Product Documentation

Configure antivirus scans of uploaded files

Dec 22, 2015
StorageZones Controller installation includes several files that support antivirus scans. The files are installed by default in C:\inetpub\wwwroot\Citrix\StorageCenter\Tools\SFAntiVirus.

After you customize the configuration file and use Windows Task Scheduler to schedule the scans, as described in the following steps, each file upload request causes StorageZones Controller to queue the file for an antivirus scan. If issues are reported for a scanned file, the Folders view includes a warning icon for the file. If a user tries to download the file, a warning message appears.

The antivirus scan does not remove the file.

Prerequisite

  • If you will run virus scans (SFAntiVirus.exe) on the StorageZones Controller, make sure encryption is disabled on the controller: On the StorageZones console Configuration page, verify that the Enable Encryption check box is cleared.

To prepare the configuration for your location

  1. To run virus scans on a server other than the StorageZones Controller:
    1. Copy the folder C:\inetpub\wwwroot\Citrix\StorageCenter\Tools\SFAntiVirus to the other server.
    2. On the StorageZones Controller, open C:\inetpub\wwwroot\Citrix\StorageCenter\AppSettingsRelease.config and set QueueSDKRestricted to 0: <add key="QueueSDKRestricted" value="0" />
  2. On the server where you will run virus scans, edit SFAntiVirus.exe.config with the values for your StorageZones Controller configuration:
    1. Specify your site information for the following keys: ShareFileUrl, ZoneName, and StorageLocation.
    2. For QueueSdkUrl: If you will run virus scans on a server other than the StorageZones Controller, replace localhost with the server DNS name.
    3. For CommandFile: Specify the full path to the anti-virus software. That software must reside on the same server as the ShareFile antivirus folder.
    4. For CommandOptions and return codes: The command line settings provided in the configuration file are an example. Provide the appropriate settings for your anti-virus software and environment.
    5. For ScanFileTimeout: Larger files can take longer to scan. Tune this setting according to the file sizes expected in your storage.
    6. For EnableLogging: By default, the ShareFile antivirus log file is created where virus scans are run.
  3. In a command line window, run the following command to set up virus scans:

    SFAntiVirus.exe -register SFusername SFpassword

To create and schedule a task for virus scans

  1. Start Windows Task Scheduler and in the Actions pane click Create Task.
  2. On the General tab:
    1. Provide a meaningful Name for the task.
    2. Under Security options, click Change User or Group, and specify a Windows user to run the task. The user must have full access permission on the storage location.
    3. Select Run whether user is logged on or not. Leave the Do not store password check box cleared.
    4. Select Run with highest privileges.
    5. From the Configure for menu, select the operating system of the server where the task will be run.
  3. To create a trigger: On the Triggers tab, click New. Then, for Begin the task, choose On a schedule and specify a schedule.
  4. To create an action: On the Actions tab, click New.
    1. For Action, choose Start a program and specify the full path to the program. For example:

      C:\inetpub\wwwroot\Citrix\StorageCenter\Tools\SFAntiVirus\SFAntiVirus.exe

    2. For Start in, specify the location of SFAntiVirus.exe: c:\inetpub\wwwroot\Citrix\StorageCenter\Tools\SFAntiVirus
  5. On the Settings tab, for If the task is already running, then the following rule applies, choose Do not start a new instance.