Anti virus is triggered when uploading assets through the Creation component.
Uploading assets by Excel import
Excel files with assets (hyperlinks) can be imported through the Creation component. Each asset uploaded in this bulk operation will also trigger the antivirus scan.
The brief overview of the steps to set up a working antivirus environment are as follows:
Enable antivirus in Settings.
Configure a Content flow using the M.MediaMatrix entity:
- Add an antivirus task.
- Set dependency with the rendition tasks.
- Change the input property of rendition tasks to source.
- URL is set to an Azure function that takes care of the API calls and responses with the external security service. The response of the antivirus service should be mapped to the expected values our antivirus property expects, namely Ok or Malicious.
If a file is marked as Malicious, then the Rendition tasks will not be executed. Instead, a placeholder will replace the rendition of thumbnails and preview to show the user that the file is malicious:
This antivirus task is not globally set for all sorts of uploads. It must be added and configured in each flow, which manages specific extensions required by the user (images, documents, etc.).
The user should not use UI (Manage > Media Processing) to configure this because of the dependency issues that will set the input property of the rendition tasks to an incorrect value. Saving the flow in the Media Processing page will overwrite the changes made to the M.MediaMatrix entity, returning the value to the default input value of dependent tasks.
The antivirus task is an External Web Task that should communicate with an external API controller (e.g., Azure function) set up by the client. The API controller regulates the API functionality with the external service and responds to Sitecore Content Hub with the appropriate value Ok or Malicious.
Can we improve this article ? Provide feedback