One of the reasons customers choose Appian Cloud is because they want the convenience of a cloud-hosted platform without the burden of implementing and managing the security themselves. With comprehensive antivirus scanning, Appian Cloud provides yet another layer of protection.

By default, all Appian Cloud customers have two forms of virus scanning enabled:

1. Real-time scanning of all files uploaded in the following places: Tempo News, Social Tasks, interfaces in all locations (Tempo, Sites, and Embedded interfaces), the Admin Console, and the Appian Designer. Only files under 25MB are scanned.
2. Weekly scanning of all files in the file system. Only files under 25MB are scanned.

Real-time scanning

The follow sections provide more information about how to work with the real-time antivirus scanning functions on Appian Cloud.

Administration

The real-time scanner can be enabled and disabled in the Admin Console. By default, the real-time scanner is enabled. If you need to disable the scanner because it is having a functional impact on an application, open a support case to tell us why. We want all Appian Cloud customers to be able to take advantage of this feature.

The real-time scanner can be audited through the blocked_files.csv audit log. This file can be useful in identifying attempted attacks and false positives.

Identifying false positives

A false positive is when a file is labeled as malicious and blocked even though the file is actually benign. If you believe a user is seeing a false positive, follow the steps below to resolve the issue:

1. Try to upload the file again if it has been more than a few hours. We update virus signatures hourly, and so the issue may already be resolved.
2. Gather evidence for the file being benign.
   • You can go to /logs/audit/blocked_files.csv and find the line in the CSV the corresponds to the file you suspect to be a false positive. Copy the virus signature from the "Details" column and paste it into an internet search for "ClamAV false positive {pasted signature}". If it is a false positive, someone has likely already reported the issue.
   • You can also test the file with different virus scanners.
3. If the file is still being blocked, and you have found additional evidence that it is benign, you can bypass the virus scanner by uploading the file from the /designer interface, in the Documents tab. This bypass does not work for News entries, but it can be used to fix mission-critical process tasks by manually updating process variables.