The use of anti-virus products on both desktop and server computers tends to be an important part of a corporate information security policy. Because a MOVEit Transfer server is typically placed in a network segment that is exposed to the Internet, the use of a well-maintained anti-virus product on the server is generally recommended. However, there are a few points to keep in mind when setting up an anti-virus product on a server running MOVEit Transfer. This section provides MOVEit Transfer operators with information and recommended configurations regarding the use of anti-virus products on a MOVEit Transfer server.
Note: See Feature Focus - Content Scanning - Anti-virus.
Because MOVEit Transfer is a secure file transfer and storage system, there are two main reasons why an operator would want to run anti-virus on the host server:
Protecting the host server from virus infection is certainly important in making sure that the system runs reliably, and we recommend the installation and use of a suitable anti-virus program to do so. Inspecting the files being stored on and transferred through the MOVEit Transfer application, however, is not possible due to the security model of the application.
MOVEit Transfer encrypts files before writing them to disk. As a result, the unencrypted file data is never available on disk, and therefore never available to disk-checking anti-virus programs. For maximum security, most files are not stored in memory in their entirety, but are instead read and written in smaller chunks. This makes most files unavailable to memory-checking anti-virus programs as well.
In addition to the fact that an anti-virus program should never be able to identify an actual virus in a file that is encrypted by MOVEit Transfer, the nature of file encryption makes false positives a possibility as well. It is possible that the process of encrypting a file can generate inside that file a sequence of bytes that anti-virus programs may read as a virus signature. Therefore, it is recommended that anti-virus programs be configured to ignore the MOVEit Transfer encrypted file store entirely.
In order to verify that files transferred through a MOVEit Transfer server are virus-free, the best place to install anti-virus software is on an internal MOVEit Automation or other platform where the complete, unencrypted files are placed for further processing. In fact, virus detection, quarantining, and/or cleaning actions performed by most real-time anti-virus packages will be logged in the MOVEit Automation transaction log.
When installing and configuring an anti-virus program on a MOVEit Transfer server, there are a few points which should be kept in mind: