You can upload attached documents to many Maximo records such as Work Orders, Purchase Orders and Purchase Requisitions as well as uploading Migration Packages through the Migration Manager application. Maximo will allow you to upload anything if it has an extension which it will accept, for example .txt, .doc, .docx and .zip.
During a recent penetration test, we discovered that not all virus scanners will remove harmful attached documents from the server once they are uploaded. Even if they do, by that point they have been written to disk, so the damage may already be done! It would be better if Maximo could scan the attachments before writing them to disk. This way, they can’t do any harm, or at least reduce amount of damage they may cause. After some digging around, it turns out there are actually three system properties and a third party virus scanner that can enable this functionality.
Example
In this example we will be uploading a .txt file called TEST.txt which will contain the EICAR text. This text is not a virus, but it used by all major virus scanning software to test functionality without having to use a real virus or worm. So, if we uploaded this to Maximo (in an ideal scenario) it should be picked up by the virus scanning software on the server and removed.
This is what our “virus” looks like:
If we upload it to a “vanilla” Maximo system, we can see Maximo processes it and it sits quite happily on the server’s file system:
Now, if we enable the third party virus scanner for Maximo when we try and upload the document, we get the following error message:
This file is not written to disk and can’t be uploaded to Maximo.
Setting up the Virus Scanner in Maximo
Enabling the virus scanner in Maximo is very simple. First you need a virus scanner that can use the ICAP protocol. In this example we are using the Symantec protection for cloud services. The ICAP functionality setup in the Symantec protection for cloud services is very simple as is shown below:
There are three system properties which don’t seem to be documented anywhere but can been seen in the Maximo logs as warnings. This is because they don’t exist by default in Maximo.
The properties are:
- mxe.doclink.VirusScannerIPAddress – The IP address where the virus scanner is hosted. This is set to the IP from the ICAP configuration 192.168.254.59.
- mxe.doclink.VirusScannerPort – The port the virus scanner uses for its ICAP protocol. This is set to the port number from the ICAP configuration 1345.
- mxe.doclink.isVirusScanEnabled – Set to true or false to enable the virus scanning functionality.
These will need to be added through the System Properties application. Once applied, virus scanning is enabled. If it causes any issues, it can be disabled by setting the mxe.doclinks.isVirusScanEnabled system property to false.
0 Comments