In the first part of this article, I discussed how to use the simple Blocked file types feature to provide some basic security protection. Although this feature makes it very simple to provide some security, in the long run it does not provide a complete solution to protecting your servers. In this post, I will focus on SharePoint's second line of defense: built in Antivirus support.

Setup

If you look in Operations, Security Configuration, you can find the Antivirus feature.

 

If you check the Scan options here without actually installing an antivirus program, SharePoint will do nothing. This is a very bad design. Instead of gladly accepting the changes, SharePoint should let the user know that no antivirus application is installed and that these options will not do anything. An unsuspecting SharePoint admin who does not know this behavior will get a false sense of security, leading to big problems down the road.

So what SharePoint actually provides is not built in antivirus scanning, but the support to plugin your own antivirus software. Luckily for us, Microsoft recently released a beta version of the Forefront product line for SharePoint called Forefront Security for SharePoint. You might recognize the Forefront name associated with Exchange server. Now there's a version for SharePoint. This software will not only allow us to scan for viruses using multiple scanning systems, but also scan for malware!

So to actually enable antivirus scanning on your SharePoint server, the first thing you will need to do is install Forefront for SharePoint (or any other antivirus program that supports SharePoint). As you can see, Forefront's setup is really simple:

 

Once you install Forefront, the next thing you want to do is make sure it is configured properly. Use the Forefront Server Security Administrator console to configure Forefront:

 

As you can see, Forefront provides many options so it may seem daunting at first. Still it is a good idea that you review all the options to make sure you didn't miss anything.

And finally, don't forget the last step: once you've installed your antivirus scanning program, in this case Forefront, make sure to enable the scan options in SharePoint to enable scanning.

That's all you'll need to do to setup your server for antivirus protection! Can't get any simpler than this!

 

Scanning

Now let's say you want to manually scan your SharePoint installation. In the Security Administrator console, just go to the Operate section and click on the Quick Scan option. Select the sites you want to scan and hit the Start button.

 

So on Monday, Bob from Sales gets a "contract" document from a potential customer. Being the awesome team player, Bob immediately uploads the file to SharePoint to get feedback from his other team members. Uh-oh... looks like there's something wrong with the file. SharePoint shows this page when a virus is detected with an uploaded file:

 

Note that I did not really upload a virus onto our SharePoint server. My virus is just a "test" virus.

While the benefits of installing an antivirus solution into SharePoint is clear, what tradeoffs exist with having antivirus enabled? After installing Forefront, I noticed the following behavior with SharePoint:

  • Forefront takes a significant chunk of memory on the server.
  • Downloading files will takes longer.

Hopefully some of these issues is because Forefront is still in beta. Whether these tradeoffs are acceptable or not depends on your organization and your security needs. Personally I feel the need for security and protection against a virus aftermath far outweighs these tradeoffs.

So that's a quick walkthrough of antivirus support with SharePoint, more specifically the Microsoft Forefront product. As you can see, adding antivirus support into SharePoint is fairly simple, and takes security on your server to a whole new level. Combining Blocked file types along with antivirus support provides a comprehensive security protection plan for your SharePoint server to protect against those miscreants out there.