Apache Sling Clam

Clone this repo:
  1. 8020d5a increase timeout on content to 120000 ms by Oliver Lietz · 6 weeks ago master
  2. 35d78ce increase timeout on content to 60000 ms by Oliver Lietz · 6 weeks ago
  3. 2fe87b4 SLING-8688 Enable integration tests with Docker by Oliver Lietz · 6 weeks ago
  4. a8f8e13 SLING-8688 Enable integration tests with Docker by Oliver Lietz · 6 weeks ago
  5. e27df54 [maven-release-plugin] prepare for next development iteration by Oliver Lietz · 7 weeks ago

Build Status Test Status Maven Central JavaDocs License

Apache Sling Clam

This module is part of the Apache Sling project.

This module provides support for Clam in Sling.

Finding data to scan for malware

NodeDescendingJcrPropertyDigger starts descending from a given root path, digs properties based on type, path and length and creates scan jobs.

NodeObservingJcrPropertyDigger observes Oak's NodeStore, digs properties based on type, path and length and creates scan jobs.

NOTE: Ensure to exclude scan jobs in /var/eventing and scan results in /var/clam/results from scanning.

Scanning data

JcrPropertyScanJobConsumer processes scan jobs by reading property values from JCR, sends data to Clam service for scanning and invokes optional scan result handlers.

The service requires read-only access to all paths to be scanned which can be allowed by adding the service user mapping org.apache.sling.clam=sling-readall.

Handling of scan results

EventPublishingScanResultHandler publishes scan results via OSGi Event Admin Service.

ResourcePersistingScanResultHandler persists scan results via ResourceResolver in JCR. The result handler requires write access to a configurable root path for subservice result-writer.

HTTP API

Scanning all binaries and strings in AEM Assets:

curl -v -u username:password -F path=/content/dam -F pattern=^/.*$ -F propertyTypes[]=Binary -F propertyTypes[]=String http://localhost:4502/system/clam-jcr-scan

Observing Sling Clam events:

curl -v -u username:password http://localhost:4502/system/clam-events

Useful Patterns

^\/(?!.*\/rep:principalName)(.*)$

Integration Tests

Integration tests require a running Clam daemon. By default a Docker container (mk0x/docker-clamav:alpine) is started via Testcontainers and local Docker Engine to provide the Clam daemon.

Use external Clam daemon

To disable Testcontainers and use an external Clam daemon set clamd.testcontainer to false:

mvn clean install -Dclamd.testcontainer=false

To override default Clam daemon host localhost and port 3310 set clamd.host and clamd.port:

mvn clean install -Dclamd.testcontainer=false -Dclamd.host=localhost -Dclamd.port=3310