S 4.271 Computer virus protection for SAP systems

Initiation responsibility: IT Security Officer, Head of Development, Head of IT

Implementation responsibility: Developer, Administrator

Version 4 of SAP NetWeaver allows you to connect an external anti-virus program to an SAP system. The program can then be used to scan the data processed by any application in the ABAP and Java stack for computer viruses. The "Virus Scan Interface" is defined for connecting anti-virus programs, but this interface must be referenced explicitly in the corresponding programs.

It must be ensured that any software developed in-house and any additional software from third party manufacturers purchased for use in an SAP system supports the interface for anti-virus programs. This applies to the use in scenarios where data is loaded into an SAP system and then offered to other users for downloading. It is recommended to add an additional test to the purchasing criterion for software produced by third party manufacturers for SAP systems that checks whether the software supports the anti-virus program interface.

The use of anti-virus programs in the SAP environment must meet the requirements in the government agency-wide or company-wide computer virus protection concept.

References to documentation on the interface for anti-virus programs can be found in S 2.346 Use of the SAP documentation.

Review questions:

• Is the support of the interface for anti-virus programs taken into consideration regarding in-house developments or additional software procured from third party vendors for SAP systems?
• Has the use of the anti-virus programs in the SAP environment been coordinated with the organisation-wide malware protection concept?