Configure virus and malware checks for asset files - SysAdmin
When users upload files to create a new asset, or to replace the master file of an existing asset, censhare can perform a virus and malware scan. Optionally, the scan can be triggered anytime when a storage item changes.
We recommend to configure the Virus Check module for uploaded files. Any file that is uploaded via censhare Web is scanned before it is stored in the filesystem.
Context
The Virus check module is configured in the censhare Admin Client.
Prerequisites
The Virus check module requires a third-party software that runs on a remote server, or via command line command. A third-party anti-virus software is required but not included in censhare. You can use any anti-virus software for this purpose.
Introduction
To avoid performance issues and unpredicted server load, we recommend to install the virus scanner on a remote server. Use the command line execution on the censhare Server only if the installation on a dedicated computer is not possible.
Important: If you run censhare in a clustered system, you must configure the Virus Check module for every server!
Virus check upload or Virus check?
In the Configuration/Modules/Virus Check directory of the censhare Admin Client, the two modules Virus check and Virus check upload are available. Both modules are configured and work identically, except for one important detail:
The Virus check upload module only performs a check when a file is uploaded to censhare. This only creates some latency when an assset is created from a file, or a new when the master file of an asset is replaced. We recommend to always use the virus check option.
The Virus check module performs a check every time a file (storage item) is uploaded or changes in censhare. This can create latencies on many asset actions (manual and automatic actions) and severely affect the performance of the censhare Server! We strongly recommend not to use this virus check at any time. If you want to use it for security and policy reasons, monitor the system performance closely!
Configuration types
Remote server
(recommended): Requires a dedicated server (physical or virtual) for the anti-virus software. The censhare Server accesses the remote server to perform a virus scan. Usually, the ICAP protocol is used for this purpose. For detail, see the vendor documentation of the anti-virus software.Command line
The Anti-virus software is installed on the same server as the censhare Server. A command-line command executes a virus scan. Additional parameters can be set.
Remote server configuration
Before you proceed, install the anti-virus software on a dedicated server. Make sure that the server is running and accessible from the censhare Server. To configure the module, do the following:
In the censhare Admin Client, open the Configuration/Modules/Virus Check/Virus Check Upload configuration.
In the General setup, select the desired server name. For the remaining fields, see Configure server actions - general parameters.
Important: In clustered systems, the Virus Check module must be configured on all servers!
In the Check service setup area, in the Scanner field, select Remote Scanner.
In the Host field, enter the host base URL. For example: icap://virusscan.domain.
In the Port field, enter the port under which the virus scanner is accessible. The default ICAP port is 1344.
In the Service field, enter the service name that executes the scan. For example: symcscanresp-av-ddr.
To save your configuration, click OK.
Update the server configuration, and if necessary, synchronize the remote servers.
Example:
For the Symantec anti-virus software, the command that executes a virus and malware scan on the remote server is built of the three parts as follows:
icap://virusscan.censhare.com:1344/symcscanresp-av-ddr
Command line configuration
Note: The command line virus check executes the virus scan on the same machine as the censhare Server. If many users upload files, and if files are large, the server performance can be affected. Therefore, we recommend to use the remote server configuration, if possible.
Before you configure the command line execution of the virus and malware scan, download and unpack the installation file on the same machine where you run the censhare Server. Follow the vendor instructions for this. Then, proceed as follows:
In the censhare Admin Client, open the Configuration/Modules/Virus Check/Virus Check Upload configuration.
In the General setup, select the desired server name. For the remaining fields, see Configure server actions - general parameters.
Important: In clustered systems, the Virus Check module must be configured on all servers!
In the Check service setup area, in the Scanner field, select Command line.
In the Command line field, enter the command to execute the virus scan and additional parameters. See the vendor documentation for details.
Example:
For the McAfee anti-virus software, the uvscan command executes the scan. The --noboot parameter prevents the boot-sector from being scanned. The --noexpire parameter prevents from issuing a warning if the .DAT file is out of date. The --unzip parameter also scans files inside archives.
uvscan --noboot --noexpire --unzip -
Result
You know how to set up anti-virus software to check files that are uploaded in censhare Web. When a file is uploaded, censhare performs a virus and malware scan. If any suspicious file is detected, the file is not uploaded to the filesystem. An error message displays.