Enabling virus scanning
Edit configuration property settings to force the applications that handle uploaded files to scan all files for viruses.
Before you begin
HCL Connections™ does not provide virus scanning software, but it does enable you to use existing virus scanning services implemented within your corporate infrastructure. Before you begin this procedure, find out the location of the virus scanning service.
To edit configuration files, you must use the wsadmin client. See Starting the wsadmin client for details.
About this task
The Bookmarks and Home page applications do not implement virus scanning because no files or images are uploaded to those application databases.
To enable virus scanning for Activities, Blogs, Communities, Files, Forums, Profiles, and Wikis, complete the following steps:Procedure
-
Use the wsadmin client to access and check out the Connections configuration files.
- From the temporary directory to which you just checked out the Connections configuration files, open the LotusConnections-config.xml file in a text editor.
- Uncomment the following block of XML, which can be found
in the avFilter section:
<!--avFilter class="AVScannerICAP"> <property>av.scanner.servers=myscanner.host.com</property> <property>exception.on.virus=yes</property> <property>av.scanner.service=scanner.service</property> </avFilter-->
- Replace references to scanner.service with
the name of the ICAP response modification service on the ICAP-enabled
scanner. Select one of the following options:
- RESPMOD
- Represents McAfee virus scanning software
- AVSCAN
- Represents Symantec virus scanning software
- Replace references to myscanner.host.com with
the server name or IP address of the system hosting the virus scanner.
To specify more than one server, separate multiple server names or
IP addresses with commas.For example:
<avFilter class="AVScannerICAP"> <property>av.scanner.servers=myscanner1.example.com, myscanner2.example.com,myscanner3.example.com</property> <property>exception.on.virus=yes</property> <property>av.scanner.service=RESPMOD</property> </avFilter>
- To support scanning large files, specify values for the
av.chunk.size and first.read.timeout properties:For example:
<avFilter class="AVScannerICAP"> ... <property>av.chunk.size=50000</property> <property>first.read.timeout=120000</property> </avFilter>
If the scanner is not available, uploads are rejected to prevent someone from executing a denial of service attack against the scanner, intending to then upload an infected file. In the first.read.timeout property, you can set the number of milliseconds to allow a service to attempt to reach the scanner before rejecting the request.
- Save your changes to the LotusConnections-config.xml file.
- After making changes, you must check the configuration files back in and you must do so during the same wsadmin session in which you checked them out for the changes to take effect. See Applying common configuration property changes for information about how to save and apply your changes.