will be the daemon interacting with the Netweaver AS Java.
- For the interaction with SAP Netweaver some dll files are required. You can download this packaged (ClamSAP) under http://sourceforge.net/projects/clamsap/. Just extract it and copy it to the clamAV installation directory.
- Configure the ClamAV by creating a clamd.conf file and start the clamd.exe by double-click.
- Configuration in the SAP NetWeaver system.
As the prerequisites are fulfilled now you can start with the configuration in your AS Java.
Go to the NetWeaver Administrator - Configuration - Security - Virus Scan Provider.
You then create step by step a group ...
... a virus scan adapter ....
Hint: the VSA Library Path points to the Clam SAP library that you downloaded in the previous step.
... and a profile
For the profile it is important that you remove the reference profile and create your own profile steps - as shown in the figure above.
- After configuration you can test the setup with the following script http://hostname:port/vscantest/index.html
- Activate Virusscanning for your scenario. You can activate virus scanning on a global level (for all interfaces) or per every single interface in the integrated configuration (or sender / receiver agreement respectivly).
Activating on a global level - parameter xiadapter.virusscan.active switched to 1 (default 0)
Virus Scanning activated on a single interface on the sender side:
Further information about how it technically works is available under: http://help.sap.com/saphelp_nw73ehp1/helpdata/en/95/49242673b1488193f5089c3add5915/frameset.htm
- Send a test message.
For testing you can setup e.g. a simple file to file scenario. To get an example virus file please visit http://www.eicar.org. There you will find a testfile that should be recognized by every virus scanner. Just put this file to your input file directory and watch. You will see the virus scan error on level of the communication channel.