Show TOC

Virus ScanningLocate this document in the navigation structure

Use

Uploaded documents are displayed in SAP Fiori apps without further security-related checks. If a document contains malicious content, unintended actions could be triggered at the front end during download or display, which might lead to cross-site scripting vulnerabilities. Various SAP Fiori apps offer the possibility to upload or display documents. If you use one of these apps, you have to install an appropriate virus scanner and define sufficiently restrictive scan profiles to prevent upload of malicious content.

Scan Profiles for SAP Fiori Applications

The virus scanner will reject all documents that are not compliant with the rules defined in the settings of the scan profile. These rules need to disallow dangerous MIME types (such as documents with active content like html or javascript).

The documents are checked with a scan profile before being stored in the Knowledge Provider (KPro). The following scan profiles are available for the SAP Fiori apps offering the possibility to upload or display documents:

Area

Scan Profile

Standard

/SCMS/KPRO_CREATE

SAP Master Data Governance

/MDG_BS_FILE_UPLOAD/MDG_VSCAN
Note

For the SAP Fiori apps My Quotations and Sales Order Fulfillment Monitor, you can overrule the standard scan profile with the following settings (evaluated from top to bottom until a profile is found):

  1. Value of parameter &GOS_VPROFILE from memory id &GOS_VSI_PROFILE

  2. Value of parameter &BCS_VPROFILE from memory id &BCS_VSI_PROFILE

  3. Value in field VALUE for the record in table SXPARAMS with key PARAM = SO_VSI_PROFILE

More Information

For more information about the configuration for SAP NetWeaver 7.31, see the SAP Help Portal at http://help.sap.com/nw731Start of the navigation path Application Help Next navigation step Function-Oriented View Next navigation step Security Next navigation step System Security Next navigation step Virus Scan Interface End of the navigation path.

For more information about the configuration for SAP NetWeaver 7.40, see the SAP Help Portal at http://help.sap.com/nw74Start of the navigation path Application Help Next navigation step Function-Oriented View Next navigation step Security Next navigation step System Security Next navigation step Virus Scan Interface End of the navigation path.

You can find additional information in the SAP Notes 786179 Information published on SAP site and 1494278 Information published on SAP site.