11 Protecting against malware with ClamSAP #
ClamSAP integrates the ClamAV anti-malware toolkit into SAP NetWeaver and SAP Mobile Platform applications. ClamSAP is a shared library that links between ClamAV and the SAP NetWeaver Virus Scan Interface (NW-VSI). The version of ClamSAP shipped with SUSE Linux Enterprise Server for SAP applications 15 SP4 supports NW-VSI version 2.0.
 By default, ClamAV does not scan files exceeding various limits like
   file sizes, nesting level, or scan time. Such files are reported as "OK". The
   current default settings for the ClamAV virus scan engine in the
    clamscan commandline tool and the clamd scan daemon are set in a way that: 
- Files and archives are scanned, but only up to the configured or default limits for size, nesting level, scan time, etc. 
- The scan engine reports these files as being "OK". 
- This could potentially allow attackers to bypass the virus scanning. 
 Alerts can be enabled to set the
    --alert-exceeds-max=yes option on the
    clamscan commandline or via AlertExceedsMax
    TRUE in clamd.conf for daemon based scans.
   Settings these options will cause a "FOUND" report of status type
    Heuristics.Limits.Exceeded. You need to handle such
   files differently in front-ends or processing of reports.
  
Before enabling the alert, ensure that front-ends will not suddenly quarantine or remove those files.
11.1 Installing ClamSAP #
- On the application host, install the packages for ClamAV and ClamSAP. To do so, use the command: - >- sudo zypper install clamav clamsap
- Before you can enable the daemon - clamd, initialize the malware database:- >- sudo freshclam
- Start the service - clamd:- >- sudo systemctl start clamd
- Check the status of the service - clamdwith:- >- systemctl status clamd● clamd.service - ClamAV Antivirus Daemon Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2017-04-11 10:33:03 UTC; 24h ago [...]
11.2 Creating a virus scanner group in SAP NetWeaver #
- Log in to the SAP NetWeaver installation through the GUI. Do not log in as a - DDICor- SAP*user, because the virus scanner needs to be configured cross-client.
- Create a Virus Scanner Group using the transaction . 
- To switch from view mode to change mode, click the button (  ). ).- Confirm the message by clicking the check mark. The table is now editable. 
- Select the first empty row. In the text box , specify - CLAMSAPVSI. Under , specify- CLAMSAP.- Make sure that is not checked. 
11.3 Setting up the ClamSAP library in SAP NetWeaver #
- In the SAP NetWeaver GUI, call the transaction . 
- To switch from view mode to change mode, click the button (  ). ).- Confirm the message by clicking the check mark. The table is now editable. 
- Click . 
- Fill in the form accordingly: - : - Adapter (Virus Scan Adapter)
- : - VSA_HOSTNAME(for example:- VSA_SAPSERVER)
- Scanner Group: The name of the scanner group that you set up in Section 11.2, “Creating a virus scanner group in SAP NetWeaver” (for example:- CLAMSAPVSI)
- : - HOSTNAME_SID_INSTANCE_NUMBER(for example:- SAPSERVER_P04_00)
- : - libclamdsap.so
 
11.4 Configuring the default location of virus definitions #
   By default, ClamAV expects the virus definitions to be located in /var/lib/clamsap.
   To change this default location, proceed as follows:
  
- Log in to the SAP NetWeaver installation through the GUI. Do not log in as a - DDICor- SAP*user, because the virus scanner needs to be configured cross-client.
- Select the - CLAMSAPVSIgroup.
- In the left navigation pane, click . 
- To switch from view mode to change mode, click the button (  ). ).- Confirm the message by clicking the check mark. The table is now editable. 
- Click and select INITDRIVERDIRECTORY. 
- Enter the path to a different virus scanner location. 
11.5 Engaging ClamSAP #
To run ClamSAP, go to the transaction . Then click Start.
Afterward, a summary will be displayed, including details of the ClamSAP and ClamAV (shown in Figure 11.2, “Summary of ClamSAP data”).
11.6 For more information #
For more information, also see the project home page https://sourceforge.net/projects/clamsap/.







