The issue with AV scans on an Artifactory filestore is that when a dangerous binary is detected and deleted from the filestore, Artifactory is not directly informed about the incident. This means that the Artifactory database will still have an entry for the deleted binary, even though it is absent from the filestore.
Although it is not recommended to scan the filestore with an AV, if this is absolutely required, the above issue can be addressed with two different automation approaches:
1. Automate a Delete REST API call to Artifactory after a dangerous binary is deleted. This can be done using a script which parses through the AV reports and executes a matching API call to Artifactory. Once the API call is sent, Artifactory will remove the DB entry for the deleted binary.
2. Use our “Filestore Integrity” user plugin in a regular rotation to reveal discrepancies between the Artifactory database and the filestore. When a discrepancy is found, parse through the information and automatically delete the relevant artifacts using the above REST API call.
Although it is not recommended to scan the filestore with an AV, if this is absolutely required, the above issue can be addressed with two different automation approaches:
1. Automate a Delete REST API call to Artifactory after a dangerous binary is deleted. This can be done using a script which parses through the AV reports and executes a matching API call to Artifactory. Once the API call is sent, Artifactory will remove the DB entry for the deleted binary.
2. Use our “Filestore Integrity” user plugin in a regular rotation to reveal discrepancies between the Artifactory database and the filestore. When a discrepancy is found, parse through the information and automatically delete the relevant artifacts using the above REST API call.