DocAve Antivirus 2.0 for Microsoft SharePoint Protect your SharePoint Farm Using the DocAve Antivirus Solution for Microsoft SharePoint

User Guide DocAve Antivirus 2.0 for Microsoft SharePoint Protect your SharePoint Farm Using the DocAve Antivirus Solution for Microsoft SharePoint Thi...
Author: Samson Walker
6 downloads 0 Views 1MB Size
User Guide DocAve Antivirus 2.0 for Microsoft SharePoint Protect your SharePoint Farm Using the DocAve Antivirus Solution for Microsoft SharePoint This document is intended for anyone wishing to familiarize themselves with the user interface and basic functionality of DocAve Antivirus, including real-time and scan-based farm protection from malicious viruses and other malware.

Page | 1

Table of Contents Table of Contents................................................................................................................................................... 2 Basic Overview ..........................................................................................................................................................3 Requirements ............................................................................................................................................................3 Supported Platforms .............................................................................................................................................3 Installation ............................................................................................................................................................ 4 Installation steps .......................................................................................................................................................4 Front-end Settings .....................................................................................................................................................4 License Management ............................................................................................................................................5 Patch Management ..............................................................................................................................................5 Setup Basics ........................................................................................................................................................... 5 Database Configuration.............................................................................................................................................5 Creating a new database ......................................................................................................................................5 Connecting to an existing database ......................................................................................................................6 General Settings .................................................................................................................................................... 6 Quarantine Settings ..................................................................................................................................................6 Log Settings ...............................................................................................................................................................7 Email Profile ..............................................................................................................................................................7 Email Settings ............................................................................................................................................................8 Editing the email template ..................................................................................... Error! Bookmark not defined. Scan Engines Management .......................................................................................................................................8 Scheduled Scan Profile ..............................................................................................................................................9 Antivirus .............................................................................................................................................................. 10 Real-Time Scan ........................................................................................................................................................10 Scheduled Scan .......................................................................................................................................................10 Reporting .................................................................................................................................................................11

Page | 2

Before You Begin Basic Overview The DocAve Antivirus for Microsoft SharePoint is used to scan content as it is uploaded as well as scanning content already existing in your SharePoint environment for viruses. It is fully integrated in SharePoint’s Central Admin, from where you can deploy and manage the filters on your SharePoint web front-end (WFE) servers easily. Access to this tool is limited to the SharePoint farm administrator.

Requirements The supported platforms and requirements for DocAve Antivirus are listed below:

Supported Platforms Like all DocAve products, Antivirus for Microsoft SharePoint is runs in a Manager/Agent configuration. This configuration requires that the Manager be installed in the SharePoint Central Administrator and the Agents deployed to all SharePoint web front-ends (WFE) where users are able to create or upload content. By ensuring that the Agents have been deployed to all WFEs you can provide full protection for your farm. The SharePoint WFE and SharePoint Central Administrator must be running on: 

Microsoft Office SharePoint Server (MOSS) 2007 or Windows SharePoint Services (WSS) v3

Page | 3



Windows Server 2003 or 2008



SQL Server 2005 or 2008



.NET Framework v2 or higher

Installation The Installation Wizard will guide you through the installation process. By following the steps below, you will have DocAve Antivirus protecting your environment very quickly.

Manager Installation Steps Ensure that the Installation Wizard is run on the SharePoint Central Admin server first. to deploy the WFE agents for this software easily from the Central Administrator.

This will allow you

Note: if you have installed the previous version of the Antivirus and Content Shield, and are now upgrading to DocAve Content Shield 1.3, please uninstall the previous version of Antivirus and Content Shield first before installing DocAve Content Shield 1.3.

1.

Download the Content Shield .ZIP file by requesting a demo version from http://www.avepoint.com/download/ or by contacting an AvePoint representative for links to this package.

2.

Unzip the package on your SharePoint Central Admin Server.

3.

Run the Setup.exe file found in the unzipped directory.

4.

Follow the steps on screen for configuring this tool. You will be asked for your name, company information, and for a directory location to install this software.

5.

After installing the tool, you will be prompted to restart IIS* in order to complete the installation. You can choose to reset IIS later by selecting No. *Note: The IIS reset does not immediately restart the IIS service, but performs a “no-force” reset of the IIS processes. Any processes currently running will be allowed to finish before this reset takes place. If you choose to reset IIS at a later time, the installation will not be completed until it is reset.

Congratulations! The SharePoint Content Shield is now installed on your environment.

Web Front-end Settings In order to protect your SharePoint environment, you need to configure DocAve Antivirus on each SharePoint web front-end server (WFE) in your environment. . The WFE will control both the scheduled scan and real-time scan of your environment.

Page | 4

1.

Navigate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint > Front-End Settings. This will list the available front-end servers in the Front-end Server list.

2.

