docave antivirus 2.0 for microsoft sharepoint · docave antivirus 2.0 for microsoft sharepoint user...
TRANSCRIPT
Page | 1
DocAve Antivirus 2.0 for Microsoft SharePoint
User Guide
Protect your SharePoint Farm Using the DocAve Antivirus Solution for Microsoft SharePoint
This document is intended for anyone wishing to
familiarize themselves with the user interface and
basic functionality of DocAve Antivirus, including
real-time and scan-based farm protection from
malicious viruses and other malware.
Page | 2
Table of Contents
Table of Contents................................................................................................................................................... 2
Basic Overview .......................................................................................................................................................... 3
Requirements ............................................................................................................................................................ 3
Supported Platforms ............................................................................................................................................. 3
Installation ............................................................................................................................................................ 4
Installation steps ....................................................................................................................................................... 4
Front-end Settings ..................................................................................................................................................... 4
License Management ............................................................................................................................................ 5
Patch Management .............................................................................................................................................. 5
Setup Basics ........................................................................................................................................................... 5
Database Configuration............................................................................................................................................. 5
Creating a new database ...................................................................................................................................... 5
Connecting to an existing database ...................................................................................................................... 6
General Settings .................................................................................................................................................... 6
Quarantine Settings .................................................................................................................................................. 6
Log Settings ............................................................................................................................................................... 7
Email Profile .............................................................................................................................................................. 7
Email Settings ............................................................................................................................................................ 8
Editing the email template ..................................................................................... Error! Bookmark not defined.
Scan Engines Management ....................................................................................................................................... 8
Scheduled Scan Profile .............................................................................................................................................. 9
Antivirus .............................................................................................................................................................. 10
Real-Time Scan ........................................................................................................................................................ 10
Scheduled Scan ....................................................................................................................................................... 10
Reporting ................................................................................................................................................................. 11
Page | 3
Before You Begin
Basic Overview The DocAve Antivirus for Microsoft SharePoint is used to scan content as it is uploaded as well as scanning
content already existing in your SharePoint environment for viruses. It is fully integrated in SharePoint’s
Central Admin, from where you can deploy and manage the filters on your SharePoint web front-end (WFE)
servers easily. Access to this tool is limited to the SharePoint farm administrator.
Requirements The supported platforms and requirements for DocAve Antivirus are listed below:
Supported Platforms Like all DocAve products, Antivirus for Microsoft SharePoint is runs in a Manager/Agent configuration. This
configuration requires that the Manager be installed in the SharePoint Central Administrator and the Agents
deployed to all SharePoint web front-ends (WFE) where users are able to create or upload content. By
ensuring that the Agents have been deployed to all WFEs you can provide full protection for your farm. The
SharePoint WFE and SharePoint Central Administrator must be running on:
Microsoft Office SharePoint Server (MOSS) 2007 or
Windows SharePoint Services (WSS) v3
Windows Server 2003 or 2008
SQL Server 2005 or 2008
.NET Framework v2 or higher
Page | 4
Installation
The Installation Wizard will guide you through the installation process. By following the steps below, you will
have DocAve Antivirus protecting your environment very quickly.
Manager Installation Steps Ensure that the Installation Wizard is run on the SharePoint Central Admin server first. This will allow you
to deploy the WFE agents for this software easily from the Central Administrator.
Note: if you have installed the previous version of the Antivirus and Content Shield, and are now upgrading to
DocAve Content Shield 1.3, please uninstall the previous version of Antivirus and Content Shield first before
installing DocAve Content Shield 1.3.
1. Download the Content Shield .ZIP file by requesting a demo version from
http://www.avepoint.com/download/ or by contacting an AvePoint representative for links to
this package.
2. Unzip the package on your SharePoint Central Admin Server.
3. Run the Setup.exe file found in the unzipped directory.
4. Follow the steps on screen for configuring this tool. You will be asked for your name, company
information, and for a directory location to install this software.
