How to protect your SAP applications from Ransomware attacks



Why should I enable malware scanning in SAP applications?

How does the SAP antivirus stack work?

Installation and configuration



Ransomware is a well-known threat to your IT and business continuity that needs to be evaluated from many angles.

We recommend you go through this series of blog posts from my colleague Raúl Mahiques to get a better understanding of what Ransomware is and how to protect your IT against them:

Once we have detailed how those attacks unfold and which are the best practices to make our IT more resilient against them, we’ll focus on how Ransomware can impact SAP-related services and the SAP-specific tools and recommendations that SUSE offers to mitigate them.

Why should I enable malware scanning in SAP applications?

SAP services play a critical role in managing uploaded files in many businesses. Those services can become entry points for the uploaded malware and it can later spread to other systems and services within your company.

Even if the malware may not directly affect SAP applications running on SUSE Linux Enterprise Server for SAP, once compromised files are uploaded and stored on SAP applications, they may look trustworthy. As a result, subsequent movements and transfers of those files may not be properly controlled.

How does the SAP antivirus stack work?

To ensure that all external files that are processed in your SAP environment are properly scanned is important to secure the most common malware entry points:

  • SAP GUI based applications
  • File upload on SAP Web applications
  • Inbound email
  • Web Services

The virus scan function is available for all SAP solutions that rely on SAP’s Java API, ABAP and HANA XS through the SAP NetWeaver Virus Scan Interface (NW-VSI).

The core antivirus scanner and virus definitions are based on the well know ClamAV scanner, whereas the ClamSAP package bundles the Virus Scan Adapter interface that connects to NW-VSI.

Those are the only two components that need to be installed on each NetWeaver server. SUSE provides supported packages for both ClamAV and ClamSAP through its SUSE Linux Enterprise for SAP subscription. The version of ClamSAP shipped with SUSE Linux Enterprise Server for SAP supports NW-VSI version 2.0.

SAP virus scanning layers

Installation and configuration

Setting up the virus scanner for SAP only needs five simple steps:

1- Install ClamAV and ClamSAP packages in SUSE Linux Enterprise Server for SAP

2- Create a virus scanner group in SAP NetWeaver

3- Set up the ClamSAP library

4- Configure the default virus definitions location

5- Start ClamSAP

The process is well documented on both SAP and SUSE documentation.

If you have several NetWeaver servers where you want to deploy ClamAV and ClamSAP, you can do it in one shot with SUSE Manager. You just need to create a “System Group” with all your NetWeaver servers deployed on SUSE Linux Enterprise Server for SAP.

Once all the NetWeaver servers are in the group, you can create a simple custom state that will take care of installing both ClamAV and ClamSAP packages. If more NetWeaver servers are added to the group in the future, they’ll also get both packages automatically installed without any operator intervention.

You can find more info about custom states in the SUSE Manager documentation.


It’s essential for all IT stakeholders to adopt a security mindset and protect applications that are vulnerable to malware attacks, including Ransomware. Linux servers should not be underestimated as potential targets. Even if SAP applications running on a secure Linux system have a lower risk of being affected by Ransomware, they can still act as a medium for malware to spread within your IT environment.

As we have explained, by using SUSE Manager together with SUSE Linux Enterprise Server for SAP, you can mitigate those threats and have all your SAP services secured, no matter the scale and no matter where they are deployed.

Check all the additional benefits you may get by choosing SUSE for your SAP migrations, and get in touch with our consulting experts to assist you on your transformational journey.

(Visited 6 times, 1 visits today)
Avatar photo