ffdixon
commented
11 months ago Hi Manfred,
We got your message. I'm the Product Manager for BigBlueButton. I've been managing the project since 2008.
I also work with other teams responsible for many of the related components, including the Moodle Integration, GreenLight, ScaleLite, and LTI integration.
A number of improvements to BigBlueButton have been accelerated with support from the community. See release notes for 2.7.0.
I will reach out to you directly. You an also reach me a ffdixon .at. bigbluebutton .dot. org.
defnull
Hello, we operate Greenlight with Scalite as a government institution and are currently undergoing various IT security tests. These tests are standardized and focus on compliance with longstanding predefined rules rather than logic. These rules are commonplace in many EU countries. Currently, we are encountering an issue with virus scanning during uploads, while we've already resolved a similar problem with BBB directly on the server. It would be a fantastic feature if we could integrate ClamAV into the backend of Greenlight, allowing for immediate scanning for malicious code upon upload. If malicious code is detected, the upload would be denied, and a notification would be displayed.
We are currently addressing this issue through volume monitoring. This will likely affect thousands of institutions in Germany alone and probably many more public institutions submitting Greenlight to security authorities. We also understand that it poses no security risk if malicious code is eliminated through JPEG conversion within the VM, but the auditors require that malicious code be intercepted beforehand, with an error message issued.
If this feature could be incorporated into the Greenlight Core, we would be willing to contribute significantly or even fully cover the associated costs. This implementation would relieve a substantial amount of additional work for many developers. Please feel free to get in touch with me.