5. After installing the tool, you will be prompted to restart IIS* in order to complete the installation.
You can choose to reset IIS later by selecting No.
*Note: The IIS reset does not immediately restart the IIS service, but performs a “no-force” reset
of the IIS processes. Any processes currently running will be allowed to finish before this reset
takes place. If you choose to reset IIS at a later time, the installation will not be completed until it
is reset.
Congratulations! The SharePoint Content Shield is now installed on your environment.
Web Front-end Settings In order to protect your SharePoint environment, you need to configure DocAve Antivirus on each SharePoint
web front-end server (WFE) in your environment. . The WFE will control both the scheduled scan and
real-time scan of your environment.
1. Navigate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint >
Front-End Settings. This will list the available front-end servers in the Front-end Server list.
2. Click on the name of the front-end server where you want to deploy DocAve Antivirus, and select
Deploy Now.
Page | 5
License Management After installation, you must next apply the Antivirus license file for your Front-end servers. You can obtain
this license from your AvePoint sales representative. To assign a license to the Front-end server, please follow
the steps below:
1. Navigate to Central Administration > Operations > DocAve Antivirus > Front-End Settings.
2. Click the Browse button and select the license you want to apply under the License Management
section.
3. Click the Apply button, detailed information about the license will then be listed above.
4. Select the front-end server you want to assign the license to from the front-end server List by
clicking the front-end server’s name, and then clicking Assign License.
5. After assigning a license to a front-end server, the license status of the server will change to
Assigned.
Patch Management DocAve Antivirus for Microsoft SharePoint Patch Management allows you to update the current version of
DocAve Antivirus from within the program.
1. Navigate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint >
Front-End Settings.
2. Click the Browse button and select the patch you want to load under the Patch Management
section.
3. Click the Load button, the detailed information for this patch will be listed underneath.
Setup Basics
Database Configuration The DocAve Antivirus for Microsoft SharePoint installation requires an application database to store its
settings and configuration. You can deploy this application database to the same SQL server instance as
SharePoint or to another SQL instance connected to your network. We recommended that you use the same
SQL server as SharePoint.
Creating a new database To create a new database for the DocAve Antivirus for Microsoft SharePoint, follow the steps below.
1. Navigate to the Central Administration -> Operations tab. Here you will see the AvePoint Tools
and Services field. Click the DocAve Antivirus for Microsoft SharePoint option.
2. If you did not specify a database for the application during installation, an interface will pop-up
and prompt you to do so.
Page | 6
3. Select the Create a New Database option from the Application Database Type category.
4. Enter the database server name into the Database Server text box, and then the database name
for the new database you want to create for DocAve Antivirus.
5. Select an authentication type by checking the corresponding check-box. If you select the SQL
Server Authentication option, you will need to enter the necessary information in the SQL
Username and password fields.
6. Click the Create button to create the new database for the application.
Connecting to an existing database To connect an existing database to use as the DocAve Antivirus for Microsoft SharePoint application database,
follow the steps below:
1. Navigate to the Central Administration -> Operations tab. Here you will see the AvePoint Tools
and Services field. Click the DocAve Antivirus for Microsoft SharePoint option.
2. If you did not specify a database for the application during installation, an interface will pop-up
prompting you to do so.
3. Select the Connect to an Existing Database option from the Application Database Type.
4. Enter the database server name into the Database Server text box, and then the database name
you want to create for DocAve Antivirus.
5. Select an authentication type by checking the corresponding check-box. If you select the SQL
Server Authentication option, you will need to enter the necessary information in the SQL
Username and password fields.
6. Click the Connect button. This will connect the database to the application.
*Note: In order to protect your environment, it is recommended to create a new database by DocAve Antivirus
for Microsoft SharePoint or connect to an existing database which created by another DocAve Antivirus for
Microsoft SharePoint WFE installation.
