Malware Scanner in SAP/Cloud Integration

The files uploaded to CPI, such as flows, value mappings, etc., contain various integration products including design, integration tools, and resources. These files may pose a security risk to the tenant as they could potentially contain malicious software.


image

What is Malware Scanner?

The files uploaded to CPI for design purposes (flows, value mappings, etc.), as well as various integration products including integration tools and resources, may pose a security risk to the tenant as they could potentially contain malicious software.

SAP Cloud Integration detects malicious software in files using the Malware Scanner when users attempt to upload such files. By default, the scanner is disabled, but you can enable this option through the settings (by selecting the Malware Scanner tab). When the Malware Scanner is enabled, the upload of larger files may take slightly longer compared to when it is disabled. The file types supported by the Malware Scanner include:

  • Documents uploaded within a package.
  • Integration products such as flows, value mappings, script collection artifacts, and API-based integration flows.
  • Integration packages.
  • Keystore files, for example, X.509 certificate, key pair, and keystore.
  • BinaryParameters resources created for the Partner Directory using OData API.


SAP Malware Scanner for Application Development:

Dosya Tarama;

For the POST call, the host URL is located under the sync_url parameter.

The JSON format returned after service scanning is as follows:


{

 "malwareDetected": false,

 "encryptedContentDetected": false,

 "scanSize": 17626,

 "mimeType": "image/png",

 "SHA256": "220c6d13157a747676169c33254e9fae47b352d4db40bc64e16555819746c1cc"

}


Timeouts:

The time it takes to scan a file is determined by its size, file type, structure, and nested complexity. The service times out after a 25-minute scan.


Çokça Sorulan Sorular:

Malware Scanner neyi taramalı?

The application should scan unstructured data coming from an untrusted source. The maximum file size the application can scan is 400 MB.

When should the Malware Scanner perform scanning?

  • When you upload a file.
  • When you store the scan timestamp along with the file.
  • When downloading or processing a file, if more than 3 days have passed since the last scan, you can scan the file in these cases.

What should the Malware Scanner do upon a positive scan result?

The Malware Scanner should delete the file and its associated log history.

What should the Malware Scanner do if the service is offline?

The following two methods enable flexible application continuation even if the service is unavailable:

  • If the service doesn't respond during upload, save the file. Then, set the timestamp to the initial value. This way, when the file is processed or downloaded next time, the initial timestamp will trigger the application to scan again.
  • If the service doesn't respond during download, ensure your application sends a clear warning to the user that the file cannot be scanned. Provide the user with options to accept the risk or cancel the operation.

How should I rotate binding credentials?

You should use blue-green deployment for this. Start a new instance of your application, connect this instance to the service instance, and then remove the old instance.

What to do if SAP Malware Scanning fails?

  • Check if the system is active from the SAP Trust Center.
  • Subscribe to Cloud System Notification Subscriptions to receive updates and notifications in case of system failure.
  • Check the SAP Support Portal.
  • Regularly check SAP Notes and Knowledge Base for the "BC-CP-CF-SEC-VIR" component on the SAP Support Portal Information published on the SAP website. This contains information about program fixes and provides additional details.
  • Contact SAP Support and open a support ticket. When opening a ticket, use the following information:

Additionally, including the following information in your support ticket would be beneficial:

  • Landscape information (e.g., EU10, US10)
  • Describe the expected result and the error you encountered, along with the HTTP code.
  • Include screenshots, videos, and written descriptions.
  • Attach binaries files that caused the issue to the support ticket.