Anti-virus scanning in an Enterprise Content Management system is one of the often desired features, especially for ECM systems which allow access via different access paths for a number of decentralized institutions rendering a centralized IT security regime impossible. In those cases, the accuracy and even existence of client-side anti-virus software cannot be relied on. Therefore, the central ECM system should offer integration of anti-virus scanning.

While viruses can hardly spread within an ECM system, malicious software can infect client systems and may spread from improper protected clients to further systems and/or documents.

The anti-virus scanning integration has features similar to a server side anti-virus solution:

  1. reliable on-access scanning for document upload and downloads,
  2. access blocking and alerting in case a virus has been identified,
  3. on-demand scanning of folder hierarchies for searching for contaminated files in the case of diagnosed virus infections.
  4. (Administrative) access to infected files for virus cleaning and/or further analysis.

The implementation into the Open Text Content Server is both flexible configurable (e.g. it offers the possibility to use different AV scanning engines) and solid. Solid is meant in a way that there is no easy way to work around the antivirus scanner and the scanner should be active in all internal and external data access paths.

Scanning on upload and download is both possible to

  • Block malicious files from being uploaded into Content Server
  • Block access to infected files which were uploaded before the virus was integrated into the virus signature definitions.

If a virus has been identified in a document, the anti-virus scanning module blocks access to the infected document version. However, for specific administrative users there is the option to clean the document (using the clean feature of the antivirus engine if available) or to download the document for further processing (analysis and/or manual cleaning). For upload, there should not be an exception possible.

When an infected file was found, alerts should be generated. Alerts use plain e-mail delivery to users or specific IT security roles.

On demand scanning is required to identify further infected files after a contaminated document has been found. This on-demand scanning of documents is usually part of the IT security procedures and can therefore be restricted to specific user roles, too.