File Security - Large File Support

What is Large File Support and why is the integration required

Large File Support is a feature designed to surpass Salesforce's limitations for processing files larger than 10 MB, caused by Total heap size, 12 MB. This functionality enables the uploading and processing of files larger than 10 MB. The integration of this feature is crucial because it allows these larger files to be securely scanned through the Cloud Security for Salesforce (CSFS), ensuring compliance and security for significant date uploads.

The file processing workflow

After configuring CSFS from the OPSWAT Settings page (e.g., Account Settings and Policy Settings), successfully uploading a file on the Files page will generate a MetaDefender Log within the OPSWAT - MetaDefender Logs page. This log contains details about the file scan through MetaDefender Cloud (MD Cloud). Based on the configuration, the file will be processed, and any infected, malicious, or non-sanitized files will be blocked.

The Large File Support workflow offers a key advantage: MetaDefender Cloud will now pull the file upon scan request and push the sanitized file to CSFS. This is in contrast to the small files workflow, where CSFS is responsible for pushing the file and pulling the sanitized version.

How to configure CSFS and Salesforce Organization

Generate a certificate: A certificate is needed to secure the connection between MD Cloud and CSFS. You will need the private key in the next section "How to configure MD Cloud."
1. Open a terminal (for Linux or macOS) or a command prompt (for Windows). Please note to execute the following commands with sudo (Linux&macOS) or run cmd as administrator (Windows).
2. Generate a private key and save it to a file named, for example, private.key.
  1. openssl genpkey -out private.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048
  2. openssl genrsa -out private.key 2048
3. Generate a certificate signing request using the private.key file and save it to a file named private.csr.
  1. openssl req -new -key private.key -out private.csr
4. Generate a self-signed digital certificate using the private.key and private.csr files, and save it to a file named private.crt. openssl x509 -req -sha256 -days 365 -in private.csr -signkey private.key -out private.crt
Configure the connected app in your Salesforce organization: The connected app will be used by MD Cloud to connect your Salesforce organization.
1. Navigate to Setup → Home.
2. Go to Platform Tools → Apps → App Manager.
3. Click on “New Connected App”, top-right side of the screen
4. Fill in the mandatory fields
  1. Connected App Name: use “MetaDefender Connect” or customize
  2. API Name: use default or customize
  3. Contact Email: use a valid email address
  4. Check “Enable OAuth Settings”
  5. Set "Callback URL”
    1. For production organizations: https://login.salesforce.com/services/oauth2/callback
    2. For sandbox organizations: https://test.salesforce.com/services/oauth2/callback
  6. Uncheck “Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows”
  7. Select OAuth scopes "Manage user data via APIs (api)" and "Perform requests at any time (refresh_token, offline_access)," then save.
  8. Uncheck “Require Secret for Web Server Flow”
  9. Uncheck “Require Secret for Refresh Token Flow”
5. Save
Configure the connected app in your Salesforce Organization: The connected app will allow you to identify calls from MD Cloud to your Salesforce organization.
1. Navigate to Setup → Home.
2. Go to App Manager.
3. Find the installed connected app (MetaDefender Connect).
4. Click on "Manage" → "Edit Policies" and select "Admin approved users are pre-authorized" from "Permitted Users."
5. Save
6. Go to App Manager and find the connected app.
7. Click on "Edit" in the right-side button menu.
8. Enable “Use digital signatures” and upload the certificate private.crt generated at step 1
9. Select OAuth scopes "Manage user data via APIs (api)" and "Perform requests at any time (refresh_token, offline_access)," then save.
Configure the user: Create or use a Salesforce User to identify the connections between MD Cloud and your Salesforce organization. You will need the user name in the next section "How to configure MD Cloud".
1. Navigate to Setup → Home.
2. Go to Permission Sets.
3. Click on "New" and fill in the name in the Label section. Use “MetaDefender Connect”
4. For the "License" add the license type of the user to be assigned (e.g. "Salesforce").
5. Save
6. Navigate to MetaDefender Connect and click on "System Permissions" then click on "Edit" and enable "View All Data" and "Modify All Data".
7. Save
8. Navigate to MetaDefender Connect and click on "Assigned Connected Apps" then click on "Edit" and add your connected app from “Installed Connected Apps” to “Enabled Connected Apps”
9. Save
10. Select "Manage Assignments."
11. Assign the necessary user by clicking "Add Assignment."
Configure CSFS (client key): You will need this key in the next section "How to configure MD Cloud".
1. Navigate to Setup → Home.
2. Go to App Manager.
3. Find the installed connected app (MetaDefender Connect).
4. Click on "View" in the right-side button menu.
5. Select "Manage Consumer Details."
6. Note the generated Consumer Key.

How to enable scan for Large File Support

Go to “App Launcher”
Search “OPSWAT”
Select “OPSWAT Settings”
To enable Large File Support, select scan option “Scan. It will consume Salesforce API requests.“ from “Process files bigger than 10MB” in the Policy Settings section.

Please note that large file scans will consume Salesforce API requests from your organization when files are retrieved or sanitized files are uploaded by MD Cloud.

Salesforce API requests are reset daily. If needed, the total number of API requests can be increased.

How to configure MD Cloud

How to configure the connection to your Salesforce organization using the UI

Login to MD Cloud: Use the account associated with the API Key configured in CSFS https://metadefender.opswat.com
Visit the security page:https://metadefender.opswat.com/account/security Find "Cloud Security for Salesforce” section.
Configure connection user: Utilize the UserName of the user assigned/configured in the CSFS configuration section.
Configure the authentication URL: Utilize the Login URL of the organization (https://login.salesforce.com for production organizations, or https://test.salesforce.com if the integration is made with a sandbox organization).
Configure client key: Utilize the ClientKey generated in the CSFS configuration section.
Configure private key: Utilize the PrivateKey generated during the CSFS configuration section. Once saved, the private key will appear in the format of five asterisks ( *). This is a security measure to ensure that the private key is not visible in the UI.

Please do not overwrite or modify this masked format, overwriting the format will trigger an update on the private key with the new value or remove the private key if the filed is empty.

How to test the integration

Once scan is enabled and confirmed for Large File Support, you can upload files larger than 10 MB. MetaDefender Cloud will then retrieve the file for scanning upon request, and return it along with its expected results according to CSFS configuration.

Last updated on

Was this page helpful?