Differences

This shows you the differences between two versions of the page.

--- antivirus [2018_02_05 22:29] – [Checking Appliance and ClamAV Integration Configuration] Shorter title steven
+++ antivirus [2020_08_12 23:39] – doug
@@ Line 1: / Line 1: @@
-# Virus Scanning
+# Virus Scanning Protection
-Enterprise File Fabric prevents the downloading and sharing of malicious files through a ‘scan on write’ approach. As files are uploaded they are scanned. If a virus is detected, the upload fails, and an error is returned immediately to the user or application.
+The Enterprise File Fabric prevents the downloading and sharing of malicious files through a ‘scan on write’ approach. As files are uploaded they are scanned. If a virus is detected, the upload fails, and an error is returned immediately to the user or application.
 {{::antivirus:file-mgr_file-infected-error.png?800|}}
@@ Line 9: / Line 9: @@
     File solution-brief.pdf uploaded to My Cloud files/mybucket. Scanned with antivirus ClamAV 0.99.2/24143/
-The ClamAV virus scanner included is a high performance multi-threaded daemon supporting many file formats including file and archive unpacking.
+ClamAV is the officially supported virus scanner available for use with the File Fabric. ClamAV is a high performance multi-threaded daemon supporting many file formats including file and archive unpacking.
-In High Availability environments each appliance will run a local ClamAV service (as configured by default).  Files added outside of the File Fabric, directly to the external storage and discovered through provider synchronization, are not scanned.
+In High Availability environments each appliance serving web traffic will be required to run a local ClamAV service .  Files added outside of the File Fabric, directly to the external storage and discovered through provider synchronization, are not scanned.
 Works with:
@@ Line 17: / Line 17: @@
 * Enterprise Appliance (since 1712.00)
-## Configuration
+## Service Configuration
-The virus scanning of uploads is a configuration option for the organization. The option is available when added to the user package.
+ClamAV must first be enabled and configured on each web node.
+## 1. Start and Enable ClamAV
+SSH to the appliance as user smeconfiguser, then become root
+    su -
+Use systemctl to start and enable ClamAV (that is, will startup on boot):
+    # systemctl enable clamd@scan
+    # systemctl start clamd@scan
+Next verify that it is running and enabled:
+    # systemctl status clamd@scan
+    Loaded: loaded (/usr/lib/systemd/system/clamd@scan.server; enabled;...
+    Active: active (running)
+## 2. Verify Appliance Integration with ClamAV
+The appliance configuration file can be found at:
+    /var/www/smestorage/public_html/config.inc.php
+Verify that the settings below are configured as shown:
+    var $enableantivirus = 1;
+    var $clamavsocketpath = '/var/run/clamd.scan/clamd.sock';
+## Enabling ClamAV for Organizations
+The virus scanning of uploads is a configuration option for organizations. The option is available when added to the user package.
 ## 1. Adding the ClamAV Option to a User Package
@@ Line 28: / Line 59: @@
 {{:antivirus:userpkg_addons.png?700|}}
-## 2. Enabling Antivirus Scanning for an Organization
+## 2. Enabling Antivirus Scanning
-An organization administrator can enable virus scanning for uploads under Organization > Policies  > Security:
+An Organization Administrator can enable virus scanning for uploads under Organization > Policies  > Security:
 {{ :antivirus:org_oolicies_enable_antivirus.png |}}
@@ Line 35: / Line 66: @@
 ## Troubleshooting
-### Checking that the ClamAV Service is On
+### Checking ClamAV Service Logs
-The ClamAV service is preinstalled on the appliance and is enabled and running by default.
+Once started the ClamAV service will generate log data.
 To verify ClamAV has been running successfully check the last entries in the log:
@@ Line 44: / Line 75: @@
     Fri Feb 2 00:34:21 2018 -> SelfCheck: Database status OK
-Use systemctl to verify ClamAV is both enabled (that is, will startup on boot), and running:
-    $ systemctl status clamd@scan
-    Loaded: loaded (/usr/lib/systemd/system/clamd@scan.server; enabled;...
-    Active: active (running)
-If needed, to stop, start, enable, disable or restart run systemctl as root:
-    systemctl restart clamd@scan
 #### Configuration
@@ Line 60: / Line 82: @@
     /etc/clamd.d/scan.conf
-### Checking that Freshclam is Updating Signatures
+### Checking Virus Signatures are Fresh
 The Freshclam application updates the antivirus signature database. It is preinstalled on the appliance and by default is scheduled to run once an hour.
@@ Line 81: / Line 103: @@
     /var/www/smestorage/config/clamd/freshclam.conf
-### Checking Appliance Integration with ClamAV
-This configuration file can be found at:
-    /var/www/smestorage/public_html/config.inc.php
-Make sure the following settings are present:
-    var $enableantivirus = 1;
-    var $clamavsocketpath = '/var/run/clamd.scan/clamd.sock';
 ### Error: Socket Operation Failed
@@ Line 110: / Line 121: @@
 For a test virus file see https://en.wikipedia.org/wiki/EICAR_test_file.