Most of us have an antivirus software installed on our PC to protect our data. Antivirus software plays a key role in protecting our system by detecting threats and ensuring our data remains safe. We’re also aware that we should not open attachments in unsolicited email coming from unknown email addresses. But have you considered viruses might also reside in your wiki’s attachments? Unless your wiki is completely isolated, you’re always going to face the risk of viruses, particularly when you upload external files to the wiki. It’s what you do to prepare yourself against the potential damage that matters, particularly to avoid infecting any of your users who might download infected attachments.
The new XWiki Antivirus Application provides extra protection for your wiki, by scanning uploaded attachments via an external antivirus engine. The antivirus performs various checks and verifications through different algorithms and its extensive virus database.
The checks are performed in two steps:
- Directly at upload time, canceling the upload operation in case an infected file is detected, thus not allowing the infected file to reach your wiki.
- Periodically, by scanning all attachments on your wiki (including subwikis), in order to cover the case where a periodically updated virus database would now be able to detect a threat that was previously unknown. The period is configurable through a scheduler.
For your convenience, the Antivirus Application comes with ClamAV integrated by default. ClamAV is the leading Open Source antivirus solution. However, other antivirus engines can also easily be implemented and configured to be used by the Antivirus Application.
Once you have installed the app, the Antivirus section will become available in your XWiki Administration, together with options for configuring the connection to the ClamAV antivirus server. After the configuration, the antivirus application will start working to prevent users from attaching infected files to your wiki's pages.
Whenever an infected attachment is detected during the periodical scan, it is immediately deleted, in order to neutralize the threat. You might be curious why it doesn't disinfect the file. ClamAV's FAQ explains the reason for not attempting this. The short answer is that most of the time, infected files are compromised beyond recovery and whatever is left after disinfection is either corrupted or dangerous.
At the end of each periodic scan, an email report is generated and sent to all main wiki admins. The report contains information about the following:
- Infected attachments that were detected and automatically deleted
- Infected attachments that failed to be deleted (i.e. might still be a threat), if any
- Errors that occurred during the scan of some attachments
Each incident, (detected during upload) or during a scheduled scan, is recorded in the Antivirus Log which is displayed in the same Administration section.
You can try out the Antivirus App by installing it from your wiki’s Extension Manager.
The application is included in XWiki Pro, so our Silver+ customers already enjoy free access to it. You can install the app directly from the Extension Manager or contact our support team for help.