Apache Sling Clam

Clone this repo:
  1. cea9246 SLING-12094 - Use GitHub for the Maven scm.url value by Robert Munteanu · 9 months ago master
  2. e0c8492 SLING-11949 Update to Sling Bundle Parent 51 by Oliver Lietz · 1 year ago
  3. f59cfa2 SLING-11478 Update Testing PaxExam to 4.0.0 by Oliver Lietz · 1 year ago
  4. 444f3ee SLING-11939 Update to Sling Bundle Parent 50 by Oliver Lietz · 1 year ago
  5. cd39e3e build on Linux only by Oliver Lietz · 1 year ago

Apache Sling

Build Status Test Status Coverage Sonarcloud Status JavaDoc Maven Central License

Apache Sling Clam

This module is part of the Apache Sling project.

This module provides support for Clam in Sling.

Finding data to scan for malware

NodeDescendingJcrPropertyDigger starts descending from a given root path, digs properties based on type, path and length and creates scan jobs.

NodeObservingJcrPropertyDigger observes Oak's NodeStore, digs properties based on type, path and length and creates scan jobs.

NOTE: Ensure to exclude scan jobs in /var/eventing and scan results in /var/clam/results from scanning.

Scanning data

JcrPropertyScanJobConsumer processes scan jobs by reading property values from JCR, sends data to Clam service for scanning and invokes optional scan result handlers.

The service requires read-only access to all paths to be scanned which can be allowed by adding the service user mapping org.apache.sling.clam=sling-readall.

Handling of scan results

ClamEventsServlet publishes scan results as Server-Sent Events via HTTP.

EventPublishingScanResultHandler publishes scan results via OSGi Event Admin Service.

MailSendingScanResultHandler sends scan results as mails via Sling Commons Messaging Mail.

ResourcePersistingScanResultHandler persists scan results via ResourceResolver in JCR. The result handler requires write access to a configurable root path for subservice result-writer.


Scanning all binaries and strings in AEM Assets:

curl -v -u username:password -F path=/content/dam -F pattern=^/.*$ -F propertyTypes[]=Binary -F propertyTypes[]=String http://localhost:4502/system/clam-jcr-scan

Listening to Sling Clam events:

curl -v -u username:password http://localhost:4502/system/clam-events

Useful Patterns


Integration Tests

Integration tests require a running Clam daemon. By default a Docker container (mk0x/docker-clamav:alpine) is started via Testcontainers and local Docker Engine to provide the Clam daemon.

Use external Clam daemon

To disable Testcontainers and use an external Clam daemon set clamd.testcontainer to false:

mvn clean install -Dclamd.testcontainer=false

To override default Clam daemon host localhost and port 3310 set clamd.host and clamd.port:

mvn clean install -Dclamd.testcontainer=false -Dclamd.host=localhost -Dclamd.port=3310