cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Malware Scanner in Integration Suite

helmut_skolaut3
Active Participant

on ‎2024 Jul 29 12:21 PM

0 Kudos
360

I have activated Malware scanning in Integration Suite:

helmut_skolaut3_0-1722251763118.png

Then I have uploaded a Ransomware JAR into a script Collection:

helmut_skolaut3_1-1722251798163.png

The source of the Ransomware is from here:
PanagiotisDrakatos/JavaRansomware: Simple Ransomware Tool in Pure Java (github.com)

I am wondering, i am getting no alerts - i could have uploaded it.

Looking into Note 3313373 or Help Page it should detect malicious Script Collection Artifacts. Is anybody knowing why it's not detecting my try-attack?

I have also tried to upload a malicious Pyton Script into an API Proxy Policy - also not detected - maybe this is not yet implemented. 

Thanks for your comments.

BR Helmut

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
kamlesh_zanje
Product and Topic Expert
Product and Topic Expert
‎2024 Sep 19 10:14 AM
0 Kudos

Hello,

Thanks for sharing your query. Basically, Cloud integration of the integration suite subsumes the malware service from the BTP. 

However, malware service from the BTP underneath uses the CLAMAV (open-source anti-virus engine).

if the malicious content is not detected on the upload in the cloud integration capability of the integration suite, it means CLAMAV is not capable to detect that specific virus. To check this, you can upload the same malicious content in this https://www.virustotal.com/gui/. It has many anti-virus hosted. One of them is CLAMAV. Here as well, content will not be detected as malicious. 

 

 

View Entire Topic
helmut_skolaut3
Active Participant
‎2024 Sep 19 10:41 AM
0 Kudos

Thanks for your reply. We have contacted SAP Consultant and he was reverting back the same just 2 days ago. But we have observed, that the virus has been detected using the URL you have shared, but Integration Suite doesn't detected it - my SAP Consultant has created an incident internally already to get this fixed.

BR Helmut

Show replies
Show replies
kamlesh_zanje
Product and Topic Expert
Product and Topic Expert
‎2024 Sep 19 10:45 AM
0 Kudos
I think the SAP Consultant is Bousselmi, Samir. Right? I would suggest getting in touch with him for latest update.
helmut_skolaut3
Active Participant
‎2024 Sep 19 10:47 AM
0 Kudos
Yes exactly 🙂
Ask a Question