/
s4s_clamsap.xml
433 lines (432 loc) · 14.1 KB
/
s4s_clamsap.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter
[
<!ENTITY % entities SYSTEM "generic-entities.ent">
%entities;
]>
<?xml-stylesheet href="urn:x-suse:xslt:profiling:docbook50-profile.xsl"
type="text/xml"
title="Profiling step"?>
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:lang="en" xml:id="cha-clamsap">
<title>Protecting against malware with &clamsap;</title>
<info>
<dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
<dm:bugtracker/>
<dm:translation>yes</dm:translation>
</dm:docmanager>
</info>
<para>
&clamsap; integrates the &clamav; anti-malware toolkit into &netweaver; and
&sap; Mobile Platform applications. &clamsap; is a shared library that
links between &clamav; and the &netweaver; Virus Scan Interface (NW-VSI).
The version of &clamsap; shipped with &productname;
&productnumber; supports NW-VSI version 2.0.
</para>
<important>
<title>Avoid false positive reports for large files exceeding maximum file size</title>
<remark>toms 2021-10-20: See https://www.suse.com/support/kb/doc/?id=000020324</remark>
<para> By default, &clamav; does not scan files exceeding various limits like
file sizes, nesting level, or scan time. Such files are reported as "OK". The
current default settings for the &clamav; virus scan engine in the
<command>clamscan</command> commandline tool and the <systemitem
class="daemon">clamd</systemitem> scan daemon are set in a way that: </para>
<itemizedlist>
<listitem>
<para>Files and archives are scanned, but only up to the configured or default limits
for size, nesting level, scan time, etc.</para>
</listitem>
<listitem>
<para>
The scan engine reports these files as being "OK".
</para>
</listitem>
<listitem>
<para>
This could potentially allow attackers to bypass the virus scanning.
</para>
</listitem>
</itemizedlist>
<para> Alerts can be enabled to set the
<option>--alert-exceeds-max=yes</option> option on the
<command>clamscan</command> commandline or via <option>AlertExceedsMax
TRUE</option> in <filename>clamd.conf</filename> for daemon based scans.
Settings these options will cause a "FOUND" report of status type
<literal>Heuristics.Limits.Exceeded</literal>. You need to handle such
files differently in front-ends or processing of reports.
</para>
<para>
Before enabling the alert, ensure that front-ends will not suddenly
quarantine or remove those files.
</para>
</important>
<sect1 xml:id="sec-clamsap-install">
<title>Installing &clamsap;</title>
<procedure>
<step>
<para>
On the application host, install the packages for &clamav; and
&clamsap;. To do so, use the command:
</para>
<screen>&prompt.user;<command>sudo zypper install clamav clamsap</command></screen>
</step>
<step>
<para>
Before you can enable the daemon
<systemitem class="daemon">clamd</systemitem>, initialize the malware
database:
</para>
<screen>&prompt.user;<command>sudo freshclam</command></screen>
</step>
<step>
<para>
Start the service <systemitem class="daemon">clamd</systemitem>:
</para>
<screen>&prompt.user;<command>sudo systemctl start clamd</command></screen>
</step>
<step>
<para>
Check the status of the service
<systemitem class="daemon">clamd</systemitem> with:
</para>
<screen>
&prompt.user;<command>systemctl status clamd</command>
● clamd.service - ClamAV Antivirus Daemon
Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2017-04-11 10:33:03 UTC; 24h ago
[...]
</screen>
</step>
</procedure>
</sect1>
<sect1 xml:id="sec-clamsap-scannergroup">
<title>Creating a virus scanner group in &nw;</title>
<procedure>
<step>
<para>
Log in to the &nw; installation through the GUI. Do not log in as
a <systemitem class="username">DDIC</systemitem> or
<systemitem class="username">SAP*</systemitem> user, because the virus
scanner needs to be configured cross-client.
</para>
</step>
<step>
<para>
Create a Virus Scanner Group using the transaction
<guimenu>VSCANGROUP</guimenu>.
