Boomi does not recommend anti-virus scanning the Atom installation directory.  Is this a security concern?

Document created by dan_heichel489496 Employee on May 3, 2018Last modified by sheng_liao462475 on May 8, 2018
Version 3Show Document
  • View in full screen mode

There are known problems with running an anti-virus scan against the Boomi installation directory structure. This path is the location where Boomi will move and modify files it needs to access in order to operate normally.  These problems can potentially be severe, and it is for this reason that Boomi specifically recommends not running anti-virus against these directories.

 

However, does this become a security concern, or a vulnerability to malware, spyware, viruses, Trojan horses, or other malicious software, due to these unscanned directories?

 

 

 

The atom installation directory is functionally the brain of a local atom.  It is where log files, temp files and configuration files are moved and modified as part of normal atom operations.  Anti-virus scanning will by definition interfere with these functions.  It can cause performance issues, as processes may have to wait for anti-virus to unlock necessary files.  It can cause rare but severe problems if anti-virus quarantines files necessary for Boomi to operate, which can render the atom unable to start.  These are just a selection of examples, and it is for all these reasons that Boomi specifically recommends not running anti-virus on these directories. 

 

You might be able to run anti-virus against these directories for extended periods without visible problems, but you are still exposing your atom to the risk of them occurring.

 

 

Reasons why this is not considered a security problem

There are a couple of facts that protect these directories in the absence of direct anti-virus scanning.

 

  • The first safety benefit is the Boomi product itself.  Boomi comes with a Malware Warranty, which guarantees that the product has been scanned and vetted, and will be free of any malicious software.
  • The next safety factor is the data itself that Boomi will place and act upon in these directories.  Boomi only works with inert, text-based files.  These config and text-based files cannot carry or transmit malware.
  • Next, Boomi will save a copy of all documents and attachments that pass through a process, for your own future reference.  It is technically possible for these files, such as PDF, DOC, XML, and similar files, to hide macro or javascript malware.  However, when these documents are viewed through Process Reporting, what is presented is a read-only view of the data.  Nothing is ever triggered or executed.  It is simply warehoused for a matter of days, before the data is deleted according to your Purge schedule.
    • It would be theoretically possible for an end user to find and load files retained by Boomi, but this is difficult and should be effectively prevented by your other security measures, such as user access controls to the server itself and maintaining a firewall. 
    • A user cannot load such a file by accident.  They would have to access the atom's server, be able to navigate to the Installation data directory, find the folder for the correct date, and find the file from among a coded set of filenames.  There is no reason for a non-admin user to have access to these directories.

 

 

What if you need to run anti-virus anyway?

If you absolutely must run anti-virus due to your security policy, at the very least, run your scans during a safe downtime when impact to the atom is minimized.  Check your anti-virus software's quarantine, to make sure no valid files were quarantined.  Finally, if possible, omit the following directories.  This is not an exhaustive list, but these directories represent the biggest potential impact to your atom:

/data
/executions
/logs
/messages
/work
/doccache
/queue
/tmp
/tmpdata
/connectors

 

Related links:

Configure your Anti virus program to not conflict with an atom molecule or cloud 

Attachments

    Outcomes