General Settings
This section details several important settings to configure for DocAve Antivirus for Microsoft SharePoint.
Quarantine Settings The DocAve Antivirus for Microsoft SharePoint application gives you the option of either deleting data or
storing offending data in a quarantined location in your environment, preventing access to the offending
content from SharePoint. Access to this location should be restricted as the contents of the quarantined
location may be infected or harmful. Using these settings, you can specify the location, maximum space, time
period to keep the files, the email notification and quarantine clearing options.
Page | 7
1. Naviagate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint >
Quarantine Settings.
2. Enter a location for the quarantine into the Quarantine Path area. If the path you specify is a
network path, you must specify a user account with access to that location.
3. Set the maximum space for the quarantine, and then specify the time period to keep files in the
quarantine.
4. You may optionally select the Warning Notification option. When selected, the program will
send a notification email once the capacity of the quarantine location is less than 10% of the
available quarantine space.
5. Checking the Auto Clean Quarantine option will automatically clean up the files in the quarantine
location.
6. Click the Save button to save the configration. You can go to View Quarantine to view the files
in the quarantine.
Log Settings These settings allow you to configure the log level for each feature and specify the maximum storage time for
the log report. After configuring these settings, click the Save button to save the settings or the Reset button
to clear the configuration.
*Note: If you are experiencing any issues with this product, we recommend setting all log-levels to Debug
before contacting AvePoint technical support.
Email Profile This section allows you to create various email profiles containing different mailing lists, which can then be
selected to receive emails after certain events. To set up an email notification profile, follow the steps
below:
1. Navigate to Central Administration > Operations > DocAve Antivirus > Email Profiles. From here,
you can view any previously created email profiles in the left-hand column.
2. Click the New button to create a new profile. Enter a profile name into the provided field.
3. Enter your Microsoft Exchange Outgoing Mail Server (SMTP) and specify the corresponding port
for it. The default smtpport number for most environments is 25.
4. You must configure the Email Server Authentication if you have configured any corresponding
authentication for your mail server.
5. In the Sender field, enter the email address you would like the notifications to come from.
6. Enter the recipients you would like to include in this profile under the Recipients field. Multiple
recipients can be added to the recipient text box by entering each new recipient on their own
line.
7. You can click the Test button to test the configuration. If the test is successful, the recipient(s)
you have specified for this profile will receive a test email message.
Page | 8
8. Click the Save button to save the configuration, it will now be listed under Email Profiles and can
be selected to receive notifications from the DocAve Conten Shield.
*Note: Please ensure that the account used to send emails is not in the profile’s recipients list. This will
cause an error in the messaging system.
Email Settings This section is used to further customize the notifications which the recipients of an email profile will receive.
Begin by selecting the desired email profile by selecting the profile from the drop-down box for each module,
you can then edit the mail template for each module.
Editing the email template 1. Navigate to Central Administration > Operations > DocAve Antivirus > Email Settings.
2. Click the Edit Mail Template for the module you want to edit, you will be taken to the Edit
Template page.
3. Select the keywords you want to add to the subject from the first Value Keywords drop-down box,
and then click the Add button, the keywords will be added into the subject.
4. Select the keywords you want to add to the message body from the second Value Keywords
drop-down box, and then click the Add button, the keywords will be added into the main body.
5. You can then enter the content you want to view in the email.
6. Click the OK button to save the configuration for specific feature; or the Cancel button to cancel
the settings.
Scan Engines Management In this section, you can view information about the Trend Scan Engine, update the scan engine, and clear the
collected statistics. By default, the scan engine is set to automatically check for scan engine updates on a
schedule. You can change this by going to the Virus Signature Database Version > Update tab, and then
unselecting the check-box next to Schedule. Each WFE must be able to access the Internet in order to update
the scan engine. If your WFEs do not have internet access and you wish to configure a proxy server you may
do so under the Settings tab. Here you can specify a Client Proxy to update the scan engine for any WFEs
that cannot access the Internet.