Click on the name of the front-end server where you want to deploy DocAve Antivirus, and select Deploy Now.

License Management After installation, you must next apply the Antivirus license file for your Front-end servers. You can obtain this license from your AvePoint sales representative. To assign a license to the Front-end server, please follow the steps below: 1.

Navigate to Central Administration > Operations > DocAve Antivirus > Front-End Settings.

2.

Click the Browse button and select the license you want to apply under the License Management section.

3.

Click the Apply button, detailed information about the license will then be listed above.

4.

Select the front-end server you want to assign the license to from the front-end server List by clicking the front-end server’s name, and then clicking Assign License.

5.

After assigning a license to a front-end server, the license status of the server will change to Assigned.

Patch Management DocAve Antivirus for Microsoft SharePoint Patch Management allows you to update the current version of DocAve Antivirus from within the program. 1.

Navigate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint > Front-End Settings.

2.

Click the Browse button and select the patch you want to load under the Patch Management section.

3.

Click the Load button, the detailed information for this patch will be listed underneath.

Setup Basics Database Configuration The DocAve Antivirus for Microsoft SharePoint installation requires an application database to store its settings and configuration. You can deploy this application database to the same SQL server instance as SharePoint or to another SQL instance connected to your network. We recommended that you use the same SQL server as SharePoint.

Creating a new database To create a new database for the DocAve Antivirus for Microsoft SharePoint, follow the steps below.

Page | 5

1.

Navigate to the Central Administration -> Operations tab. Here you will see the AvePoint Tools and Services field. Click the DocAve Antivirus for Microsoft SharePoint option.

2.

If you did not specify a database for the application during installation, an interface will pop-up and prompt you to do so.

3.

Select the Create a New Database option from the Application Database Type category.

4.

Enter the database server name into the Database Server text box, and then the database name for the new database you want to create for DocAve Antivirus.

5.

Select an authentication type by checking the corresponding check-box. If you select the SQL Server Authentication option, you will need to enter the necessary information in the SQL Username and password fields.

6.

Click the Create button to create the new database for the application.

Connecting to an existing database To connect an existing database to use as the DocAve Antivirus for Microsoft SharePoint application database, follow the steps below: 1.

Navigate to the Central Administration -> Operations tab. Here you will see the AvePoint Tools and Services field. Click the DocAve Antivirus for Microsoft SharePoint option.

2.

If you did not specify a database for the application during installation, an interface will pop-up prompting you to do so.

3.

Select the Connect to an Existing Database option from the Application Database Type.

4.

Enter the database server name into the Database Server text box, and then the database name you want to create for DocAve Antivirus.

5.

Select an authentication type by checking the corresponding check-box. If you select the SQL Server Authentication option, you will need to enter the necessary information in the SQL Username and password fields.

6.

Click the Connect button.

This will connect the database to the application.

*Note: In order to protect your environment, it is recommended to create a new database by DocAve Antivirus for Microsoft SharePoint or connect to an existing database which created by another DocAve Antivirus for Microsoft SharePoint WFE installation.

General Settings This section details several important settings to configure for DocAve Antivirus for Microsoft SharePoint.

Quarantine Settings The DocAve Antivirus for Microsoft SharePoint application gives you the option of either deleting data or storing offending data in a quarantined location in your environment, preventing access to the offending content from SharePoint. Access to this location should be restricted as the contents of the quarantined location may be infected or harmful. Using these settings, you can specify the location, maximum space, time period to keep the files, the email notification and quarantine clearing options.

Page | 6

1.

Naviagate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint > Quarantine Settings.

2.

Enter a location for the quarantine into the Quarantine Path area. If the path you specify is a network path, you must specify a user account with access to that location.

3.

Set the maximum space for the quarantine, and then specify the time period to keep files in the quarantine.

4.

You may optionally select the Warning Notification option. When selected, the program will send a notification email once the capacity of the quarantine location is less than 10% of the available quarantine space.

5.

Checking the Auto Clean Quarantine option will automatically clean up the files in the quarantine location.

6.

Click the Save button to save the configration. You can go to View Quarantine to view the files in the quarantine.

Log Settings These settings allow you to configure the log level for each feature and specify the maximum storage time for the log report. After configuring these settings, click the Save button to save the settings or the Reset button to clear the configuration. *Note: If you are experiencing any issues with this product, we recommend setting all log-levels to Debug before contacting AvePoint technical support.

Email Profile This section allows you to create various email profiles containing different mailing lists, which can then be selected to receive emails after certain events. To set up an email notification profile, follow the steps below:

Page | 7

1.

Navigate to Central Administration > Operations > DocAve Antivirus > Email Profiles. From here, you can view any previously created email profiles in the left-hand column.

2.

Click the New button to create a new profile. Enter a profile name into the provided field.

3.

