feat: malware scan rate limiting & auto retry by ansgarlichter · Pull Request #411 · cap-js/attachments

ansgarlichter · 2026-03-24T12:00:39Z

Summary

Handle SAP Malware Scanning Service rate limits (HTTP 429) with automatic retry using exponential backoff and jitter
Limit concurrent scan requests per process via a semaphore to reduce pressure on the shared 30-request subaccount limit
Refactor scanFile from raw https.request to axios for cleaner error handling and retry-after header support
Skip redundant object store download for hash computation when malware scanning is enabled — the scanner already returns SHA-256

Motivation

The SAP Malware Scanning Service enforces a rate limit of 30 concurrent requests per subaccount. When multiple applications or pods share the same subaccount, bulk uploads can easily trigger 429 responses, causing scan failures and attachments stuck in "Scanning" status.

Additionally, when using remote storage backends (S3, Azure, GCP), each file upload triggered two downloads from the object store: once in put() for inline SHA-256 hash computation, and once in the scanner to send the file to the malware API. Since the scanner response already includes SHA-256, the first download is redundant.

Issues

Closes #401

…ichter/attachments into feat/malware-scanning-auto-retry

ansgarlichter added 7 commits March 16, 2026 15:24

feat: handling malware scan concurrency limitation

fc158d3

refactor: enhance readability

959381c

fix: lint

73b1157

docs: config for malware scan

f199b57

refactor: fallback to official malware scan limits & readability

687bf50

fix: lint

a2d924e

feat: only compute hash once when remote backends are used

6992047

ansgarlichter requested a review from a team as a code owner March 24, 2026 12:00

ansgarlichter temporarily deployed to pr-approval March 24, 2026 12:00 — with GitHub Actions Inactive

schiwekM requested a review from KoblerS March 24, 2026 12:36

ansgarlichter requested a deployment to pr-approval March 24, 2026 13:38 — with GitHub Actions Waiting

Merge branch 'main' into feat/malware-scanning-auto-retry

0901cb0

schiwekM deployed to pr-approval March 24, 2026 13:39 — with GitHub Actions Active

ansgarlichter added 2 commits March 24, 2026 14:43

fix: add cause to thrown error

3cb23b4

Merge branch 'feat/malware-scanning-auto-retry' of github.com:ansgarl…

c76a4c0

…ichter/attachments into feat/malware-scanning-auto-retry

ansgarlichter requested a deployment to pr-approval March 24, 2026 13:43 — with GitHub Actions Waiting

schiwekM added 2 commits March 24, 2026 14:47

Move config to package.json

7e4d649

Update README.md

367ffd2

schiwekM requested a deployment to pr-approval March 24, 2026 13:48 — with GitHub Actions Waiting

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: malware scan rate limiting & auto retry#411

feat: malware scan rate limiting & auto retry#411
ansgarlichter wants to merge 12 commits intocap-js:mainfrom
ansgarlichter:feat/malware-scanning-auto-retry

ansgarlichter commented Mar 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

ansgarlichter commented Mar 24, 2026

Summary

Motivation

Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants