How to protect your JIRA from viruses, missing files and performance issues

We have just released v2.0 of the Attachment Checker for JIRA plugin. The 2 key features introduced in this version are

  1. virus scanning of uploaded attachments (JRA-8626)
  2. restricting of attachments with duplicate filenames (JRA-2169)

While it is already possible to install an anti-virus scanner on the JIRA server, there are some implications:

  • Attachments are deleted unknowingly by the scanner without notifying the author that his file is infected. Other users will be unable to download the file later.
  • As mentioned in, some of the users have reported slowness with JIRA when anti-virus software is installed. This is because of the dramatic increase in disk IO and CPU usage as JIRA creates many temporary files. The Attachment Checker only scans the attachments once when they are just uploaded, thus addressing the security concerns.

The checking for duplicate filename improvement also helps to alert the user if there is already another attachment with the same filename. This solves the scenarios where a copy of the attachment has been uploaded before or the user forgot to rename the file to include the updated version number. This saves time on identifying the correct attachment to work with.

This entry was posted in announcements, content, general and tagged , , , , , . Bookmark the permalink.

4 Responses to How to protect your JIRA from viruses, missing files and performance issues

  1. Melvin Arroyo says:


    Interested in possibly using Attachment Checker for JIRA, but i have a few questions.

    How often are definitions updated and how are they controlled?

  2. akeles says:

    Do you meant the virus definitions? It is dependent on the virus scanner installed on the server. The Attachment Checker will make use of the command line scanner to check whether the attachment is infected.

  3. Melvin Arroyo says:


    Yes, so we would control updating them, but does the Virus scanner have to be on the Jira server? Can we have it located else where or will it still increase the I/O and CPU usage along with this plugin?

    Thanks, Mel

  4. akeles says:

    Yes, the virus scanner has to be installed in the JIRA Server. The plugin is supposed to reduce the CPU usage as it will only perform scan when files are uploaded. On access virus scanners are a common reason for slow performance in JIRA because scanning is invoked as and when files are created/updated.

    Another reason that JIRA is not expected to be a file repository with a lot of files uploads, so we have not encountered feedback that the plugin is slowing the JIRA server.

Leave a Reply