Enter your Microsoft Exchange Outgoing Mail Server (SMTP) and specify the corresponding port for it. The default smtpport number for most environments is 25.

4.

You must configure the Email Server Authentication authentication for your mail server.

5.

In the Sender field, enter the email address you would like the notifications to come from.

6.

Enter the recipients you would like to include in this profile under the Recipients field. Multiple recipients can be added to the recipient text box by entering each new recipient on their own line.

7.

You can click the Test button to test the configuration. If the test is successful, the recipient(s) you have specified for this profile will receive a test email message.

if you have configured any corresponding

8.

Click the Save button to save the configuration, it will now be listed under Email Profiles and can be selected to receive notifications from the DocAve Conten Shield.

*Note: Please ensure that the account used to send emails is not in the profile’s recipients list. cause an error in the messaging system.

This will

Email Settings This section is used to further customize the notifications which the recipients of an email profile will receive. Begin by selecting the desired email profile by selecting the profile from the drop-down box for each module, you can then edit the mail template for each module.

Editing the email template 1.

Navigate to Central Administration > Operations > DocAve Antivirus > Email Settings.

2.

Click the Edit Mail Template for the module you want to edit, you will be taken to the Edit Template page.

3.

Select the keywords you want to add to the subject from the first Value Keywords drop-down box, and then click the Add button, the keywords will be added into the subject.

4.

Select the keywords you want to add to the message body from the second Value Keywords drop-down box, and then click the Add button, the keywords will be added into the main body.

5.

You can then enter the content you want to view in the email.

6.

Click the OK button to save the configuration for specific feature; or the Cancel button to cancel the settings.

Scan Engines Management In this section, you can view information about the Trend Scan Engine, update the scan engine, and clear the collected statistics. By default, the scan engine is set to automatically check for scan engine updates on a schedule. You can change this by going to the Virus Signature Database Version > Update tab, and then unselecting the check-box next to Schedule. Each WFE must be able to access the Internet in order to update the scan engine. If your WFEs do not have internet access and you wish to configure a proxy server you may do so under the Settings tab. Here you can specify a Client Proxy to update the scan engine for any WFEs that cannot access the Internet. 1.

Check the User HTTP proxy server check box.

2.

Enter the IP address or the machine name of the server which you want to utilize as a proxy to update the scan engine. Please ensure this machine can access the Internet.

3.

Specify a TCP/IP port for the Scan Engine. By default, the port number is 80.

4.

Enter a username and password with the appropriate level of access to this machine.

5.

Click Ok to save the configuration, all WFEs will update the scan engine through this specified machine.

*Note: Please make sure you can connect to the machine from the Central Admin Server and all other WFEs.

Page | 8

Scheduled Scan Profile These profiles allow you to configure the basic settings for scheduled scan jobs.  Profile Name: enter a profile name for the scheduled scan profile into the provided field.  Number of Threads: this will start several threads while scanning for a virus. The scans will be faster and more efficient if you specify a higher thread number; however, this will require more system resources.  Scan File Versions: Scans all versions of the files in SharePoint if you select this option, since each SharePoint version is a unique object, it is recommended that all versions are scanned.  File Filter Policy: you can select the filter policy by clicking the corresponding radio box, and then enter the file extensions into the provided field, the files will be excluded or included from the scheduled scan job. Multiple policies can be added to the text box by entering each on a separate line. If you have selected the Exclude from file filter option, Antivirus will not scan files with the file extension in the provided field. If you select the Include in file filter option, it will only scan the files with the file extension in the provided field.  Virus Scan Action: Allows you to configure what happens to infected files for different file rules during a scheduled scan job. 



Page | 9

Basic Virus Rule: The operation specified in this field is used for the files infected with common repairable viruses. There are four actions you can select: Clean, Quarantine, Delete, and Report only. 

Clean: Cleans the infected documents by deleting the infected parts of the file.



Quarantine: Creates a .dat file and .xml file of the infected file will be created in the quarantine.



Delete: the content of the infected file will be replaced by detailed information of the job which deleted it.



Report only: Generates a report for each infected file. You can navigate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint > Reports and click on the corresponding scheduled scan job to view the reports.

Un-repairable Virus Rule: The operation specified in this field is used for the files infected with the un-repairable viruses. There are three actions you can select: Delete File, Delete File and Quarantine, and Report only. 

Delete File: Contents of the infected file will be replaced by a detailed report of the job that deleted it.



Delete File and Quarantine: Contents of the infected file will be replaced by the detailed information of the job. A corresponding .dat file and .xml file will be created in the quarantine location.



Report only: Generates a report for each infected file. You can navigate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint > Reports and click on the corresponding scheduled scan job to view the reports.

Click the Save button to save the configuration, and then the profile will be listed on the left column.

