|
|
|
|
|
Using Real-Time Scanners
MOVEit Automation can be used to scan downloaded files via its interface to third-party real-time antivirus utilities. These utilities work by immediately deleting infected files as they are written to or read from the MOVEit Automation cache directory. MOVEit Automation will notice that the file is no longer available and will obtain the infection information from the antivirus logs. It will then take the action that you have configured on the configuration program's Virus tab.
MOVEit Automation will consider any individual file transfer that failed because a virus was detected to be a "normal" failure in the sense that it will log a specific "virus found" message in the file failure record and will initiate any configured "failure" next actions (including email alerts) configured for the task. Furthermore, MOVEit Automation will consider any task that finds a virus in one of its files to have partially failed, although it will normally continue to transfer all files that did not contain viruses in the same task run.
MOVEit Automation currently interfaces with the following antivirus programs:
MOVEit Automation will notice and handle infections detected by other real-time antivirus programs, but it will not be able to report the name of the specific virus that was detected.
After connecting to MOVEit Automation, use the Command > Test Antivirus command from MOVEit Automation Admin to test whether MOVEit Automation and your local antivirus package are successfully communicating.
Notes on Trend Micro OfficeScan. If you are using Trend Micro OfficeScan, you should be aware that the default installation options enable scanning for only a few file extensions. This will cause the scanner to miss most infections, since by default, MOVEit Automation uses random temporary filenames in its cache, not the original filenames. To instruct OfficeScan to scan all filenames, point your browser at its web interface and choose the following links: Clients, Scan Options, Real-Time Scan Settings, Scan Target, All scannable files.
Using Processes to Scan Files On Demand
Less commonly, MOVEit Automation can be used to individually scan files in its cache using a third-party antivirus program. To actively scan each file passing through MOVEit Automation, you would probably use the included Run DOS Command.vbs script or a derivation start the command-line utility provided by your antivirus client. This script runs a single command and errors out if a command-line antivirus client returns a code other than 0.
Alternatively, you could compose a script to invoke a COM interface of an antivirus client. This approach is more work, but could also supply MOVEit Automation with more information. If you use this approach, you must configure your real-time antivirus client to ignore the MOVEit Automation cache folder to avoid interference between the two scanning mechanisms.
Note: When setting files to scan in your Antivirus program, you must exclude mic*.xml config/state/hash files to improve the performance.