- 05 Jul 2023
- 1 Minute to read
Managing the Antivirus Service
- Updated on 05 Jul 2023
- 1 Minute to read
Antivirus software is used to prevent malware from infecting files in the organization. CTERA Portal integrates with antivirus vendors through the ICAP protocol to ensure data protection.
To implement antivirus scanning of portal files, you require an antivirus license from CTERA Networks Ltd. Using portal subscription plans, you can activate or deactivate the antivirus feature for specific virtual portals.
When antivirus is activated, a background scan of the portal global file system is initiated. In addition, files are scanned for malware automatically and transparently, before they are downloaded from the portal.
When the browser used is Google Chrome, you are notified that a download failed. With other browsers, the download is unsuccessful without a notification.
After the inital background scan, background scanning checks for files that were not previously scanned, for example, when the antivirus was disabled or not running on a server. Background scanning scans the following:
- Files that were not previously scanned.
- Backup folders that are not passphrase protected.
- Cloud drive folders.
For more details about background scanning, see Background Scanning and Rescanning Files.
If an infected file is found, the infected file is quarantined so that you can determine if any action is necessary. The file is replaced by a text file with the name
file_name-infected.txt where file_name is the original name of your file.
If a file called
file_name-infected.txt already exists, the new infected file is call
file_name-infectedn.txt where n is a 1, 2, 3, etc, denoting the additional number of times an infected file with this name has been quarantined.
The text file contains information, including how the infected file was uploaded to the portal:
A file was moved to quarantine File name: file_name Uploaded from device: device_name Detected threat: detected_threat
A file was moved to quarantine File name: file_name Uploaded via portal's UI Detected threat: detected_threat
For example, detected_threat could be
File is infected with Trojan32
Administrators can view files that are quarantined by the antivirus servers, the Cloud Drive location and the user who downloaded the files.