1. Check the User HTTP proxy server check box.
2. Enter the IP address or the machine name of the server which you want to utilize as a proxy to
update the scan engine. Please ensure this machine can access the Internet.
3. Specify a TCP/IP port for the Scan Engine. By default, the port number is 80.
4. Enter a username and password with the appropriate level of access to this machine.
5. Click Ok to save the configuration, all WFEs will update the scan engine through this specified
machine.
*Note: Please make sure you can connect to the machine from the Central Admin Server and all other WFEs.
Page | 9
Scheduled Scan Profile These profiles allow you to configure the basic settings for scheduled scan jobs.
Profile Name: enter a profile name for the scheduled scan profile into the provided field.
Number of Threads: this will start several threads while scanning for a virus. The scans will be
faster and more efficient if you specify a higher thread number; however, this will require more
system resources.
Scan File Versions: Scans all versions of the files in SharePoint if you select this option, since each
SharePoint version is a unique object, it is recommended that all versions are scanned.
File Filter Policy: you can select the filter policy by clicking the corresponding radio box, and then
enter the file extensions into the provided field, the files will be excluded or included from the
scheduled scan job. Multiple policies can be added to the text box by entering each on a separate
line. If you have selected the Exclude from file filter option, Antivirus will not scan files with the file
extension in the provided field. If you select the Include in file filter option, it will only scan the
files with the file extension in the provided field.
Virus Scan Action: Allows you to configure what happens to infected files for different file rules
during a scheduled scan job.
Basic Virus Rule: The operation specified in this field is used for the files infected with
common repairable viruses. There are four actions you can select: Clean, Quarantine, Delete,
and Report only.
Clean: Cleans the infected documents by deleting the infected parts of the file.
Quarantine: Creates a .dat file and .xml file of the infected file will be created in the
quarantine.
Delete: the content of the infected file will be replaced by detailed information of the
job which deleted it.
Report only: Generates a report for each infected file. You can navigate to Central
Administration > Operations > DocAve Antivirus for Microsoft SharePoint > Reports
and click on the corresponding scheduled scan job to view the reports.
Un-repairable Virus Rule: The operation specified in this field is used for the files infected
with the un-repairable viruses. There are three actions you can select: Delete File, Delete File
and Quarantine, and Report only.
Delete File: Contents of the infected file will be replaced by a detailed report of the
job that deleted it.
Delete File and Quarantine: Contents of the infected file will be replaced by the
detailed information of the job. A corresponding .dat file and .xml file will be created
in the quarantine location.
Report only: Generates a report for each infected file. You can navigate to Central
Administration > Operations > DocAve Antivirus for Microsoft SharePoint > Reports
and click on the corresponding scheduled scan job to view the reports.
Page | 10
Click the Save button to save the configuration, and then the profile will be listed on the left column.
Antivirus
After configuring the basic settings above, you may now configure the settings to scan files for viruses in
SharePoint. DocAve Antivirus for Microsoft SharePoint allows you create rules for the scan engine which it will
use to scan the content in SharePoint accordingly.
Real-Time Scan
After configuring the initial settings, DocAve Antivirus will perform a real-time scan of the files in the
SharePoint farm with this product deployed. There are several options you can configure for real-time
scanning:
Antivirus Settings: Specifies when you want the files to be virus scanned, whether users are
allowed to download infected documents, and whether you want your virus scanner to clean
infected files. Please note that only when Scan documents on upload or Scan documents on
download is checked will the settings for a real-time scan will work.
Antivirus Time Out: Enter a number into the Time out duration box. If the time waiting for a server
response is longer than the time you specify, it will be considered as a time out.
Antivirus Threads: Enter the number of threads you wish to use when scanning into the Number of
threads text box. The more threads you allow the tool to create the faster and more efficient the
scanning will be, however, this will require more system resources.
