Antivirus File Scanning

Antivirus software is used to prevent malware from infecting files in the organization. CTERA Portal integrates with antivirus vendors through the ICAP protocol to ensure data protection.

To implement antivirus scanning of portal files, you require an antivirus license from CTERA Networks Ltd. Using portal subscription plans, you can activate or deactivate the antivirus feature for specific virtual portals.

When antivirus is activated, files are scanned for malware automatically and transparently, before they are downloaded from the portal. Background scanning checks for files that were not previously scanned, for example, when the antivirus was disabled or not running on a server. Background scanning scans the following:

• Files that were not previously scanned.
• Backup folders that are not passphrase protected.!
• Cloud drive folders.

If an infected file is found, the infected file is quarantined so that you can determine if any action is necessary. The file is replaced by a text file with the name file_name -infected.txt . where file_name is the original name of your file.

The text file contains information, including how the infected file was uploaded to the portal:

A file was moved to quarantineFile name:

file_name Uploaded from device:

device_name Detected threat: detected_threat

Or:

A file was moved to quarantine

File name: file_name

Uploaded via portal's UI

Detected threat: detected_threat

For example, detected_threat could be File is infected with Trojan32

Virtual portal administrators can view files that are quarantined by the antivirus servers, the Cloud Drive location and the user who downloaded the files.