Content
View differences
Updated by Oliver Günther over 2 years ago
# User Problem
## User
_What persona, persona segment, or customer type experiences the problem most acutely?_
* Customer
* Project administrators
* Project managers
* Compliance operators
## Problem
_What problem or job does the user have?_
* All files uploaded into OpenProject are required to be scanned for viruses for compliance reasons
## Pain
_What is the primary workaround that users perform that we could remove or replace? Why is it painful?_
* Manual integration of a webhook and calls to the API to remove attachments after they were uploaded
* This is not 100% secure as the webhook and handling is asynchronous. This means the file is already present and visible on the system
# Business Case
##
## Solution
* Initial iteration: Integration of clamav/clamd running as a daemon on a local or remote server
* Scanning of uploaded files after they are uploaded, before they are accessible to other users (e.g., introduction of a state/enum to mark attachments as ready/blocked/etc.)
* Block downloading of attachments that are not yet scanned, but allow access to original author for seamless editing
* Notifications to uploaders if their files have been removed
* Notifications for administrators when files were scanned and removed or quarantined
* Admin UI for notifications of which attachments were being scanned and blocked
## Out of Scope for the MVC
_What should NOT be in the minimal viable change, and can be considered for future iterations? Why? Please order them by importance._
* Integration with an ICAP service
## Differentiation
_What do you believe will differentiate us from the current experience or competitive experiences?_
* It does not differentiate us. It is a legal / compliance requirement for larger institutions
## Next iteration
_What is the next solution that would allow us to release meaningful customer value quickly?_
* Integration to an ICAP service, a standard protocol for content scanning and filtering
# Launch and Growth
## Measures
_How will you know you solved the problem? Please list measurable, quantitative indicators (preferred) or qualitative ways you plan on assessing the solution?_
* We fulfill all MUST and SHOULD requirements of the [BSI OPS1.1.4 measures for virus protection.](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-GS-Kompendium_Einzel_PDFs_2023/04_OPS_Betrieb/OPS_1_1_4_Schutz_vor_Schadprogrammen_Edition_2023.pdf?__blob=publicationFile&v=3#download=1)
## Messaging
_If you were to write a press release, how would you describe the value to customers?_
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Headline</p></th><td class="op-uc-table--cell"><p class="op-uc-p">OpenProject integrates virus scanning for all uploaded files</p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">First Paragraph</p></th><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Customer Quote</p></th><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr></tbody></table></figure>
## Go to market
_How are you planning on getting this into users' hands?_
# Acceptance criteria
## Administration
* A new attachment menu item is created
* The previous system settings > Attachments item is being moved to that new item
* A subitem "Quarantined attachments" is being added below this new menu node
* Attachments setting are extended with Antivirus settings
* A mode to operate the virus scanning
* Disabled
* ClamAV (local socket)
* ClamAV (remote host)
* When any option other than Disabled is shown, these additional fields are shown
* Host name or Socket for the ClamAV connection
* Action to perform for attachments on which viruses have been found
* **Quarantine:** Show the file once uploaded, but disallow access to it.
* **Delete:** Delete the file as soon as the virus was found
* Quarantined attachments shows a flat table of all currently quarantined files, restricted to administrators
* Newly quarantined files are showing up there
* Administrators can delete the file or override the virus scanning decision by the system
## Enabling virus scaning
* When the user first enables virus scanning, they might already have uploaded attachments
* Previously uploaded attachments are scanned in a background job, while they remain accessible as before.
* IF viruses are found for these attachments, they are placed into quarantine or deleted according to the setting.
## Disabling virus scaning
* When the user disables virus scanning, some files might still be in quarantine or in queue for scanning
* An informational text is shown when disabling virus scanning with remaining quarantined files. The "Quarantined attachments" remain available even when disabled to perform actions on it.
* Attachment scanning will be skipped as soon as the functionality is disabled.
## Scanning of attachments
* After uploading of an attachment, or after a direct upload (e.g. S3) is finished, a scanning background job is triggered
* If the background job finds a virus, it will perform these actions depending on the selected action setting
* **Quarantine:** Keep the file, but prevent users from downloading it. Show the quarantined file under the attachment administration. A journal entry will be added informing users about the quarantining.
* **Delete:** Delete the file as soon as the virus was found. A journal entry will be added informing users about the removal
* The uploaded file is only accessible to the original author until the scan has completed, allowing them to seamlessly use it in e.g., WYSIWYG
* The uploaded files are shown, but are not yet accessible to other users. An error/warning message is returned when the file is not yet downloadable.
* Quarantined files are shown, but not accessible for download. A journal entry/comment is shown when the file has been quarantined or deleted.
