SAP VIRUS SCAN INTERFACE
You can use the Virus Scan Interface to include external virus scanners in the SAP system to increase the security of your system. This means that you can use a high-performance integration solution to scan files or documents that are processed by applications for viruses. This applies both for applications delivered by SAP and for customer developments, for example, during data transfers across networks or when documents are exchanged using interfaces. This Virus Scan Interface is available for both AS ABAP and AS Java.
Since SAP-managed databases are central distribution points, it is very dangerous to store malformed or otherwise dangerous data in them as this data might spread very quickly across the network. Applications that are transferring files to or from SAP-managed databases must ensure that the data is not vulnerable to any known threats.
The architecture of the Virus Scan Interface allows you to combine different products, systems, and platforms to scan your applications for viruses. This is possible since SAP provides a certified interface for the virus scan products of other vendors. The partners’ virus scan engines can, for example, have completely different architectures. However, by integrating an adapter using a proprietary connection, any partner can connect any existing virus scan product to the virus scan interface.
On the SAP side, different VSILIB layers are used to include the ABAP and Java worlds, and to deal with platform dependencies (of operating systems and processors, that is, 32 or 64 bit) in the integration of the virus scan interface.
Elements of the Virus Scan Interface
The graphic below clarifies the layer structure of the SAP Virus Scan Interface (SAP VSI API) and shows which parts are delivered by SAP, and which by the relevant partners.
Software Layers of the Virus Scan Interface
The SAP Virus Scan Interface (SAP VSI API):
1. Is accessed by partner products directly with the scan engine or indirectly using a separate virus scan adapter.
2. Contains the functions required to configure and to initialize the scan engine.
3. Provides the parameters and data for every virus scan.
4. Processes the check result.
ABAP or Java application programs start virus scans with dedicated classes and methods of the SAP virus scan interface, which, in turn, call a virus scan server or the AS Java directly using RFC.
Virus Scan Profiles
Different applications have different requirements for virus scanning. For example, an HR application dealing with external recruiting forms wants high security scanning whereas performance is not a critical aspect. On the other hand, a CRM application dealing with mostly internal documents wants less scanning effort and better performance. Virus scan profiles are used to allow for application-specific configuration of virus scanning.
Application programs use virus scan profiles to check data for viruses. You can also define which scanner group/groups are to be used to check a document. You can also use a virus scan profile to assign configuration parameters for the virus scanner. If you check for viruses with this virus scan profile, the virus scanner receives the parameters.
Virus scan profiles can point to other profiles (reference mechanism). SAP delivers profiles for its applications, pointing all to the “default profile”. By creating one single virus scan profile and flagging it as the “default profile”, customers can use this profile for all SAP applications without separate configuration.
The system administrator can use the profile to activate or deactivate the virus scan for each component. By default, a virus scan profile is provided for each SAP application that integrates a virus scan.
Testing Your Application
To do this, you must activate the virus scan, then you can test using transaction 'VSCANTEST' (ABAP) or the test application 'http://hostname:port/vscantest' (J2EE).
Activating the Virus ScanAs of SAP NetWeaver, from a technology point of view, you can use the virus scan as of SAP_BASIS 640 for ABAP and J2EE with feature pack (which corresponds to Support Package 7). From an application point of view this means: The virus scan function is available for all SAP solutions that are based on SAP NetWeaver (for example, SAP Business Suite, SAP Business ByDesign).
Before SAP NetWeaver, the virus scan is available in SAP R/3 Enterprise
a) In transaction VSCANPROFILE, you can use the 'Active' indicator to activate or deactivate a profile.
(b) You can use the view cluster maintenance (transaction SM34) to configure the virus scan profile that was delivered. The name of the viewcluster is 'VSCAN_PROFILE_VC'. You can activate or deactivate a profile here using the 'Active' indicator.
J2EE:
You can configure a virus scan profile, and activate/deactivate it in administration by choosing 'Visual Administrator Service'-> 'Virus Scan Provider' -> 'Profiles'.
