Managing the Antivirus Service
  • 1 Minute to read
  • Dark
    Light
  • PDF

Managing the Antivirus Service

  • Dark
    Light
  • PDF

Article Summary

Antivirus software is used to prevent malware from infecting files in the organization. CTERA Portal integrates with antivirus vendors through the ICAP protocol to ensure data protection.

To implement antivirus scanning of portal files, you require an antivirus license from CTERA Networks Ltd. Using portal subscription plans, you can activate or deactivate the antivirus feature for specific virtual portals.

When antivirus is activated, a background scan of the portal global file system is initiated. In addition, files are scanned for malware automatically and transparently, before they are downloaded from the portal.

Note

When the browser used is Google Chrome, you are notified that a download failed. With other browsers, the download is unsuccessful without a notification.

After the initial background scan, background scanning checks for files that were not previously scanned, for example, when the antivirus was disabled or not running on a server. Background scanning scans the following:

  • Files that were not previously scanned.
  • Backup folders that are not passphrase protected.
  • Cloud drive folders.

For more details about background scanning, see Background Scanning and Rescanning Files.

If an infected file is found, the infected file is quarantined so that you can determine if any action is necessary. The file is replaced by a text file with the name file_name-infected.txt where file_name is the original name of your file.

Note

If a file called file_name-infected.txt already exists, the new infected file is call file_name-infectedn.txt where n is a 1, 2, 3, etc, denoting the additional number of times an infected file with this name has been quarantined.

The text file contains information, including how the infected file was uploaded to the portal:

A file was moved to quarantine
File name: file_name
Uploaded from device: device_name
Detected threat: detected_threat

Or:

A file was moved to quarantine
File name: file_name
Uploaded via portal's UI
Detected threat: detected_threat

For example, detected_threat could be File is infected with Trojan32

Administrators can view files that are quarantined by the antivirus servers, the Cloud Drive location and the user who downloaded the files.


Was this article helpful?