+

Search Tips   |   Advanced Search

Enable virus scanning

Edit configuration property settings to force the applications that handle uploaded files to scan all files for viruses.

IBM Connections does not provide virus scanning software, but it does enable you to use existing virus scanning services implemented within the corporate infrastructure. Before you begin this procedure, find out the location of the virus scanning service.

Connections supports the Internet Content Adaptation Protocol (ICAP) and its applications use this protocol to communicate with virus detection products. Ensure the virus detection product used in the enterprise supports the ICAP 1.0 protocol. IBM Connections is certified to work with Symantec AntiVirus Scan Engine 5.1 and McAfee web Security Appliance (3400) and (3300).

Disable any file cleaning services provided by the virus scanning product we are using. Cleaning must be disabled for the virus scanner to interact properly with Connections. See the documentation for the virus scanner to determine how to disable file cleaning.

The Bookmarks and Home page applications do not implement virus scanning because no files or images are uploaded to those application databases. To enable virus scanning for Activities, Blogs, Communities, Files, Forums, Profiles, and Wikis:

  1. Use the wsadmin client to access and check out the Connections configuration files.

    1. Access the Connections configuration file: execfile("connectionsConfig.py")

      If we are prompted to specify a service to connect to, type 1 to select the first node in the list. Most commands can run on any node. If the command writes or reads information to or from a file by using a local file path, we must select the node where the file is stored. This information is not used by the wsadmin client when we are making configuration changes.

    2. Check out Connections configuration files:

        LCConfigService.checkOutConfig("/tmp","cell_name")

      where:

      • /tmp is the temporary working directory to which configuration files are copied. The files are kept in this working directory while you edit them.

      • With Windows, use a forward slash for the directory.

        • For example: "/tmp".

        • AIX , and Linux only: The directory must grant write permissions or the command fails.

      • To determine: print AdminControl.getCell()

  2. From the temporary directory to which you just checked out the Connections configuration files, open LotusConnections-config.xml in a text editor.

  3. Uncomment the following block of XML, which can be found in the avFilter section: 
    <!--avFilter class="AVScannerICAP">
  <property>av.scanner.servers=myscanner.host.com</property>
  <property>exception.on.virus=yes</property>
  <property>av.scanner.service=scanner.service</property>
</avFilter-->

  4. Replace references to scanner.service with the name of the ICAP response modification service on the ICAP-enabled scanner. Select one of the following options:

    RESPMOD

    Represents McAfee virus scanning software

    AVSCAN

    Represents Symantec virus scanning software

    Or add the ICAP response modification service for the virus scanning software to support.

  5. Replace references to myscanner.host.com with the server name or IP address of the system hosting the virus scanner. To specify more than one server, separate multiple server names or IP addresses with commas. For example: 
    <avFilter class="AVScannerICAP">
  <property>av.scanner.servers=my.virus.scanning.server.com</property>
  <property>exception.on.virus=yes</property>
  <property>av.scanner.service=RESPMOD</property>
</avFilter>

  6. To support scanning large files, specify values for the av.chunk.size and first.read.timeout properties: For example: 
    <avFilter class="AVScannerICAP">
  ...
  <property>av.chunk.size=50000</property>
  <property>first.read.timeout=120000</property>
</avFilter>

    If the scanner is not available, uploads are rejected to prevent someone from executing a denial of service attack against the scanner, intending to then upload an infected file. In the first.read.timeout property, we can set the number of milliseconds to allow a service to attempt to reach the scanner before rejecting the request.

  7. Save the changes to LotusConnections-config.xml.

  8. After making changes, check the configuration files back in and we must do so during the same wsadmin session in which you checked them out for the changes to take effect. See Applying common configuration property changes for information about how to save and apply the changes.


What to do next

Once virus scanning is running in the environment, any scanning-related errors are written to SystemOut.log. See Troubleshooting virus scanning for information about possible errors and their causes.


Parent topic:
Security


Related:

Configure web resources and virus scan properties

Apply common configuration property changes

Related reference:

Troubleshooting virus scanning