|
|
|
|
|
Using Real-Time Scanners
MOVEit Central can be used to scan downloaded files via its interface to third-party real-time antivirus utilities. These utilities work by immediately deleting infected files as they are written to or read from the MOVEit Central cache directory. MOVEit Central will notice that the file is no longer available and will obtain the infection information from the antivirus logs. It will then take the action that you have configured on the configuration program's Virus tab.
MOVEit Central will consider any individual file transfer that failed because a virus was detected to be a "normal" failure in the sense that it will log a specific "virus found" message in the file failure record and will initiate any configured "failure" next actions (including email alerts) configured for the task. Furthermore, MOVEit Central will consider any task that finds a virus in one of its files to have partially failed, although it will normally continue to transfer all files that did not contain viruses in the same task run.
MOVEit Central currently interfaces with the following antivirus programs:
MOVEit Central will notice and handle infections detected by other real-time antivirus programs, but it will not be able to report the name of the specific virus that was detected.
After connecting to MOVEit Central, use the Command > Test Antivirus command from MOVEit Central Admin to test whether MOVEit Central and your local antivirus package are successfully communicating.
Notes on Trend Micro OfficeScan. If you are using Trend Micro OfficeScan, you should be aware that the default installation options enable scanning for only a few file extensions. This will cause the scanner to miss most infections, since by default, MOVEit Central uses random temporary filenames in its cache, not the original filenames. To instruct OfficeScan to scan all filenames, point your browser at its web interface and choose the following links: Clients, Scan Options, Real-Time Scan Settings, Scan Target, All scannable files.
Using Processes to Scan Files On Demand
Less commonly, MOVEit Central can be used to individually scan files in its cache using a third-party antivirus program. To actively scan each file passing through MOVEit Central, you would probably use the included Run DOS Command.vbs script or a derivation start the command-line utility provided by your antivirus client. This script runs a single command and errors out if a command-line antivirus client returns a code other than 0.
Alternatively, you could compose a script to invoke a COM interface of an antivirus client. This approach is more work, but could also supply MOVEit Central with more information. If you use this approach, you must configure your real-time antivirus client to ignore the MOVEit Central cache folder to avoid interference between the two scanning mechanisms.
Note: When setting files to scan in your Antivirus program, you must exclude mic*.xml config/state/hash files to improve the performance.