One of the reasons customers choose Appian Cloud is because they want the convenience of a cloud-hosted platform without the burden of implementing and managing the security themselves. With comprehensive anti-virus scanning, Appian Cloud provides yet another layer of protection.

By default, all Cloud customers have two forms of virus scanning enabled:

1. Real-time scanning of all files immediately upon upload in the following places: Tempo News, Social Tasks, interfaces in all locations (Tempo, Sites, and Embedded interfaces), the Administration Console, and the Appian Designer. Only files under 25MB are scanned.
2. Nightly scanning of all files in the file system. Only the first 25MB of files are scanned.

Real-Time Scanning

The follow sections provide more information about how to work with the real-time virus scanning functions on Cloud.

Administration

The real-time scanner can be enabled and disabled in the Administration Console. By default, the real-time scanner is enabled. If you need to disable the scanner because it is having a functional impact on an application, please open a support case to tell us why. We want all Cloud customers to be able to take advantage of this feature.

The real-time scanner can be audited through the blocked_files.csv audit log. This file can be useful in identifying attempted attacks and false positives.

Identifying False Positives

A false positive is when a file is labeled as a virus and blocked even though the file is actually benign. If you believe a user is seeing a false positive, follow the steps below to resolve the issue:

1. Try to upload the file again if it has been more than a few hours. We update virus signatures hourly, and so the issue may already be resolved.
2. Gather evidence for the file being benign.
   • You can go to /logs/audit/blocked_files.csv and find the line in the CSV the corresponds to the file you suspect to be a false positive. Copy the virus signature from the "Details" column and paste it into an internet search for "ClamAV false positive {pasted signature}". If it is a false positive, someone has likely already reported the issue.
   • You can also test the file with different virus scanners.
3. If the file is still being blocked, and you have found additional evidence that it is benign, you can bypass the virus scanner by uploading the file from the /designer interface, in the Documents tab. This bypass does not work for News entries, but it can be used to fix mission-critical process tasks by manually updating process variables.