SAP Knowledge Base Article - Public

2519748 - How SF Handles Security/Virus Scanning for Resumes or Attachments in Recruiting


This KB article will explain how SuccessFactors deals with security/virus scanning when it comes to resumes or any other attachments.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.


SAP SuccessFactors Recruiting


We don’t have any specific document on virus scan services or related in RCM since it’s implemented as a platform service.

However, the virus and/or malware check is integrated into attachment file upload process. The check can leverage multiple virus scan engines to catch the latest virus and will aggressively detect and block active contents such as office macro, PDF javascript, actions etc, to block unknown malwares. Here are notes on a couple enhancements made by security team that have provisioning switches:

  1. Multi-Scanning- Multi-Scanning is an opt-in security feature to scan files using multiple scan engines: TrendMicro and ClamAV. Different engines have different strengths and detect different threats. By using multiple scan engines, we improve the virus scan capability to catch more malicious files.

        Please follow steps below to enable the Multi-Scanning feature:

  • Go to Company Settings in Provisioning site.
  • Find Enable Multi-Scanning switch, enable and save the setting.

 See below screenshot:

Multi Scanning.png

  1.  Active Content Detection and Blocking-Active Content Blocking is an opt-in security feature to inspect and block file with active content embedded during file upload process. Once enabled, files with Active Content cannot be uploaded to our application. This feature provides an extra level of insurance against 0-day attacks from the malicious file upload.

Following active contents will be blocked:

  • Macro and OLE contents in major office file types: doc, docx, docm, xls, xlsx, xlsm, ppt, pptx, pptm.
  • Javascript, embedded files (that have Macro and OLE content), and launch action in PDF.

 Please follow steps below to enable the Active Content Blocking feature:

  • Go to Company Settings in Provisioning site
  • Find Active Content Detection switch, enable and save the setting.

See below screenshot:


If you would like to enable these settings, please reach out to your implementation Partner or Professional Services. Otherwise please contact PLT Support Team to request to get the settings enabled.


sf, success factors, RCM , KBA , LOD-SF-RCM-SYS , System Performance, Usability, Errors, Security , How To


SAP SuccessFactors Recruiting all versions