Previous Topic

Next Topic

Book Contents

Book Index

Antivirus

Using Real-Time Scanners

MOVEit Central can be used to scan downloaded files via its interface to third-party real-time antivirus utilities. These utilities work by immediately deleting infected files as they are written to or read from MOVEit Central's cache directory. MOVEit Central will notice that the file is no longer available and will obtain the infection information from the antivirus logs. It will then take the action that you have configured on the configuration program's Virus tab.

MOVEit Central will consider any individual file transfer that failed because a virus was detected to be a "normal" failure in the sense that it will log a specific "virus found" message in the file failure record and will initiate any configured "failure" next actions (including email alerts) configured for the task. Furthermore, MOVEit Central will consider any task that finds a virus in one of its files to have partially failed, although it will normally continue to transfer all files that did not contain viruses in the same task run.

MOVEit Central currently interfaces with the following antivirus programs:

MOVEit Central will notice and handle infections detected by other real-time antivirus programs, but it will not be able to report the name of the specific virus that was detected.

After connecting to MOVEit Central, use the "Command | Test Antivirus" command from MOVEit Central Admin to test if MOVEit Central and your local antivirus package are successfully communicating.

Notes on Trend Micro OfficeScan. If you are using Trend Micro's OfficeScan, you should be aware that the default installation options enable scanning for only a few file extensions. This will cause the scanner to miss most infections, since by default, MOVEit Central uses random temporary filenames in its cache, not the original filenames. To instruct OfficeScan to scan all filenames, point your browser at its web interface and choose the following links: Clients, Scan Options, Real-Time Scan Settings, Scan Target, All scannable files.

Using Processes to Scan Files On Demand

Less commonly, MOVEit Central can be used to individually scan files in its cache using a third-party antivirus program. To actively scan each file passing through MOVEit Central, you would probably use the included "Run DOS Command.vbs" script or a derivation to kick off the command-line utility provided by your antivirus client. This script runs a single command and errors out if a command-line antivirus client returns a code other than 0. Alternatively, you could compose a script to invoke a COM interface of an antivirus client. This approach is more work, but could also supply MOVEit Central with more information.

One caveat that applies to this approach is that you must configure your real-time antivirus client to ignore the MOVEit Central cache folder to avoid interference between the two scanning mechanisms.