Depending on your organization’s security policies the following should be considered when configuring
an anti-virus tool to work with DocuShare.
Install the anti-virus tool on the computer following a clean reboot and a full system check. Ideally this should be performed as part of the initial system installation and configuration of the operating system. The %DSHOME%\documents file directory (C:\Program Files\Xerox Corporation\DocuShare\documents on a Windows NT Server by default) contains the file repository for all files stored in DocuShare. The only change DocuShare makes to a file is the file name. Your anti-virus tool should be configured to scan ALL files and sub-directories in the %DSHOME%\documents directory.
Some anti-virus tools limit file scanning to certain file types by their extension, such as .exe, .bat, .doc, .zip, etc. Because DocuShare renames files, the anti-virus tool will not scan the files if it is configured to scan only executable files by their file type extension. Configure your anti-virus tool to check all files without regard to file extension.
When scanning the DocuShare Documents directory do NOT configure the anti-virus tool to delete or move files to a quarantine area when a virus is detected. This will cause the meta data in the database to become inconsistent with the contents of the documents repository.
Configure the anti-virus tool to Flag infected files for manual deletion. The DocuShare administrator should delete infected files using DocuShare’s dsdelete command for multiple files or the web browser interface for single files. This will maintain consistency in the database. If your security policy allows, you can set the anti-virus tool to Clean the infected files instead of flagging them for deletion. Should files accidentally be deleted contact DocuShare customer support for help in cleaning up the meta data. Anti-virus tools that run continuously in the background will affect the performance of DocuShare. If the anti-virus tool checks files inbound and outbound (upload and download), consider scanning only inbound files. This will improve performance especially if most activity is accessing or reading files from the
DocuShare server.
If the anti-virus tool has a feature for scanning each time a program is executed (called On-Access in some tools), consider excluding the DocuShare directory, with the exception of the %DSHOME/documents directory.
Anti-virus tools alone cannot secure your server from all threats. You must insure that anti-virus tools are updated regularly, especially when new threats are discovered. Also, routinely check for and apply new security patches and updates to your operating system and web server software.
Solution Published: June 27, 2016
Solution ID: 1781