Attachment File Scan

[xTEddie]

Problem

• Currently, attachment files with in progress or malicious states can be downloaded

Solution

• Any attachment files not with passed state won't be able to be downloaded.
• The File.content of the attachment in malicious state be will removed.
• Attachment files with in progress state would be added to the file scanning, its state would be periodically verified until we get a definite state (passed or malicious), then it would be handled accordingly

Sample Code

const fileScan: any = {
  disabled: false, // disabled by default to ensure backward compability
  scanPollingInterval: 30 * 1000 // file scan polling interval (default: 7 seconds)
  scanStatusRetrievalDelay: 1000 // wait time between subsequent scan status retrieval API call (default: 1 second)
};

const chatAdapter: any = await chatSDK?.createChatAdapter({ACSAdapter: {fileScan}});

// ...

const attachmentMiddleware = () => (next: any) => (...args: any) => {
  const [card] = args;
  // ...

  if (card.activity.channelData && card.activity.channelData.fileScan) {
    const index = attachments.findIndex((attachment: any) => (attachment.name === card.attachment.name));
    const {activity: {channelData: {fileScan}}} = card;

    if (scanResult?.status === "in progress") {
     return <ScanInProgressAttachment/>
    } 

    if (scanResult?.status === "malware") {
     return <MaliciousAttachment/>
    } 
  }
}

Test Scenarios

1. Upload single image attachment
   • Attachment should be ignored since scan.status only exists for file attachments and not image attachments
2. Upload single file attachment which takes time to retrieve the scan.status (.pdf, .pptx)
   • Attachment should go from in progress to passed
3. Upload malicious file attachment
   • It should be blocked
4. Upload image + file attachment
   • Multiple attachments should be uploaded accordingly
5. Upload multiple files attachment
   • Multiple attachments should be uploaded accordingly