How to protect your JIRA from viruses, missing files and performance issues

5 May 2014
Comments are off for this post

We have just released v2.0 of the Attachment Checker for JIRA plugin. The 2 key features introduced in this version are

  • virus scanning of uploaded attachments (JRA-8626)
  • restricting of attachments with duplicate filenames (JRA-2169)

While it is already possible to install an anti-virus scanner on the JIRA server, there are some implications:

  • Attachments are deleted unknowingly by the scanner without notifying the author that his file is infected. Other users will be unable to download the file later.
  • As mentioned in https://confluence.atlassian.com/display/JIRAKB/Anti-Virus+in+JIRA, some of the users have reported slowness with JIRA when anti-virus software is installed. This is because of the dramatic increase in disk IO and CPU usage as JIRA creates many temporary files. The Attachment Checker only scans the attachments once when they are just uploaded, thus addressing the security concerns.

The checking for duplicate filename improvement also helps to alert the user if there is already another attachment with the same filename. This solves the scenarios where a copy of the attachment has been uploaded before or the user forgot to rename the file to include the updated version number. This saves time on identifying the correct attachment to work with.