Skip to content

Replace google drive with microsoft defender for vacancy and job application malware scanning#8643

Open
KyleMacPherson wants to merge 52 commits intomainfrom
antivirus-2
Open

Replace google drive with microsoft defender for vacancy and job application malware scanning#8643
KyleMacPherson wants to merge 52 commits intomainfrom
antivirus-2

Conversation

@KyleMacPherson
Copy link
Copy Markdown
Collaborator

@KyleMacPherson KyleMacPherson commented Mar 24, 2026
edited
Loading

Trello card URL

Changes in this PR:

This PR removes the google drive antivirus flow for the hiring staff job publishing flow and the jobseeker job application flow. Instead we switch over to using microsoft defender for storage. The key difference is that the antivirus scanning is done async on azure. To account for this change, in the flows mentioned above we will allow users to continue through the wizard steps if the file has not been scanned and only block them from progressing if the file is flagged as malicious or the azure scan has errored. We will however stop them from actually publishing the job or submitting the application until the file has been scanned and tagged as safe. See below for more detailed information on each flow with screenshots.

Hiring staff uploaded application form

  • allows hiring staff to upload application form and progress to review and publish page before file has been scanned or has been scanned and flagged as safe
  • errors if uploaded application form has been scanned as unsafe
Screenshot 2026-04-14 at 16 03 52 - blocks publishing of vacancy until file has been scanned Screenshot 2026-04-14 at 16 03 26 - blocks publishing of vacancy if file has been scanned and either the scan errors or the file is flagged as unsafe and prompts user to delete the file and try again Screenshot 2026-04-14 at 16 03 41

Hiring staff additional documents

  • allows hiring staff to upload additional documents and progress to review and publish page before file has been scanned or has been scanned and flagged as safe
  • errors if additional document has been scanned as unsafe
Screenshot 2026-04-14 at 15 07 05 - blocks publishing of vacancy until file has been scanned Screenshot 2026-04-17 at 09 38 37 - blocks publishing of vacancy if file has been scanned and either the scan errors or the file is flagged as unsafe and prompts user to delete the file and try again Screenshot 2026-04-14 at 15 33 33

jobseeker uploaded job application

  • allows user to upload a job application form and progress to the review and submit page before file has been scanned or has been scanned and flagged as safe
  • errors if uploaded job application form has been scanned as unsafe
Screenshot 2026-04-14 at 14 46 27 - blocks submission of job application until file has been scanned - blocks submission of job application if file has been scanned and either the scan errors or the file is flagged as unsafe and prompts user to delete the file and try again Screenshot 2026-04-14 at 14 46 17

jobseeker catholic application form

  • allows user to upload a baptism certificate and progress to the review and submit page before file has been scanned or has been scanned and flagged as safe
  • errors if uploaded baptism has been scanned as unsafe
Screenshot 2026-04-14 at 15 40 22 - blocks submission of job application until file has been scanned - blocks submission of job application if file has been scanned and either the scan errors or the file is flagged as unsafe and prompts user to delete the file and try again Screenshot 2026-04-14 at 15 40 38

Screenshots of UI changes:

Before

After

Checklists:

Data & Schema Changes

If this PR modifies data structures or validations, check the following:

  • Adds/removes model validations
  • Adds/removes database fields
  • Modifies Vacancy enumerables (phases, working patterns, job roles, key stages, etc.)
If any of the above options has changed then the author must check/resolve all of the following...

Integration Impact

Does this change affect any of these integrations?

  • DfE Analytics platform
  • Legacy imports mappings
  • DWP Find a Job export mappings
  • Publisher ATS API (may require mapping updates or API versioning)

User Experience & Data Integrity

Could this change impact:

  • Existing subscription alerts (will legacy subscription search filters break?)
  • Legacy vacancy copying (will copied vacancies fail new validations?)
  • In-progress drafts for Vacancies or Job Applications

@KyleMacPherson KyleMacPherson marked this pull request as draft March 24, 2026 16:35
@KyleMacPherson KyleMacPherson marked this pull request as ready for review March 24, 2026 16:38
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 24, 2026

Review app deployed to https://teaching-vacancies-review-pr-8643.test.teacherservices.cloud on AKS

@KyleMacPherson KyleMacPherson changed the title Antivirus 2 Antivirus spike Mar 25, 2026
@KyleMacPherson KyleMacPherson marked this pull request as draft March 25, 2026 09:14
KyleMacPherson
KyleMacPherson commented Apr 15, 2026
View reviewed changes
Comment thread app/views/jobseekers/uploaded_job_applications/upload_application_forms/edit.html.slim
label: { text: "Upload application form", tag: "h1", size: "l" },
hint: { text: t("helpers.hint.publishers_job_listing_application_form_form.application_form") },
accept: ".doc, .docx, .pdf",
accept: ".doc, .docx, .pdf, .txt",
Copy link
Copy Markdown
Collaborator Author

@KyleMacPherson KyleMacPherson Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just to allow us to test with eicar.txt to simulate a malicious file and will be removed before deploying.

KyleMacPherson
KyleMacPherson commented Apr 15, 2026
View reviewed changes
Comment thread app/views/publishers/vacancies/build/application_form.html.slim
javascript: true,
label: { size: "m" },
accept: ".doc, .docx, .pdf",
accept: ".doc, .docx, .pdf, .txt",
Copy link
Copy Markdown
Collaborator Author

@KyleMacPherson KyleMacPherson Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just to allow us to test with eicar.txt to simulate a malicious file and will be removed before deploying.

KyleMacPherson
KyleMacPherson commented Apr 15, 2026
View reviewed changes
Comment thread app/views/publishers/vacancies/documents/new.html.slim
label: { text: vacancy_form_page_heading(vacancy, step_process, back_path: back_path), tag: "h1", size: "l" },
hint: { text: t("helpers.hint.publishers_job_listing_documents_form.documents") },
accept: ".doc, .docx, .pdf",
accept: ".doc, .docx, .pdf, .txt",
Copy link
Copy Markdown
Collaborator Author

@KyleMacPherson KyleMacPherson Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just to allow us to test with eicar.txt to simulate a malicious file and will be removed before deploying.

github-code-quality[bot]
github-code-quality bot found potential problems Apr 15, 2026
View reviewed changes
Comment thread app/services/fetch_malware_scan_result.rb Fixed
@KyleMacPherson KyleMacPherson marked this pull request as ready for review April 16, 2026 14:21
@KyleMacPherson KyleMacPherson changed the title Antivirus spike Replace google drive with microsoft defender for vacancy and job application malware scanning Apr 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

deploy

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KyleMacPherson