</para>
<informalfigure>
<mediaobject>
<imageobject role="html">
<imagedata fileref="sap-nw-scanner-group-display.jpg"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-scanner-group-display.jpg" width="85%"/>
</imageobject>
<textobject role="description">
<phrase>Edit View Scanner Group with editable table</phrase>
</textobject>
</mediaobject>
</informalfigure>
</step>
<step>
<para>
To switch from view mode to change mode, click the button <guimenu>Change View</guimenu>
(<inlinemediaobject>
<textobject role="description">
<phrase>Change View</phrase>
</textobject>
<imageobject role="html">
<imagedata fileref="sap-nw-viewmode-icon.png" width="1em"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-viewmode-icon.png" width="0.8em"/>
</imageobject>
</inlinemediaobject>).
</para>
<para>
Confirm the message <guimenu>This table is cross-client</guimenu> by
clicking the check mark. The table is now editable.
</para>
</step>
<step>
<para>
Select the first empty row. In the text box
<guimenu>Scanner Group</guimenu>, specify
<literal>CLAMSAPVSI</literal>. Under
<guimenu>Group Text</guimenu>, specify <literal>CLAMSAP</literal>.
</para>
<para>
Make sure that <guimenu>Business Add-in</guimenu> is not checked.
</para>
<informalfigure>
<mediaobject>
<textobject role="description">
<phrase>Edit View Scanner Group with editable table</phrase>
</textobject>
<imageobject role="html">
<imagedata fileref="sap-nw-scanner-group-change.jpg"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-scanner-group-change.jpg" width="85%"/>
</imageobject>
</mediaobject>
</informalfigure>
</step>
<step>
<para>
To save the form, click the button <guimenu>Save</guimenu>
(<inlinemediaobject>
<textobject role="description">
<phrase>Save</phrase>
</textobject>
<imageobject role="html">
<imagedata fileref="sap-nw-save-icon.png" width="1em"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-save-icon.png" width="0.8em"/>
</imageobject>
</inlinemediaobject>).
</para>
</step>
</procedure>
</sect1>
<sect1 xml:id="sec-clamsap-library">
<title>Setting up the &clamsap; library in &nw;</title>
<procedure>
<step>
<para>
In the &nw; GUI, call the transaction <guimenu>VSCAN</guimenu>.
<!-- wording: "call"? Maybe "open"? - sknorr, 2017-04-13 -->
</para>
</step>
<step>
<para>
To switch from view mode to change mode, click the button
<guimenu>Change View</guimenu>
(<inlinemediaobject>
<textobject role="description">
<phrase>Change View</phrase>
</textobject>
<imageobject role="html">
<imagedata fileref="sap-nw-viewmode-icon.png" width="1em"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-viewmode-icon.png" width="0.8em"/>
</imageobject>
</inlinemediaobject>).
</para>
<para>
Confirm the message <guimenu>This table is cross-client</guimenu> by
clicking the check mark. The table is now editable.
</para>
</step>
<step>
<para>
Click <guimenu>New entries</guimenu>.
</para>
</step>
<step>
<para>
Fill in the form accordingly:
</para>
<itemizedlist>
<listitem>
<para>
<guimenu>Provider Type</guimenu>: <literal>Adapter (Virus Scan Adapter)</literal>
</para>
</listitem>
<listitem>
<para>
<guimenu>Provider Name</guimenu>: <literal>VSA_<replaceable>HOSTNAME</replaceable></literal>
(for example: <literal>VSA_SAPSERVER</literal>)
</para>
</listitem>
<listitem>
<para>
<literal>Scanner Group</literal>: The name of the scanner group that
you set up in <xref linkend="sec-clamsap-scannergroup"/> (for example:
<literal>CLAMSAPVSI</literal>)
</para>
</listitem>
<listitem>
<para>
<guimenu>Server</guimenu>:
<literal><replaceable>HOSTNAME</replaceable>_<replaceable>SID</replaceable>_<replaceable>INSTANCE_NUMBER</replaceable></literal>
(for example: <literal>SAPSERVER_P04_00</literal>)
</para>
</listitem>
<listitem>
<para>
<guimenu>Adapter Path</guimenu>: <filename>libclamdsap.so</filename>
</para>
</listitem>
</itemizedlist>
<informalfigure>
<mediaobject>
<textobject role="description">
<phrase>Form New Entries: Details of Added Entries</phrase>
</textobject>
<imageobject role="html">
<imagedata fileref="sap-nw-scanner-definition-add.jpg"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-scanner-definition-add.jpg" width="85%"/>
</imageobject>
</mediaobject>
</informalfigure>
</step>
<step>
<para>
To save the form, click the button
<inlinemediaobject>
<textobject role="description">
<phrase>Save</phrase>
</textobject>
<imageobject role="html">
<imagedata fileref="sap-nw-save-icon.png" width="1em"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-save-icon.png" width="0.8em"/>
</imageobject>
</inlinemediaobject>.
