This topic describes how to manage settings and policies in the administrator console for Anti Virus Scan (AVS).
After logging on as an administrator to my.syncplicity.com/ in a browser, the areas relevant to AVS are:
- Admin | Settings | Account Configuration | Anti Virus Scan (AVS): To configure the AVS settings.
- Admin | Policies | Policy Sets: To add or edit a policy that includes AVS policies.
For general information about settings and policies, see Company Settings and Policies.
Manage settings for AVS
When AVS is enabled, you can connect Syncplicity to an AVS engine for classification of files and control of actions within Syncplicity. Using AVS requires a company-specific storage vault with AVS configured.
Scanning status
There are three queues of files to be classified.
- The current queue of new files added or updated after AVS has been enabled or reconfigured.
- The historical queue that processes existing content in Syncplicity when AVS is activated, and all identified content when the AVS configuration is changed.
- The scan failed queue of files, for which the scan has repeatedly failed. This can be caused by a corrupted file or issues with communicating with AVS engine configured in the AVS Admin settings.
The historical queue scanning status shows an estimate of content scanned based on the current AVS configuration and the date of the oldest scanned folder. Entries in the historical queue are processed when there are no entries to process in the higher priority current queue.
The current queue scanning status shows the number of files in the current queue and the age of the oldest file. The age of the oldest file gives an indication how long it takes for a file added to Syncplicity to get classified.
The Scan Failed queue scanning status shows the number of files in the scan failed queue. Files in the Scan Failed status need to be re-uploaded or manually resubmitted for AVS scanning using the Rescan files option, after the issue is resolved.
Storage vaults
You can activate AVS for one, several, or all company-specific storage vaults. Each selected vault must have a public key configured for secure connectivity to the Syncplicity Cloud Service. If not, you will receive a validation error and must configure the public key in the vault configuration before saving the AVS configuration.
Historical scanning
Historical scanning configuration enables you to choose how much historical data in Syncplicity you want to scan when activating AVS or altering the AVS configuration. Selecting All content will scan all files in Syncplicity that are in scope based on the file type and size configurations.
Supported file types
You can limit the scope of AVS classification to specific file types defined by their file extensions. If your AVS engine can scan all content, you can select All content.
Size limitations
You can limit the scope of anti virus scanning to files that are less than the specified file size. Typically, this is to prevent scanning files that are larger than your AVS engine supports.
AVS engine configuration
Results of file classification in Syncplicity depends on the AVS engine configuration. If the AVS engine configuration changes, documents must be re-scanned to obtain their new classification under the changed configuration. Changing the AVS engine configuration triggers re-scanning of all content in Syncplicity that is within the scope of the Syncplicity AVS configuration (historical scanning, file types and size).
This part of the AVS configuration enables you to notify Syncplicity when a new AVS engine configuration is in effect.
During the AVS engine configuration, you can register a name associated with the configuration. This allows you to revert to it later. Reverting to a previous configuration prevents Syncplicity from sending for reclassification content already scanned under that AVS engine configuration.
Manage policies for AVS
When you add a policy or edit an existing one, expand the Security section to display sections for AVS controls and file re-classification.
Anti virus scan controls
You can control user behavior for AVS-classified content in Syncplicity. For files, you can individually control access based on how a user is granted access to the content.
- Access via a folder controls access to files a user can access through a synced or shared folder.
- Access via a shared link controls access to files a user can access through a named shared link.
- Create a shared link controls a user's ability to create a shared link.
- Share a folder controls the user's ability to share a folder.
For each control you can configure what the user can do.
- Allow - Permits users to access and use content without any change in behavior.
Warn - Alerts the user that an action is audited, after which they can choose to continue their action or cancel. This is initially only applicable to controlling actions through the web. - Disallow - Blocks the user from accessing the content.
The AVS controls work in with existing policy controls in Syncplicity. If a user is limited to sharing folders with internal users only, the AVS control for sharing a folder applies on top of the existing sharing control.
File re-classification
When a new file version is uploaded, you can choose whether the new version is changed to pending or retains its previous classification until the new classification result is returned from the AVS engine.
Scan files on uploading depending on type of user policy
Virus scanning can be limited to scanning files uploaded from external users, internal users, or both. If "No files will be scanned" is selected, AVS is effectively disabled.
End-user experience of AVS
When AVS policies control access to classified content, Syncplicity users are blocked from or warned before performing certain actions. Labels in the user interface inform users when files and folders are pending classification or classified as infected or clean. The classification of folders and the files and folders within determines the statuses. If all files and folders within a folder are classified as clean, the top folder is labeled clean. If any files and folders are pending classification, the top folder is pending. If any files and folders are classified as infected, the top folder's classification is infected.