This section allows sysadmins to enable scanning of incoming files using a remote anti-virus server. MOVEit Transfer will submit incoming files to the anti-virus (AV) and/or Data Loss Prevention (DLP) server using the ICAP protocol. Files that are clean are then passed into the MOVEit Transfer filesystem.
Note: If you are using the AS2 Module to transfer files, be aware that content scanning does not apply to AS2 transfers. Use MOVEit Automation to scan AS2 transfers for viruses.
For more information on the Content Scanning feature and associated logs and reporting, see the Feature Focus - Content Scanning topic.
A name for the content scanner and the location (Server URL) for the content scanner are required settings. All of the Content Scanning settings apply to all MOVEit Transfer hosts on the system. The settings are described below:
Note: You can enable or disable Content Scanning for each organization in Settings - Security Policies - Content Scanning. You need to be signed on as an Organization administrator.
Note: Large maximum or no maximum policies can slow performance and can depend on the performance and capabilities of your third-party AV scan engine.
The following screen shows an example of the configuration for a Sophos ICAP AV scanner.
If a file was scanned, file detail pages will display the ICAP server information.
If a file fails the scan, an error message appears on the browser page of the user who uploaded the file.
Also, log file entries report the user-configured name of the ICAP server used during the file upload. File records also report the self-identification, version, and virus definition or DLP policy tag from the server.
Error code numbers (6100 - 6103) are used to report AV errors. This will help when filtering logs. If an upload fails due to content scanning, the corresponding log table records will contain the AV server name and, if possible, the name of the virus.
Error code numbers 0 and 6150 are used to report DLP policy violations, as follows:
Notification macros for content scanning, if enabled, can report the scan results for both anti-virus (AV) and data loss prevention (DLP) scans.
AV and/or DLP information may be included in the following notifications:
The standard templates for these notifications do not include the content scanning results. You can add the macros that report the scan results by creating custom notification templates. Custom notifications are set in an organization via Settings | Appearance | Notification | Custom.
You can add a Content Scanning report which shows blocked content scanning violations. An example of a violation is a file that failed an anti-virus (AV) check or violated a data loss protection (DLP) policy and was blocked. In this case, the report will show the name of the scanner, the file name, and the name of the virus (if known) or policy. If you are logged in as administrator for an organization, the report shows violations for your organization. If you are logged in as a system administrator, the report can show multiple organizations.