</para>
</step>
</procedure>
</sect1>
<sect1 xml:id="sec-clamsap-changedir">
<title>Configuring the default location of virus definitions</title>
<para>
By default, &clamav; expects the virus definitions to be located in <filename
class="directory">/var/lib/clamsap</filename>.
To change this default location, proceed as follows:
</para>
<procedure>
<step>
<para>
Log in to the &nw; installation through the GUI. Do not log in as
a <systemitem class="username">DDIC</systemitem> or
<systemitem class="username">SAP*</systemitem> user, because the virus
scanner needs to be configured cross-client.
</para>
</step>
<step>
<para>
Select the <literal>CLAMSAPVSI</literal> group.
</para>
</step>
<step>
<para>
In the left navigation pane, click <guimenu>Configuration Parameters</guimenu>.
</para>
</step>
<step>
<para>
To switch from view mode to change mode, click the button <guimenu>Change View</guimenu>
(<inlinemediaobject>
<textobject role="description">
<phrase>Change View</phrase>
</textobject>
<imageobject role="html">
<imagedata fileref="sap-nw-viewmode-icon.png" width="1em"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-viewmode-icon.png" width="0.8em"/>
</imageobject>
</inlinemediaobject>).
</para>
<para>
Confirm the message <guimenu>This table is cross-client</guimenu> by
clicking the check mark. The table is now editable.
</para>
<figure xml:id="fig-clamsap-add-entry">
<title></title>
<mediaobject>
<imageobject role="html">
<imagedata fileref="sap-new-scanner-clamsap-add-entries.jpg" width="95%"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-new-scanner-clamsap-add-entries.jpg" width="85%"/>
</imageobject>
</mediaobject>
</figure>
</step>
<step>
<para>
Click <guimenu>New Entries</guimenu> and select <parameter>INITDRIVERDIRECTORY</parameter>.
</para>
<figure xml:id="fig-clamsap-add-value">
<title></title>
<mediaobject>
<imageobject role="html">
<imagedata fileref="sap-new-scanner-clamsap-add-value.jpg" width="95%"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-new-scanner-clamsap-add-value.jpg" width="85%"/>
</imageobject>
</mediaobject>
</figure>
</step>
<step>
<para>
Enter the path to a different virus scanner location.
</para>
</step>
<step>
<para>
To save the form, click the button <guimenu>Save</guimenu>
(<inlinemediaobject>
<textobject role="description">
<phrase>Save</phrase>
</textobject>
<imageobject role="html">
<imagedata fileref="sap-nw-save-icon.png" width="1em"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-save-icon.png" width="0.8em"/>
</imageobject>
</inlinemediaobject>).
</para>
</step>
</procedure>
</sect1>
<sect1 xml:id="sec-clamsap-engage">
<title>Engaging &clamsap;</title>
<para>
To run &clamsap;, go to the transaction <guimenu>VSCAN</guimenu>. Then
click <emphasis>Start</emphasis>.
</para>
<figure xml:id="fig-clamsap-scanner-change">
<title>Change view <quote>virus scan provider definition</quote></title>
<mediaobject>
<imageobject role="html">
<imagedata fileref="sap-nw-scanner-definition-change.jpg"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-scanner-definition-change.jpg" width="85%"/>
</imageobject>
</mediaobject>
</figure>
<para>
Afterward, a summary will be displayed, including details of the &clamsap;
and &clamav; (shown in <xref linkend="fig-clamsap-summary"/>).
</para>
<figure xml:id="fig-clamsap-summary">
<title>Summary of &clamsap; data</title>
<mediaobject>
<imageobject role="html">
<imagedata fileref="sap-nw-scanner-summary.jpg"/>
</imageobject>
<imageobject role="fo">
<imagedata fileref="sap-nw-scanner-summary.jpg" width="85%"/>
</imageobject>
</mediaobject>
</figure>
</sect1>
<sect1 xml:id="sec-clamsap-more">
<title>For more information</title>
<para>
For more information, also see the project home page
<link xlink:href="https://sourceforge.net/projects/clamsap/"/>.
</para>
</sect1>
</chapter>