[WIP] MSC1453: Antivirus support

[ara4n]

This is a placeholder for a future MSC to document a proposal for the antivirus stuff we've been experimenting with recently, which amounts to a set of new APIs which proxy access to the media repository via an AV scanner server, whilst giving a way for clients to send encrypted E2E attachment keys to the AV scanner (if they want) so the scanner can scan the content before handing the response back to the client. https://github.com/matrix-org/matrix-content-scanner is the experimental implementation and contains the API doc which would need to make it into a MSC.

[slipeer]

ICAP protocol is a standard for integrating security systems. Many antiviruses and DLP systems support it. Opensource antivirus ClamAV can be integrated through ICAP by C-ICAP

[ara4n]

yup, the proposal here will implement ICAP.

Someone needs to port the https://github.com/matrix-org/matrix-content-scanner#api doc into an MSC to flesh this out.

[slipeer]

Note that if you implement the check when downloading a file:

• download requests are always more frequent - there will be more load
• you can check the files uploaded by other servers

but if you perform file check on upload:

• in addition to the antivirus, you can integrate, for example, a DLP system.
• it is possible to block uploading and distribution of a virus file over the Matrix network.

[ankar84]

but if you perform file check on upload:

• in addition to the antivirus, you can integrate, for example, a DLP system.
• it is possible to block uploading and distribution of a virus file over the Matrix network.

I think it is the best approach of DLP and Antivirus software because Matrix stay clean in that case. Bad file don't event uploaded.

[MTRNord]

but if you perform file check on upload:

• in addition to the antivirus, you can integrate, for example, a DLP system.
• it is possible to block uploading and distribution of a virus file over the Matrix network.

I think it is the best approach of DLP and Antivirus software because Matrix stay clean in that case. Bad file don't event uploaded.

Well a hostile user then would simply disable the upload checks

[minecraftchest1]

I personally think the best system would be a combination of both. Scan media during upload, as well as scanning files before serving. Store a list of mxc's and/or hashes of passed/failed media to prevent constant rescanning.

[m00nwtchr]

Or scan files on upload, and on retrieve when requested by the local homeserver from a remote (on the local homeserver). Though I suppose this wouldn't cover that homeserver's own users, then (in the case of a admin disabling the check).

[C0ffeeCode]

Can this also be used for scanning media for illegal/harmful/disturbing content?

[m00nwtchr]

You'd need to use a technique like Neural Hash to create a database of content you want to block, but theoretically you could use this to implement the integration, afaict.

[ndren]

Please make sure that this is documented that it must be always opt-in for E2EE attachments. It's important that this is up to explicit user choice, after they have considered their threat model. Thanks!