Storage zones controller 6.x

Configure antivirus scans of uploaded files

January 21, 2025

Contributed by:

P P

Run SFAntivirus as a Network Service using PSExec:

Clients updating to SZ 4.2 or later with existing scheduled tasks linking to SFAntivirus need to change the user level that the tool runs at from local administrator to system network service.

To obtain Network Service Rights, use PSExec to launch PowerShell (x86) under the same user context as the storage zones controller and obtain Network Service Rights using the following command:

PsExec.exe -i -u "NT AUTHORITY\NetworkService" C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell

Use ICAP for AV scans instead of command line tools

Storage zones controller 5.3 and later support the use of the ICAP protocol with antivirus scanning platforms that have been coded to the RFC standard for ICAP. Customers can still use the CLI method if they want. This feature is supported for tenant zones as of storage zones controller 5.0.1 and later.

To enable an ICAP AV scanner on your storage zone controller, navigate to the storage zones controller configuration page.

Select the Enable Antivirus Integration check box and enter the address of your antivirus server in the ICAP RESPMOD URL field. This is the URL of the ICAP response modification service: ICAP://SERVER/RESPMOD.

Click Test Connectivity to confirm your setting.

AV command-line integration into Scan Service

Prerequisites

Before installing or upgrading storage zones controller 5.2, ensure that you stop or delete the existing command-line AV if it is running as a scheduled task or a cron.
Install .NET 4.6.2 (or later) on a host machine.

The Scan Service in the on-premises storage zones controller includes support for using a command-line AV Tool, like the Symantec command-line AV Scan. In addition, the Scan Service provides scans with ICAP supported antivirus products.

To enable this feature, change antivirus-file-scan-task:UseCommandLineScanner value to ‘true’ in the C:\ProgramData\ShareFile\StorageCenter\configs\antivirus-service.settings.json.

Command-line tool specific configuration

The upgrade or new installation of storage zones controller 6.0 includes a new configuration file:

C:\ProgramData\ShareFile\StorageCenter\configs\antivirus-service.settings.json

This file handles the necessary settings for the AV command line.

The configuration key values are explained below with example values included.

Set this point to your command-line app.

"antivirus-file-scan-task:CommandLineScannerSettings:FileToRun": "c:\\\\vscan\\scan.exe"
Check the documentation for the command-line app to see what options or switches it supports and then add them in this location.

"antivirus-file-scan-task:CommandLineScannerSettings:CommandLineParameters": "/ALL /ANALYZE /MIME/NOMEM /NORENAME /SECURE ",
Include the output values that indicate a clean scan.

""antivirus-file-scan-task:CommandLineScannerSettings:ReturnCodesForCleanFile": "0, 19",
Include output values that indicate infected file.

"antivirus-file-scan-task:CommandLineScannerSettings:ReturnCodesForInfectedFile": "12, 13",
Include output values that indicate not scanned files.

"antivirus-file-scan-task:CommandLineScannerSettings:ReturnCodesForNotScannedFile": "2, 6, 8, 15,20, 21, 102"

Notes on enforcing max file size, excluding extensions

Before version 5.2, you could not enforce extension exclusion or maximum file size enforcement on the command-line AV. You could only do so on the ICAP Scan service. With version 6.0, the same settings that applied to the ICAP scan service regarding excluded extensions and max file size in bytes apply to the AV command-line service.

These settings were named as:

antivirus-file-scan-task:ExcludedExtensions

antivirus-file-scan-task:MaxFileSize

A new installation of storage zones controller 5.2 renames these settings to the following. The renamed settings reflect the fact that they are applicable both to ICAP-based AV and to the command-line AV.

<add key="exclude-extensions" value="" />

<add key="max-file-size-bytes" value="0" />

On an upgrade, these settings are not renamed. Although manual renames work, the same settings would also work for the AV command line in addition to ICAP.

<add key="icap-exclude-extensions" value="" />

<add key="icap-max-file-size-bytes" value="0" />

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Configure antivirus scans of uploaded files

January 21, 2025

Contributed by:

P P

January 21, 2025

Contributed by:

P P

Configure antivirus scans of uploaded files

Use ICAP for AV scans instead of command line tools

AV command-line integration into Scan Service

Prerequisites

Command-line tool specific configuration

Notes on enforcing max file size, excluding extensions

In this article