I recently wrote a Web Dynpro application, which featured file uploads. The developed application allows users to upload a file from their client PC and physically write the file on a predefined location. In order to make sure that the uploaded files are safe, I had hoped to use AntiVirus scan to scan the uploaded file.
The breakdown of the logic is below:
1. user selects a file from their PC
2. user clicks on the upload button
3. the onActionFileUpload method is triggered where the FileUpload UI picks up the user selected file and store in the Web Dynpro application's context
4. I plan to call an AntiVirus scan (maybe through an API or something) to scan the in-context binary resource (byte representation of the uploaded file)
5. if the scan is successful (with the uploaded file free from virus or malwares), I proceed to FTP write to my predefined location
1. I read that NetWeaver2004s has a virus scan adapter where you need to configure the profile and groups. If I go for this configuration, does this mean I can skip step 4?
2. We are using McAfee as our AntiVirus. Can we somehow configure the on-demand scan to pick up files uploaded in Web Dynpro's context?
3. By having a binary type in the View's context, if the uploaded file contains malware, is it possible for it to harm the server (even though we are not really running the file)?
Might this [doc|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/7a411283-0c01-0010-f6a7-c8cd6a7c0169] will help.
Thank You. Your document helped me understand that I do not need to implement any additional virus scanning code in my Web Dynpro application. I can just integrate VSA and get the Portal to scan the uploaded files via the webdynpro_fileupload profile. Once integrated, I just need to use the VSI calls to scan bytes.
File Uploads for Web Dynpro is not hard to implement. Use the file upload control from the Web Dynpro. In your view, just make sure you grab the bytes from the control. You can find details on how to use the control and related coding from SAP Help.
For virus scan abilities, please see the doc link above.
Hope this helps.
Here is the sample coding I am using...
// note: element = wdContext.currentContextElement();
// you can get details on getFileResource from SAP Help
byte file = element.getFileResource();
// scan file - antivirus
IWDApplicationInfo appInfo =
// write to physical location using SMB
String path = "smb://" + appInfo.findInApplicationProperties("FileUploadTarget").getValue() + binaryType.getFileName();
String domain = appInfo.findInApplicationProperties("SMBDomain").getValue();
String username = appInfo.findInApplicationProperties("SMBUserName").getValue();
String password = appInfo.findInApplicationProperties("SMBPassword").getValue();
NtlmPasswordAuthentication auth = new NtlmPasswordAuthentication(domain, username, password);
SmbFile sFile = new SmbFile(path, auth);
SmbFileOutputStream writer = new SmbFileOutputStream(sFile);