Chapter 1: Configuring the SharePoint Scan Job

Applies to: Forefront Security for SharePoint

Forefront Security for SharePoint scans all documents in real time by default—that is, as they are uploaded and downloaded. Scanning file transfers in real time is one of the most effective methods for stopping the spread of infected files. It helps block worm viruses and non-cleanable viruses from being uploaded, and helps remove cleanable viruses, such as macro viruses.

But Forefront Security for SharePoint also enables you to scan newly added document libraries or to perform periodic scans of the entire environment using the Manual Scan Job. (For example, we recommend that you do a full manual scan after installing Forefront Security for SharePoint for the first time.)

Scanning manually helps ensure that document libraries are kept clean of old viruses that might not have been detected earlier, for example, because of the timing of signature updates. Furthermore, these manual scans can be used to strip documents that do not meet evolving company policies for content and document type. The Manual Scan Job also offers the opportunity to use different scan engines from the ones in use by the Realtime Scan Job.

In this chapter

Configuring the Realtime Scan Job

To configure the Realtime Scan Job

To make changes to Realtime Antivirus settings

Modifying deletion text

To modify deletion text

Configuring the Manual Scan Job

To configure the Manual Scan Job

To run the Manual Scan Job immediately

Configuring the Realtime Scan Job

Use the Realtime Scan Job to scan all files that are uploaded to or downloaded from your SharePoint server.

To configure the Realtime Scan Job

1. Under SETTINGS, click Scan Job.
   

2. Under Name, click SharePoint (Realtime Scan Job).

3. Make sure that State is set to Enabled, and that Virus Scanning is On.
   To adjust these options, under OPERATE, click Run Job where you can activate them.

   Note

   Content filtering (including Subject Line filtering) is not available for the SharePoint scan job. To create Subject Line filters, use Exchange Server 2007 Transport Policy rules.

4. The default Realtime Antivirus configuration settings offer the maximum protection for your system. (If you want to change them, see To make changes to Realtime Antivirus settings below.)

5. Click Save if you have made any changes.

To make changes to Realtime Antivirus settings

1. Follow Steps 1 through 3 in Configuring the Realtime Scan Job above.
2. Click Configure SharePoint/WSS Antivirus SETTINGS,
3. In the SharePoint Central Administration console, click the Operations tab.
   If the console is not open, you will need to open it first.
   
4. On the Antivirus page, make the changes you want.
   Note that if you clear the Attempt to clean infected documents box, Forefront Security for SharePoint will not attempt to clean the infected documents—it will just prevent them from loading.
   
5. Click OK to save your changes
6. Click Forefront Server Security to return to the Scan Job work pane.
7. Click Save.

Modifying deletion text

When Forefront Security for SharePoint blocks an infected file, it automatically replaces the contents of the file with the name of the file, the virus it was infected with, and the action taken. You can elect to use this standard deletion text:

Microsoft Forefront Security for SharePoint %State% a file since it was found to be infected.
File name: "%File%"
Virus name: "%Virus%"

Or you can change the deletion text to suit your purposes. For example, users often get nervous when they are notified that a virus has been detected in one of their files, even though the virus has been blocked. So you can customize the text in the file that replaces the blocked file—for example, “The virus has been removed and your computer has not been infected.”

Forefront Security for SharePoint also enables you to use dynamic keywords in deletion text. These are macros that gather information from the file in which the infection was found and substitute actual data for the key word. For example, the keyword &Virus& will be replaced in the file with the name of the virus. You can include other keywords that, for example, give the name of the sender (ISName for an internal sender) or recipient (ERName for an external recipient).

To modify deletion text

1. Under SETTINGS, click Scan Job, and select the scan job for which you want to modify the deletion text.
   
2. Click Deletion Text.
3. In the File Deletion Text box, enter the message you want to include.
4. To insert a dynamic keyword, right-click in the deletion text, and point to Paste Keyword.
5. Click the desired keyword from the list. Repeat to add additional dynamic keywords.
6. Click OK to close the File Detection Text box.
7. Click Save to save your changes to the deletion text.

Configuring the Manual Scan Job

Use the Manual Scan Job to scan existing or newly added document libraries.

To configure the Manual Scan Job

1. Under SETTINGS, click Scan Job.
   

2. Under Name, click SharePoint (Manual Scan Job).

3. Make sure that State is set to Enabled, and that Virus Scanning is On.
   To adjust these options, under OPERATE, click Run Job where you can activate them.

   Note

   Content Filtering (including Subject Line filtering) is not available for the SharePoint scan job. To create Subject Line filters, use Exchange Server 2007 Transport Policy rules.

4. In the tree view, select the document libraries you want to scan.

5. Click Save if you have made any changes.

To run the Manual Scan Job immediately

1. Under OPERATE, click Run Job.
   
2. Under Name, click SharePoint (Manual Scan Job).
3. Check Virus Scanning, File filtering, or Keyword filtering as appropriate.
4. To send an e-mail message to virus administrators after the scan, check Send Summary Notification.
5. Click Start.