Content Management and Capture

 View Only
  • 1.  Methods or best practices to pre-process files before storage

    Posted Tue December 12, 2023 02:00 PM

    Hi all

    I have customers that are using CMOD and Content Manager as their main ECM tool.

    One of them is asking me for guidance on how to 

    1. Scan existing content in both to find if any files stored in there represent a security threat, like containing viruses or XSS code
    2. How to implement a solution to prevent potentially infected files.

    In the last days I've read documentation, it became obvious to me that neither has a built-in functionality for this. But I'm pretty sure other customers that are using those products certainly have asked for the same or even implemented solutions.

    I would personally suggest to use the APIs for the existing content, retreiving it and having it checked by the tool of their choice. 

    Is there a better way?

    And for the future, what would be the best way to introduce a pre-processing taks in Content Manager? And in CMOD if that is possible.



    ------------------------------
    Eric Giguere
    ------------------------------


  • 2.  RE: Methods or best practices to pre-process files before storage

    Posted Wed December 13, 2023 07:35 PM

    Neither Content Manager (CM8) or Content Manager OnDemand (CMOD) include provisions to virus scan stored content. 

    Content stored in CMOD typically only originates from financial systems within the organization - bills, statements, correspondence etc. There should be zero chance of this internally generated content being infected. If there is, the customer has far bigger issues to deal with in their up-stream systems. 

    For content that originates from outside of the organization, the expectation is that the organization will implement various layers of defense - firewalls, portals, authentication, virus scans, etc. to detect and manage potential threats prior to ingesting any externally received content into their CM8 or CMOD repository. 



    ------------------------------
    Neil Parrott
    ------------------------------



  • 3.  RE: Methods or best practices to pre-process files before storage

    Posted Thu December 14, 2023 03:57 AM

    Hi Eric,

    The only way to do it is writing custom event action by using API set of virus protect application. These applications are generally use ICAP protocol to communicate. 

    If you need, I can send you sample code.

    RegardsMujdat



    ------------------------------
    Mujdat Mutlu
    ------------------------------