Configure web resources and virus scan properties

Web resources properties include the Connections server and port for URLs. Virus scan properties include the virus scanning server used to scan uploaded files for viruses. Create these configuration properties in connections.xml.

Anti-virus enablement for Library is added with the CR1 release, but all other components supported it before CR1. If FileNet Collaboration Services (FNCS) and IBM Connections are in the same WAS cell, follow the instructions in Enable virus scanning. If FNCS and IBM Connections are on different cells, carry out these steps.

When FileNet is on a different WAS cell than IBM Connections, it cannot access the configuration values in LotusConnections-config.xml. Instead, create the configuration properties for Connections web resources and virus scans in connections.xml.

When FileNet is on the same WAS cell as IBM Connections, you do not have to create connections.xml. Set antivirus settings in LotusConnections-config.xml.

To configure web resources and virus scan settings:

1. Apply the anti-virus filter, download the filter auth_filter_patch.zip in
   /opt/IBM/Connections/ccm/ccm/ccm/auth_filter_patch

2. Update FNCS. Browse to Security > Global security > Web security > General settings.

3. Enable use of authentication data on unprotected URLs. Select Authenticate only when the URI is protected and check Use available authentication data when an unprotected URI is accessed.

4. Modify role mappings for FNCS, take the following steps on the administrative console:
   Applications | WebSphere Enterprise Applications | FNCS | Security role to user/group mapping | Authenticated | Map Special Subjects | Everyone

5. Install the authentication filter code, take the following steps on the administrative console:

   1. Browse to...
      Applications | WebSphere Enterprise Applications | FNCS application | Update | Application Update Options | Replace, add, or delete multiple files | auth_filter_patch.zip
      • Click Next and OK to update the application.

6. On the cell containing the FNCS application, create a file named connections.xml under wasprofile/config/cells/cellname

7. Add the following content to the file:

   <?xml version="1.0"?>
   <config>
       <webresources url="http://myurl.com/connections/resources"
                    ssl_url="https://myurl.com/connections/resources"/>
   
        <avFilter class="AVScannerICAP">
             <property>av.scanner.servers=myscanner.host.com</property>
             <property>exception.on.virus=yes</property>
             <property>av.scanner.service=myScannerService</property>
             <property>av.chunk.size=50000</property>
             <property>first.read.timeout=120000</property>
        </avFilter>
       
       <properties>
            <genericProperty name="ecmVirusScanTempDir">c:/ecmVirusScanTemp</genericProperty>
       </properties>
   </config>

   avFilter settings are optional and are needed only if we are enabling virus scan. The following list defines the properties that can be included in connections.xml.

   webresources

   Specifies the Connections server and port for secure socket layer (SSL) and non-SSL URLs.

   av.scanner.servers

   Define the virus scanning server to use to scan uploaded files for viruses. Replace my.virus.scanning.server.com with a list of one or more of the virus scanning servers used by the organization. Separate multiple servers with a comma. For example:

   <property>av.scanner.servers=ssoc.acme.com</property> or <property>av.scanner.servers=ssoc1.acme.com,ssoc2.acme.com</property>

   exception.on.virus

   Define what to do when a virus is found. This property must always be set to yes.

   av.scanner.service

   Define the service name used by the anti virus scanner. Set this property to AVSCAN for Symantec, and RESPMOD for McAfee.

   av.chunk.size

   Define the data transfer rate in bytes. This property is not displayed in the configuration file by default. To specify a value for it, add it.

   first.read.timeout

   Define timeout length in milliseconds. This property is not displayed in the configuration file by default. To specify a value for it, add it.

   ecmVirusScanTempDir

   Specifies a virus scan temporary directory. Used only if virus scan is enabled and is optional. If we do not specify ecmVirusScanTempDir, the temp directory of the Java virtual machine is used by default.

8. Save connections.xml.

9. Restart the FNCS application in WebSphere Application Server to apply the configuration changes.

Results

Once virus scanning is running on the environment, any scanning-related errors are written to SystemOut.log. If a user tries to upload a file containing a virus, the upload stops and the following message is displayed on the upload dialog:

A virus was detected in the file we are trying to upload. Please run a local virus scan on this file before uploading it again.

Parent topic:
Administer Libraries

Related:

Change common configuration property values

Enable virus scanning