Support Article

Inappropriate error handling on return from CallVirusCheck

SA-30823

Summary



User has a project requirement that case attachments be limited to Excel spreadsheets.

The extension activity Data-Work-AttachFile.CallVirusCheck can be used to perform this check.

This activity is provided to allow developers to check file attachments. Judging from the name of this activity the intended use case is to scan the file for viruses. The activity can set a parameter:

tools.putParamValue("VirusCheckStatus","Virus-Found");

Then the calling activity can check the parameter after CallVirusCheck returns and take appropriate action.
However in activity Work-.AttachFile it only checks for a value beginning with the string "Virus":

@startsWith(param.VirusCheckStatus,"Virus")

If true, the activity sets a message via a Field Value rule:

"There was an error reported by the virus scan and adding the attachment has failed. If the problem persists, please report it to an administrator."

However this is not very flexible when there are other types of check that can be performed, that is the ones that do not involve checking for a virus.

User wants to allow CallVirusCheck to return other types of error status - not just virus related - and to display an appropriate message to the user in each case.


Error Messages



"There was an error reported by the virus scan and adding the attachment has failed. If the problem persists, please report it to an administrator."


Steps to Reproduce

  1. Log in as a developer.
  2. Use Designer Studio to save the activity rule Data-Work-AttachFile.CallVirusCheck into an application ruleset (or production ruleset).
  3. In the Java step uncomment the following line:tools.putParamValue("VirusCheckStatus","Virus-Found");
  4. Save the activity.
  5. Now open any case and attach any file. Observe the above mentioned error.

Resolution

Here’s the explanation for the reported behavior: 

Data-Work-AttachFile.CallVirusCheck primary purpose is to make a call to Antivirus software to scan a file for viruses, it was never intended for checking the file attachment extension, hence the VirusCheckStatus responses are indeed restricted.

If looking to restrict for case level attachments and not in other contexts. Then one can just override the pyAttachContent flow action to have a custom validation which does this check.

​This flow action is very specific to Case attachments and is actually meant for requirements like these.

Further help with the design or implementation of such functionality can be obtained via the Product Support Community and/or Pega Consulting Team.


 

 

Published November 25, 2016 - Updated November 29, 2016

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.