The use of anti-virus products on both desktop and server computers tends to be an important part of a corporate information security policy. Since a MOVEit DMZ server is typically placed in a network segment that is exposed to the Internet, the use of a well-maintained anti-virus product on the server is generally recommended. However, there are a few points to keep in mind when setting up an anti-virus product on a server running MOVEit DMZ. This section is intended to provide MOVEit DMZ operators with information and recommended configurations regarding the use of anti-virus products on a MOVEit DMZ server.
Note: See Feature Focus - Content Scanning - Anti-virus.
Since MOVEit DMZ is a secure file transfer and storage system, there are two main reasons why an operator would want to run anti-virus on the host server:
Protecting the host server from virus infection is certainly important in making sure that the system runs reliably, and we recommend the installation and use of a suitable anti-virus program to do so. Inspecting the files being stored on and transferred through the MOVEit DMZ application, however, is not possible due to the security model of the application.
One of MOVEit DMZ's hallmark features is that it encrypts files before writing them out to disk. As a result, the unencrypted file data is never available on disk, and therefore never available to disk-checking anti-virus programs. For maximum security, most files are not even stored in memory in their entirety, but are instead read and written in smaller chunks. This makes most files unavailable to memory-checking anti-virus programs as well.
In addition to the fact that an anti-virus program should never be able to identify an actual virus in a MOVEit-DMZ-encrypted file, the nature of file encryption makes false positives a possibility as well. It is possible that the process of encrypting a file can generate inside that file a sequence of bytes that anti-virus programs may read as a virus signature. Therefore, it is recommended that anti-virus programs be configured to ignore the MOVEit DMZ encrypted file store entirely.
In order to verify that files transferred through a MOVEit DMZ server are virus-free, the best place to install anti-virus software is on an internal MOVEit Central or other platform where the complete, unencrypted files are placed for further processing. In fact, virus detection, quarantining, and/or cleaning actions performed by most realtime anti-virus packages will be logged in MOVEit Central's transaction log.
When installing and configuring an anti-virus program on a MOVEit DMZ server, there are a few points which should be kept in mind: