Enable and Configure AV Scanning¶
CALUMO can be configured to perform either active or passive anti-virus scanning of files uploaded via the Library Drawer.
Active mode scanning is where CALUMO is configured with an external anti-virus program that will be used to scan and validate each file upload is safe.
As the result from this process is generally very quick, it is the preferred method to implement so users will not be affected by waiting for passive scanning.
To configure Active Mode, in the CALUMO Server Configuration, enable the Scan Uploaded Files option and set the Scan Uploaded Files External Executable and Scan Uploaded Files External Arguments values based on the requirments of the external anti-virus program.
To configure Active Mode, there must be an external anti-virus program that has a CLI (command line interface) that can be used trigger for a single file.
Variable replacement will be performed on the Scan Uploaded Files External Arguments at runtime to substitue in the actual filename that needs to be scanned.
@filepath@ should be used in the external arguments setting as a placeholder for the actual filename that will be passed to the CLI.
For example, if the arguments required by the CLI are:
-scan -file <some filename>
The following should be used:
-scan -file @filepath@
Example - Windows Defender¶
Windows based operating systems come with Windows Defender in-built and it has a CLI, documenation available here, that can be used to run ad-hoc scans.
To configure Windows Defender, the following settings need to be set:
- Scan Uploaded Files set to
- Scan Uploaded Files External Executable set to
C:\Program Files\Windows Defender\MpCmdRun.exe
- Scan Uploaded Files External Arguments set to
-Scan -ScanType 3 -DisableRemediation -File @filepath@
Passive mode scanning is where CALUMO relies on the anti-virus program installed on the CALUMO Webserver to detect and quarantine malicious files. To do this, CALUMO writes the file to a temporary location and then polls for the configured duration to see if the file is still there or not. If during the period, the file is no longer detected then it must have been quarantined and the file upload is aborted.
Depending on the anti-virus program used, this can sometimes take up to minute (1) to move the file to quarantine, so the duration should be configured to match the capabilities of the anti-virus program in use on the CALUMO Webserver.
With passive scanning, because of the duration setting, a successful file upload will wait for the full duration to upload, therefore it is recommened that Active Mode scanning is used.
To configure Passive Mode, in the CALUMO Server Configuration, enable the Scan Uploaded Files option and set the Scan Uploaded Files Check Duration to a value greater than the quarantine threshold for the anti-virus program that is in use on the CALUMO Webserver.
Leave the setting Scan Uploaded Files External Executable empty to ensure Passive Mode is enabled.