Real-Time Scan Actions: in this area, you can specify the action that will be taken on infected files
for different file rules during a scheduled scan job.
Basic File Rule: Specifies the action to take for files with common repairable viruses. There
are two actions you can select: Repair file and allow upload/download, and Block
upload/download.
Un-repairable File Rule: Specifies the action to take for files with un-repairable viruses. There
are two actions you can select: Block upload/download, and Block upload/download and
quarantine.
Click the Save button to save the configuration.
Scheduled Scan Scheduled Scan allows you set up a plan to scan the content in specific site at a specified time. To set up a plan,
follow the steps below:
1. Navigate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint >
Scheduled Scan.
2. Enter a plan name into the provided field.
3. Clicking on the name of the farm will expand the tree further to display any sub-items.
Page | 11
4. Select the content you want to scan by checking the corresponding check-boxes.
5. You can set the scan job to run on a schedule by checking the Enable Full Schedule or Enable
Incremental Schedule check-box.
6. Using the calendar icon next to the Start Time field, select a date for the scan job to run, and then
select the time from the corresponding drop-down box.
7. Set an interval for recurring rules based on Only Once, by Minute, by Hour, by Day, by Week, or
by Month.
8. There are two scan types: Full and Incremental.
Full: This will scan all content in the specific location.
Incremental: This option scans only the changes from the previous scan job in the
specific location (including creating / updating the items).
*Note: If no full filter has been performed previously, the incremental option will perform a
full scan job by default. Although incremental scans improve performance, a full scan is
recommended whenever your Trend Micro Scan Engine receives a new virus definition
update.
9. You may enter a Description in the field provided to help distinguish this job in the report.
10. Select a scheduled scan profile from the drop-down box. It is a mandatory option.
11. Select an email profile from the drop-down box; this contains the list of profiles that you created
earlier in the Email Profiles section. This feature is optional.
Reporting After scanning the content, DocAve Antivirus will generate a report for the job. There are two kinds of
reports: Real-Time Reports and Reports for the scheduled scanning jobs.
For the Real-Time Reports, all the infected files will be listed in the report list. You can view more detailed
information of the infected files in the list.
For the Reports generated by schedule scanning jobs, all scheduled scanning jobs will be listed in it. You can
view more detailed information and the job status for the scanning plan. By clicking the job name, you can
view the detailed information of the infected files found in the job.
File Name: the name of the infected file
File Size: the size of the infected file
Virus Status: the current virus status of the file.
Scan Time: the time of the scan time
File URL: the URL of the file
File Owner: the owner of the file
Page | 12
Virus Count: the total number of the virus in the infected file
Virus Info: It includes Virus ID, Violation Name, and Count, the Virus ID and Violation Name are
defined by the scan engine, and the Count is the number of the current virus.
Copyright
2010 AvePoint, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written consent of AvePoint, 3 Second Street, Jersey City, NJ 07311, USA Trademarks AvePoint DocAve®, AvePoint logo, and AvePoint, Inc. are trademarks of AvePoint, Inc. Microsoft, MS-DOS, Internet Explorer, Microsoft Office SharePoint Servers 2007, SharePoint Portal Server 2003, Windows SharePoint Services, Windows SQL server, and Windows are either registered trademarks or trademarks of Microsoft Corporation. Adobe Acrobat and Acrobat Reader are trademarks of Adobe Systems, Inc. All other trademarks are property of their respective owners. Changes The material in this document is for information only and is subject to change without notice. While reasonable efforts
have been made in the preparation of this document to assure its accuracy, AvePoint makes no representation or
warranty, expressed or implied, as to its completeness, accuracy, or suitability, and assumes no liability resulting from
errors or omissions in this document or from the use of the information contained herein. AvePoint reserves the right to
make changes in the product design without reservation and without notification to its users.
AvePoint 3 Second Street Jersey City, NJ 07311 USA
201076.143027