Anti-virus scanning in an Enterprise Content Management system is one of the often desired features, especially for ECM systems which allow access via different access paths for a number of decentralized institutions rendering a centralized IT security regime impossible. In those cases, the accuracy and even existence of client-side anti-virus software cannot be relied on. Therefore, the central ECM system should offer integration of anti-virus scanning.

While viruses can hardly spread within an ECM system, malicious software can infect client systems and may spread from improper protected clients to further systems and/or documents.

The anti-virus scanning integration has features similar to a server side anti-virus solution:

  1. reliable on-access scanning for document upload and downloads,
  2. access blocking and alerting in case a virus has been identified,
  3. on-demand scanning of folder hierarchies for searching for contaminated files in the case of diagnosed virus infections.
  4. (Administrative) access to infected files for virus cleaning and/or further analysis.

The implementation into the Open Text Content Server is both flexible configurable (e.g. it offers the possibility to use different AV scanning engines) and solid. Solid is meant in a way that there is no easy way to work around the antivirus scanner and the scanner should be active in all internal and external data access paths.

Scanning on upload and download is both possible to

  • Block malicious files from being uploaded into Content Server
  • Block access to infected files which were uploaded before the virus was integrated into the virus signature definitions.

If a virus has been identified in a document, the anti-virus scanning module blocks access to the infected document version. However, for specific administrative users there is the option to clean the document (using the clean feature of the antivirus engine if available) or to download the document for further processing (analysis and/or manual cleaning). For upload, there should not be an exception possible.

When an infected file was found, alerts should be generated. Alerts use plain e-mail delivery to users or specific IT security roles.

On demand scanning is required to identify further infected files after a contaminated document has been found. This on-demand scanning of documents is usually part of the IT security procedures and can therefore be restricted to specific user roles, too.

netea Anti-Virus Scanning for Open Text Content Server

netea Anti-Virus Scanning is an extension module for Open Text Content Server which protects your ECM system from uploads containing malware. It implements on-access scanning and on-demand scanning, providing secure up- and downloads of documents. Even when new malware (zero day) was not detected when it was uploaded, scanning on download secures users after the anti-virus signatures have been updated. As the scanning function is deeply integrated into Content Server, every upload or download is scanned, regardless of the interface which was used to ingest data or dto ownload documents.

Further the ECM administrator can restrict certain file-types or MIME-types from being uploaded, which prevents users from storing unwanted file types (like programs, zip archives, etc.) in the ECM system.

Every positive scan or blocked download / upload can be logged in the ECM audit system, further automatic alert mails can be sent to specific user groups (for example security administrators) or the affected user. The contents of the mails is generated by configurable templates.

netea Anti-Virus can integrate into a company-wide used Anti-Virus scanning solution, extending the trust of your security solution to Content Server. Integrations are possible via command scripts, specific protocols (ICAP).

netea Anti-Virus Technical Data

Supported Content Server versions16.2 – current 23.1
Operation modescan on-access, scan on-demand, configurable
Anti-Virus scanning systemintegrates into customer AVS system, Microsoft Defender, ClamAV
Operating SystemWindows Server, Linux (on request)

netea Anti-Virus Scanning for Open Text Content Server is available via the Open Text Solution Store or via netea GmbH (contact).