Check Virus Scan

It is possible to block malware in Fabasoft Folio, which was found by an Antivirus software. Therefore, affected documents will be marked as infected and the current content is replaced (the primary content will not get lost). Additionally, these objects can no longer be opened or edited and the user receives a warning.

This feature can be used independently from any kind of Antivirus software but the output must be prepared in a certain structure.

Requirements and Configuration

The scan output must be provided in JSON format and must be structured as follows.

Example
{ "checkstartat": "2021-10-12T11:23:00", "checkendat": "2021-10-12T11:23:45", "virusdocumenthashes": [ { "hash":"cb0b4f7eca5c318724eb001d8099632f_c8f8", "detail":"Virus 1" }, { "hash":"894d83bf6934c1ee6c989d91ca596995_ee54", "detail":"Virus 2" } ] }

In the JSON, hash indicates the affected document name (without extension) found by the Antivirus software and detail contains the virus information.

Fabasoft Folio Configuration

The generated JSON file must be placed in the dedicated MMC area in a pre-defined directory called logscans and must have the name latest.json.

Example
[root@foliofileserver MMCSVC1]# pwd /var/opt/fabasoft/lib/mmc/1.506/MMCSVC1 [root@foliofileserver MMCSVC1]# ls -l logscans/ total 4 -rwxr-xr-x. 1 fscsrv fsc 190 Oct 19 09:29 latest.json

Execution

If the JSON file is placed in the logscans directory, the execution of COOSYSTEM@1.1:CheckVirusScans initializes/updates the attribute COOSYSTEM@1.1:objscaninfo based on the JSON input. The marked objects remain, even if the JSON does not reference these entries.

Alternatively, you can specify COOSYSTEM@1.1:ScanInfo[] to mark objects that contain viruses.

Example
coodomain.CheckVirusScans(true, [ { scihash : cb0b4f7eca5c318724eb001d8099632f_c8f8, scidetail : 'Virus 1', scidetectedat : coonow } ])

All files in the CAS area of all versions referenced by objects in Fabasoft Folio are checked.

The execution can be accomplished by the AT service. Therefore, a new AT service task must be created and placed in a list of automated tasks.

The object is the current domain and the action is COOSYSTEM@1.1:CheckVirusScans.

Handle Infected Documents

In case of a virus, the objects in Fabasoft Folio, which reference this content are marked as infected and consequently cannot be edited or opened by the end user.

Instead there will be a PDF preview, which informs the user about the virus found.

The infected document can be handled using the “Handle Infected Documents” context menu command. This menu is only visible if the user is allowed to change the object.

If the user clicks on “Handle Infected Document”, he can either flag the object as not infected (COOSYSTEM@1.1:sciignored) or download the file.

If the user decides to download the file, the user can scan and clean the file with an own virus scanning software. The cleaned file can be uploaded again. If the file has been mistakenly classified as a potential threat, the document can also be deleted.

Object Properties

The virus information is processed in the following properties. The properties can be accessed with the administration tool and context menu (“Object” > “All Properties”) or with an expression.

Property: COOSYSTEM@1.1:objscaninfo

Hash (COOSYSTEM@1.1:scihash) indicates the affected content found by the antivirus software.
Detected on/at (COOSYSTEM@1.1:scidetectedat) indicates when the virus was detected.
Detail (COOSYSTEM@1.1:scidetail) contains the virus information.
COOSYSTEM@1.1:sciignored indicates if the virus should be ignored. If it is true, the virus warning message disappears and FSCORGMGMT@1.1001:objthreat will be empty.

Property: COOSYSTEM@1.1:objthreat

This property displays the virus name (COOSYSTEM@1.1:scidetail) of the COOSYSTEM@1.1:objscaninfo entry, which has the primary content (COOSYSTEM@1.1:content).