## User
_What persona, persona segment, or customer type experiences the problem most acutely?_
* Customer
* Project administrators
* Project managers
* Compliance operators
## Problem
_What problem or job does the user have?_
* All files uploaded into OpenProject are required to be scanned for viruses for compliance reasons
## Pain
_What is the primary workaround that users perform that we could remove or replace? Why is it painful?_
* Manual integration of a webhook and calls to the API to remove attachments after they were uploaded
* This is not 100% secure as the webhook and handling is asynchronous. This means the file is already present and visible on the system
# Business Case
##
## Solution
* Initial iteration: Integration of clamav/clamd running as a daemon on a local or remote server
* Scanning of uploaded files after they are uploaded, before they are accessible to other users (e.g., introduction of a state/enum to mark attachments as ready/blocked/etc.)
* Block downloading of attachments that are not yet scanned, but allow access to original author for seamless editing
* Notifications to uploaders if their files have been removed
* Notifications for administrators when files were scanned and removed or quarantined
* Admin UI for notifications of which attachments were being scanned and blocked
## Out of Scope for the MVC
_What should NOT be in the minimal viable change, and can be considered for future iterations? Why? Please order them by importance._
* Integration with an ICAP service
## Differentiation
_What do you believe will differentiate us from the current experience or competitive experiences?_
* It does not differentiate us. It is a legal / compliance requirement for larger institutions
## Next iteration
_What is the next solution that would allow us to release meaningful customer value quickly?_
* Integration to an ICAP service, a standard protocol for content scanning and filtering
# Launch and Growth
## Measures
_How will you know you solved the problem? Please list measurable, quantitative indicators (preferred) or qualitative ways you plan on assessing the solution?_
* We fulfill all MUST and SHOULD requirements of the [BSI OPS1.1.4 measures for virus protection.](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-GS-Kompendium_Einzel_PDFs_2023/04_OPS_Betrieb/OPS_1_1_4_Schutz_vor_Schadprogrammen_Edition_2023.pdf?__blob=publicationFile&v=3#download=1)
## Messaging
_If you were to write a press release, how would you describe the value to customers?_
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Headline</p></th><td class="op-uc-table--cell"><p class="op-uc-p">OpenProject integrates virus scanning for all uploaded files</p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">First Paragraph</p></th><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Customer Quote</p></th><td class="op-uc-table--cell"><p class="op-uc-p"></p></td></tr></tbody></table></figure>
## Go to market
_How are you planning on getting this into users' hands?_
# Acceptance criteria
## Administration
* A new attachment menu item is created
* The previous system settings > Attachments item is being moved to that new item
* A subitem "Quarantined attachments" is being added below this new menu node
* Attachments setting are extended with Antivirus settings
* A mode to operate the virus scanning
* Disabled
* ClamAV (local socket)
* ClamAV (remote host)
* When any option other than Disabled is shown, these additional fields are shown
* Host name or Socket for the ClamAV connection
* Action to perform for attachments on which viruses have been found
* **Quarantine:** Show the file once uploaded, but disallow access to it.
* **Delete:** Delete the file as soon as the virus was found
* Quarantined attachments shows a flat table of all currently quarantined files, restricted to administrators
* Newly quarantined files are showing up there
* Administrators can delete the file or override the virus scanning decision by the system
## Enabling virus scaning
* When the user first enables virus scanning, they might already have uploaded attachments
* Previously uploaded attachments are scanned in a background job, while they remain accessible as before.
* IF viruses are found for these attachments, they are placed into quarantine or deleted according to the setting.
## Disabling virus scaning
* When the user disables virus scanning, some files might still be in quarantine or in queue for scanning
* An informational text is shown when disabling virus scanning with remaining quarantined files. The "Quarantined attachments" remain available even when disabled to perform actions on it.
* Attachment scanning will be skipped as soon as the functionality is disabled.
## Scanning of attachments
* After uploading of an attachment, or after a direct upload (e.g. S3) is finished, a scanning background job is triggered
* If the background job finds a virus, it will perform these actions depending on the selected action setting
* **Quarantine:** Keep the file, but prevent users from downloading it. Show the quarantined file under the attachment administration. A journal entry will be added informing users about the quarantining.
* **Delete:** Delete the file as soon as the virus was found. A journal entry will be added informing users about the removal
* The uploaded file is only accessible to the original author until the scan has completed, allowing them to seamlessly use it in e.g., WYSIWYG
* The uploaded files are shown, but are not yet accessible to other users. An error/warning message is returned when the file is not yet downloadable.
* Quarantined files are shown, but not accessible for download. A journal entry/comment is shown when the file has been quarantined or deleted.