Antivirus After configuring the basic settings above, you may now configure the settings to scan files for viruses in SharePoint. DocAve Antivirus for Microsoft SharePoint allows you create rules for the scan engine which it will use to scan the content in SharePoint accordingly.

Real-Time Scan After configuring the initial settings, DocAve Antivirus will perform a real-time scan of the files in the SharePoint farm with this product deployed. There are several options you can configure for real-time scanning:  Antivirus Settings: Specifies when you want the files to be virus scanned, whether users are allowed to download infected documents, and whether you want your virus scanner to clean infected files. Please note that only when Scan documents on upload or Scan documents on download is checked will the settings for a real-time scan will work.  Antivirus Time Out: Enter a number into the Time out duration box. If the time waiting for a server response is longer than the time you specify, it will be considered as a time out.  Antivirus Threads: Enter the number of threads you wish to use when scanning into the Number of threads text box. The more threads you allow the tool to create the faster and more efficient the scanning will be, however, this will require more system resources.  Real-Time Scan Actions: in this area, you can specify the action that will be taken on infected files for different file rules during a scheduled scan job. 

Basic File Rule: Specifies the action to take for files with common repairable viruses. There are two actions you can select: Repair file and allow upload/download, and Block upload/download.



Un-repairable File Rule: Specifies the action to take for files with un-repairable viruses. There are two actions you can select: Block upload/download, and Block upload/download and quarantine.

Click the Save button to save the configuration.

Scheduled Scan Scheduled Scan allows you set up a plan to scan the content in specific site at a specified time. To set up a plan, follow the steps below:

Page | 10

1.

Navigate to Central Administration > Operations > DocAve Antivirus for Microsoft SharePoint > Scheduled Scan.

2.

Enter a plan name into the provided field.

3.

Clicking on the name of the farm will expand the tree further to display any sub-items.

4.

Select the content you want to scan by checking the corresponding check-boxes.

5.

You can set the scan job to run on a schedule by checking the Enable Full Schedule or Enable Incremental Schedule check-box.

6.

Using the calendar icon next to the Start Time field, select a date for the scan job to run, and then select the time from the corresponding drop-down box.

7.

Set an interval for recurring rules based on Only Once, by Minute, by Hour, by Day, by Week, or by Month.

8.

There are two scan types: Full and Incremental. 

Full: This will scan all content in the specific location.



Incremental: This option scans only the changes from the previous scan job in the specific location (including creating / updating the items).

*Note: If no full filter has been performed previously, the incremental option will perform a full scan job by default. Although incremental scans improve performance, a full scan is recommended whenever your Trend Micro Scan Engine receives a new virus definition update. 9.

You may enter a Description in the field provided to help distinguish this job in the report.

10. Select a scheduled scan profile from the drop-down box. It is a mandatory option. 11. Select an email profile from the drop-down box; this contains the list of profiles that you created earlier in the Email Profiles section. This feature is optional.

Reporting After scanning the content, DocAve Antivirus will generate a report for the job. There are two kinds of reports: Real-Time Reports and Reports for the scheduled scanning jobs. For the Real-Time Reports, all the infected files will be listed in the report list. You can view more detailed information of the infected files in the list. For the Reports generated by schedule scanning jobs, all scheduled scanning jobs will be listed in it. You can view more detailed information and the job status for the scanning plan. By clicking the job name, you can view the detailed information of the infected files found in the job.  File Name: the name of the infected file  File Size: the size of the infected file  Virus Status: the current virus status of the file.  Scan Time: the time of the scan time  File URL: the URL of the file  File Owner: the owner of the file

Page | 11

 Virus Count: the total number of the virus in the infected file  Virus Info: It includes Virus ID, Violation Name, and Count, the Virus ID and Violation Name are defined by the scan engine, and the Count is the number of the current virus.

Copyright 2010 AvePoint, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written consent of AvePoint, 3 Second Street, Jersey City, NJ 07311, USA Trademarks AvePoint DocAve®, AvePoint logo, and AvePoint, Inc. are trademarks of AvePoint, Inc. Microsoft, MS-DOS, Internet Explorer, Microsoft Office SharePoint Servers 2007, SharePoint Portal Server 2003, Windows SharePoint Services, Windows SQL server, and Windows are either registered trademarks or trademarks of Microsoft Corporation. Adobe Acrobat and Acrobat Reader are trademarks of Adobe Systems, Inc. All other trademarks are property of their respective owners. Changes The material in this document is for information only and is subject to change without notice. While reasonable efforts have been made in the preparation of this document to assure its accuracy, AvePoint makes no representation or warranty, expressed or implied, as to its completeness, accuracy, or suitability, and assumes no liability resulting from errors or omissions in this document or from the use of the information contained herein. AvePoint reserves the right to make changes in the product design without reservation and without notification to its users. AvePoint 3 Second Street Jersey City, NJ 07311 USA

201076.143027

Page | 12