Apache Sling Clam

Clone this repo:
  1. a48e319 SLING-11709 - Set up Jira autolinks to all Sling Github projects by Robert Munteanu · 9 weeks ago master
  2. e00185a style by Oliver Lietz · 3 months ago
  3. 3ab1317 SLING-11254 Make additional authorization on HTTP scan endpoint mandatory by Oliver Lietz · 3 months ago
  4. db3a588 update test dependencies by Oliver Lietz · 3 months ago
  5. be1558f SLING-10893 Enable code checks with SpotBugs by Oliver Lietz · 4 months ago

Apache Sling

Build Status Test Status Coverage Sonarcloud Status JavaDoc Maven Central License

Apache Sling Clam

This module is part of the Apache Sling project.

This module provides support for Clam in Sling.

Finding data to scan for malware

NodeDescendingJcrPropertyDigger starts descending from a given root path, digs properties based on type, path and length and creates scan jobs.

NodeObservingJcrPropertyDigger observes Oak's NodeStore, digs properties based on type, path and length and creates scan jobs.

NOTE: Ensure to exclude scan jobs in /var/eventing and scan results in /var/clam/results from scanning.

Scanning data

JcrPropertyScanJobConsumer processes scan jobs by reading property values from JCR, sends data to Clam service for scanning and invokes optional scan result handlers.

The service requires read-only access to all paths to be scanned which can be allowed by adding the service user mapping org.apache.sling.clam=sling-readall.

Handling of scan results

ClamEventsServlet publishes scan results as Server-Sent Events via HTTP.

EventPublishingScanResultHandler publishes scan results via OSGi Event Admin Service.

MailSendingScanResultHandler sends scan results as mails via Sling Commons Messaging Mail.

ResourcePersistingScanResultHandler persists scan results via ResourceResolver in JCR. The result handler requires write access to a configurable root path for subservice result-writer.


Scanning all binaries and strings in AEM Assets:

curl -v -u username:password -F path=/content/dam -F pattern=^/.*$ -F propertyTypes[]=Binary -F propertyTypes[]=String http://localhost:4502/system/clam-jcr-scan

Listening to Sling Clam events:

curl -v -u username:password http://localhost:4502/system/clam-events

Useful Patterns


Integration Tests

Integration tests require a running Clam daemon. By default a Docker container (mk0x/docker-clamav:alpine) is started via Testcontainers and local Docker Engine to provide the Clam daemon.

Use external Clam daemon

To disable Testcontainers and use an external Clam daemon set clamd.testcontainer to false:

mvn clean install -Dclamd.testcontainer=false

To override default Clam daemon host localhost and port 3310 set clamd.host and clamd.port:

mvn clean install -Dclamd.testcontainer=false -Dclamd.host=localhost -Dclamd.port=3310