Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
antivirus [2018_02_05 22:29] – [Checking Appliance and ClamAV Integration Configuration] Shorter title steven | antivirus [2022_04_20 11:24] – dan | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | # Virus Scanning | + | # Virus Scanning |
+ | last updated on: April 20, 2022 | ||
- | Enterprise File Fabric prevents the downloading and sharing of malicious files through a ‘scan on write’ approach. As files are uploaded they are scanned. If a virus is detected, the upload fails, and an error is returned immediately to the user or application. | + | The Enterprise File Fabric prevents the downloading and sharing of malicious files through a ‘scan on write’ approach. As files are uploaded they are scanned. If a virus is detected, the upload fails, and an error is returned immediately to the user or application. |
{{:: | {{:: | ||
Line 9: | Line 10: | ||
File solution-brief.pdf uploaded to My Cloud files/ | File solution-brief.pdf uploaded to My Cloud files/ | ||
- | The ClamAV virus scanner | + | ClamAV |
- | In High Availability environments each appliance will run a local ClamAV service | + | In High Availability environments each appliance |
- | Works with: | + | <WRAP center round info 100%> |
+ | Files larger than 1.5GB will be uploaded without being scanned, and only the first 1.5GB of files that expand during scanning to more than 1.5GB will be scanned. | ||
+ | </ | ||
- | * Enterprise Appliance (since 1712.00) | ||
- | ## Configuration | + | ## Service |
- | The virus scanning of uploads is a configuration option for the organization. The option is available when added to the user package. | + | ClamAV must first be enabled and configured on each web node. |
+ | |||
+ | ## 1. Start and Enable ClamAV | ||
+ | |||
+ | SSH to the appliance as user smeconfiguser, | ||
+ | |||
+ | su - | ||
+ | |||
+ | Use systemctl to start and enable ClamAV (that is, will startup on boot): | ||
+ | |||
+ | # systemctl enable clamd@scan | ||
+ | # systemctl start clamd@scan | ||
+ | |||
+ | Next verify that it is running and enabled: | ||
+ | |||
+ | # systemctl status clamd@scan | ||
+ | Loaded: loaded (/ | ||
+ | Active: active (running) | ||
+ | |||
+ | ## 2. Verify Appliance Integration with ClamAV | ||
+ | |||
+ | The appliance configuration file can be found at: | ||
+ | |||
+ | / | ||
+ | |||
+ | Verify that the settings below are configured as shown: | ||
+ | |||
+ | var $enableantivirus = 1; | ||
+ | var $clamavsocketpath = '/ | ||
+ | |||
+ | ## Enabling ClamAV for Organizations | ||
+ | The virus scanning of uploads is a configuration option for organizations. The option is available when added to the user package. | ||
## 1. Adding the ClamAV Option to a User Package | ## 1. Adding the ClamAV Option to a User Package | ||
Line 28: | Line 61: | ||
{{: | {{: | ||
- | ## 2. Enabling Antivirus Scanning | + | ## 2. Enabling Antivirus Scanning |
- | An organization administrator | + | An Organization Administrator |
{{ : | {{ : | ||
Line 35: | Line 68: | ||
## Troubleshooting | ## Troubleshooting | ||
- | ### Checking | + | ### Checking ClamAV Service |
- | The ClamAV service | + | Once started the ClamAV service |
To verify ClamAV has been running successfully check the last entries in the log: | To verify ClamAV has been running successfully check the last entries in the log: | ||
Line 44: | Line 77: | ||
Fri Feb 2 00:34:21 2018 -> SelfCheck: Database status OK | Fri Feb 2 00:34:21 2018 -> SelfCheck: Database status OK | ||
- | Use systemctl to verify ClamAV is both enabled (that is, will startup on boot), and running: | ||
- | |||
- | $ systemctl status clamd@scan | ||
- | Loaded: loaded (/ | ||
- | Active: active (running) | ||
- | |||
- | If needed, to stop, start, enable, disable or restart run systemctl as root: | ||
- | |||
- | systemctl restart clamd@scan | ||
#### Configuration | #### Configuration | ||
Line 60: | Line 84: | ||
/ | / | ||
- | ### Checking | + | ### Checking |
The Freshclam application updates the antivirus signature database. It is preinstalled on the appliance and by default is scheduled to run once an hour. | The Freshclam application updates the antivirus signature database. It is preinstalled on the appliance and by default is scheduled to run once an hour. | ||
Line 81: | Line 105: | ||
/ | / | ||
- | |||
- | ### Checking Appliance Integration with ClamAV | ||
- | |||
- | This configuration file can be found at: | ||
- | |||
- | / | ||
- | |||
- | Make sure the following settings are present: | ||
- | |||
- | var $enableantivirus = 1; | ||
- | var $clamavsocketpath = '/ | ||
### Error: Socket Operation Failed | ### Error: Socket Operation Failed | ||
Line 110: | Line 123: | ||
For a test virus file see https:// | For a test virus file see https:// | ||
- | |||